Results 1 to 3 of 3

Thread: Wss4jSecurityInterceptor Configuration

  1. Oct 18th, 2011, 04:02 AM #1
    zuni
    zuni is offline Junior Member
    Join Date
    Sep 2011
    Posts
    5

    Default Wss4jSecurityInterceptor Configuration

    Can anybody tell me weather my Wss4jSecurityInterceptor Configuration is correct

    Wss4jSecurityInterceptor Configuration :
    Code:
    <bean id="wsClientSecurityInterceptor"
		class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
		<property name="validationActions" value="Encrypt Signature" />
		<property name="securementActions" value="Signature Encrypt" />

		<property name="securementSignatureKeyIdentifier" value="DirectReference" />
		<property name="securementUsername" value="${ks-test-My_private.alias}" /> 
		<property name="securementPassword" value="${ks-test-My-private-password}" />	
		<property name="securementSignatureCrypto" ref="ks-test-My-private" />
		<property name="securementSignatureParts" value="{Element}{}Header;{Element}{}Body" />

		<property name="securementEncryptionCrypto" ref="ks-test-public" />
		<property name="securementEncryptionUser" value="${ws.keys.test_public.alias}" />		
		<!-- <property name="securementEncryptionKeyIdentifier" value="Thumbprint" /> -->
		<property name="securementEncryptionKeyIdentifier" value="SKIKeyIdentifier" /><!-- X509SubjectKeyIdentifier -->
		<property name="securementEncryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
		<property name="securementEncryptionParts"
			value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{}Body" />
		<property name="validationSignatureCrypto" ref="ks-test-public" />
		<property name="validationDecryptionCrypto" ref="ks-test-My-private" />
	</bean>

    My WSDL is :
    Code:
    <wsp:Policy>
		<wsp:ExactlyOne>
		    <wsp:All>
		        <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
		            <wsp:Policy>
		                <sp:InitiatorToken>
		                    <wsp:Policy>
		                        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
		                            <wsp:Policy>
		                                <sp:WssX509V3Token10/>
		                            </wsp:Policy>
		                        </sp:X509Token>
		                    </wsp:Policy>
		                </sp:InitiatorToken>
		                <sp:RecipientToken>
		                    <wsp:Policy>
		                        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
		                            <wsp:Policy>
		                                <sp:WssX509V3Token10/>
		                            </wsp:Policy>
		                        </sp:X509Token>
		                    </wsp:Policy>
		                </sp:RecipientToken>
		                <sp:AlgorithmSuite>
		                    <wsp:Policy>
		                        <sp:Basic256Rsa15/>
		                    </wsp:Policy>
		                </sp:AlgorithmSuite>
		                <sp:Layout>
		                    <wsp:Policy>
		                        <sp:Strict/>
		                    </wsp:Policy>
		                </sp:Layout>
		                <sp:OnlySignEntireHeadersAndBody/>
		                <sp:EncryptSignature/>
		            </wsp:Policy>
		        </sp:AsymmetricBinding>
		        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
		            <wsp:Policy>
		                <sp:MustSupportRefKeyIdentifier/>
		                <sp:MustSupportRefEmbeddedToken/>
		                <sp:MustSupportRefIssuerSerial/>
		            </wsp:Policy>
		        </sp:Wss10>
		        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
		            <sp:Body/>
		            <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
		        </sp:SignedParts>
		        <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
		            <sp:Body/>
		        </sp:EncryptedParts>
		    </wsp:All>
		</wsp:ExactlyOne>
	</wsp:Policy>

    Kindly help me out ?
    Reply With Quote Reply With Quote
  2. Oct 18th, 2011, 08:35 PM #2
    arthomps
    arthomps is offline Senior Member
    Join Date
    Dec 2008
    Location
    New York City
    Posts
    134

    Default

    You're asking the question because you believe it isn't correct. What are your reasons for believing that?
    Andrew Thompson - Linked In
    Reply With Quote Reply With Quote
  3. Oct 19th, 2011, 01:02 AM #3
    zuni
    zuni is offline Junior Member
    Join Date
    Sep 2011
    Posts
    5

    Default

    This is because One I am unable to find some good resource where i can have detail description over securementSignatureParts , securementEncryptionParts , and how to map WSDL with Wss4jSecurityInterceptor Configuration .
    secondly the request(web service call) is returning 502 proxy error. I just want to make sure that my configuration is up to date.

    Kindly confirm me these points :
    1. wsdl has SignedParts : which i need to sign both header and body . for this <property name="securementSignatureParts" value="{Element}{}Header;{Element}{}Body" /> is it correct ?
    2. do i need to do some configuration for :
    <wsp:Policy>
    <sp:MustSupportRefKeyIdentifier/>
    <sp:MustSupportRefEmbeddedToken/>
    <sp:MustSupportRefIssuerSerial/>
    </wsp:Policy> ?

    And it is really helpful if you can provide some detail documents with example over Spring Message level security with Example

    Thanks in Advance.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules