|Subject:||Re: Encrypting and Signing SOAP Messages With UsernameToken|
|From:||Vishal Mahajan (Vish...@Sun.COM)|
|Date:||Jan 27, 2005 4:54:12 am|
The code below indicates that your requirement is to be able to sign and encrypt the username token being sent along with the soap request. You can do this very easily using xws-security by associating the following security configuration file with the requester:
<xwss:UsernameToken name="m_userid" password="m_password" id="token"/>
<xwss:Sign> <Target type="uri">#token</Target> </xwss:Sign>
<xwss:Encrypt> <X509Token certificateAlias="receiver_cert_alias"/> <Target type="uri">#token</Target> </xwss:Encrypt>
For more details on the usage of security configuration files, please consult the JWSDP tutorial.
Mark Mesich wrote:
Thanks for getting back to me. In .Net you can use a UsernameToken to sign and encrypt messages as well. The following code demonstrates what I would like to do in Java. (I have changed the names of the service and methods for readability.)
// Get a reference to the service. Service service = new Service();
// Create a username token and add it to the service. UsernameToken token = new UsernameToken( m_userID, m_password, PasswordOption.SendHashed ); service.RequestSoapContext.Security.Tokens.Add(token); service.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60;
// Encrypt and sign the message with the UsernameToken. service.RequestSoapContext.Security.Elements.Add( new EncryptedData(token) ); service.RequestSoapContext.Security.Elements.Add( new MessageSignature(token) );
// Make the method call. bool result = service.MethodName( <parameters> );
-----Original Message----- From: Vishal Mahajan [mailto:Vish...@Sun.COM] Sent: Friday, January 21, 2005 7:33 AM To: use...@jwsdp.dev.java.net Subject: Re: Encrypting and Signing SOAP Messages With UsernameToken
I currently have a set of .Net/WSE2.0 based web services that require a
UsernameToken to be passed in with each request. I have been communicating with these services from both .Net and Java clients. For the Java clients I have been using JWSDP 1.4 and embedding the UsernameToken information into the SOAP message programmatically with code similar to the following:
ExportUsernameTokenFilter(SystemInfo.getUserName(), SystemInfo.getUserPassword(), true, false));
Now, I would like to enhance the security by requiring the SOAP messages to
be both signed and encrypted with the UsernameToken as well. For my .Net clients, this is pretty much a couple of lines of code. However, I am having great difficulty in figuring out whether/how this can be done for my Java clients. Is this something that is possible with JWSDP 1.4 or 1.5? If so, can someone please point me in the right direction?
I have seen examples of signing and encrypting using X.509 certificates,
but nothing about using the UsernameToken to do this.
Can you elaborate more on your requirement. What do you mean when you say - "Using UsernameToken for signing and encryption"?
I was hoping that (similar to .Net) there might be a way to add
additional filters that could sign and encrypt the messages as they go out.
Thanks for your help, Mark.