Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

WSS4J with Axis Web Service

843811Jan 22 2006 — edited Jul 7 2008
Hello

I have a problem with WSS4j. The elements I want to configure are: Signature and Encryption. According to documentations and examples I've found in the internet I created client-deploy.wsdd configure file for my client and server-config.wsdd file that describes web service access rules.
Here are the most important parts of the files:
client-deploy.wsdd

(...)
<requestFlow>   
  <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
    <parameter name="action" value="Signature Encrypt"/>
    <parameter name="passwordCallbackClass" value="MyPWCallback"/>
    <parameter name="user" value="me"/>
    <parameter name="signatureKeyIdentifier" value="DirectReference" />
    <parameter name="signaturePropFile" value="crypto.properties" />
    <parameter name="encryptionUser" value="serwer"/>
  </handler>
</requestFlow>
(...)

server-config.wsdd

(...)
<requestFlow>
  <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
    <parameter name="passwordCallbackClass" value="MyPWCallback"/>
    <parameter name="action" value="Signature Encrypt"/>
    <parameter name="signaturePropFile" value="crypto.properties" />
  </handler>
</requestFlow>
(...)
And crypto.properties files for the client and serwer:

client: 
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
org.apache.ws.security.crypto.merlin.keystore.alias=me
org.apache.ws.security.crypto.merlin.file=C://client//.keystore
serwer: 
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
org.apache.ws.security.crypto.merlin.keystore.alias=serwer
org.apache.ws.security.crypto.merlin.file=C://serwer//.keystore
In client/.keystore I have keyEntry with alias "me" and trustCertEntry with alias "serwer", in serwer/,keystore I have keyEntry with alias "serwer" and trustCertEntry with alias "me".

But I does not work. I get a lot of errors, they vary depending on changes I am making in the cofinguring files. What am I doing wrong? I don;t know much about the whole certificate system, I suspect this is the reason of my collapse. I assume that keyEntry is a public and private key in one and trustCertEntry is a public key that I can verify signatures, am I right?

Help! I need to have it working on monday and I got stucked

ania
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 4 2008
Added on Jan 22 2006
#cryptography
12 comments
1,367 views