ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: help composing security header without using a cxf/axis2 framework
Date Fri, 20 Jan 2017 11:26:36 GMT
I'd strongly encourage you to use a web services framework instead of
trying to roll your own security. Take a look at some of the CXF examples
here:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=systests/ws-security-examples;h=0c0a7a6a32f9aa27778890440e37d74afae93d11;hb=HEAD

Colm.

On Thu, Jan 19, 2017 at 10:59 PM, Devon Miller <aappddeevv@gmail.com> wrote:

> I am trying to create a SOAP security header but am having difficulty
> understanding how to create the proper crypto and other configs. I have
> attached the WSDL policy (not the entire WSDL) as well as the token request
> and response from the server and a whoami request that shows a example of
> the security header that I need to generate. The server is a WCF endpoint
> e.g. CRM system. All of the attachments are to a small virtual machine demo
> system I setup to test security processing in java. I am using wss4j 2.1.8
>
> I've gone through the wss4j tests trying to stitch together just the right
> parts as I don't need to have anything robust, just a security header that
> meets this one target. When trying to use axis2 to generate the stubs, it
> did not seem to generate the security part and I just need some code for
> the client side in a non-servlet scenario. I tried to look at rampart to
> understand it may create the config but reading that code did not help. I
> have also read through the standards but that's not helped me map it to the
> code I need.
>
> Thoughts on which wss4j tests might hold critical code for me to look at
> and cut and paste  from? For example, I've yet to figure out how to create
> the proper crypto to use with the signature, it seems all the choices use
> disk-based keystores.
>
> Thoughts?
>
>
>    val secHeader = new WSSecHeader(doc)
>     secHeader.insertSecurityHeader()
>     val timestamp = new WSSecTimestamp()
>     timestamp.setTimeToLive(3600 * 2)
>     timestamp.build(doc, secHeader)
>     val x509Data = new DOMX509Data(doc,
>       new DOMX509IssuerSerial(doc, "CN=DemoCrmServer, DC=Demo, DC=Local",
>         new
> java.math.BigInteger("825127572376036501802804159644169187033612293")))
>     // This gives me an error because I do not have a crypto.properties,
> but I just need a memory based version
>     val crypto = CryptoFactory.getInstance()
>     val signer = new WSSecSignature()
>     signer.setSigCanonicalization(WSS4JConstants.C14N_EXCL_OMIT_COMMENTS)
>     signer.setKeyIdentifierType(WSConstants.ISSUER_SERIAL)
>     // What's the right crypto?
>     val signedDoc = signer.build(doc, crypto, secHeader)
>     ...
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message