[prev in list] [next in list] [prev in thread] [next in thread]
List: webservices-general
Subject: [Ws Wiki] Update of "RonReynolds/XmlSigSetup" by RonReynolds
From: Apache Wiki <wikidiffs () apache ! org>
Date: 2005-10-25 19:53:03
Message-ID: 20051025195303.27524.12899 () ajax ! apache ! org
[Download RAW message or body]
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Ws Wiki" for change \
notification.
The following page has been changed by RonReynolds:
http://wiki.apache.org/ws/RonReynolds/XmlSigSetup
New page:
(almost done)
== How to set up XML-Signature using WSS4J and Axis 1.2.1 ==
1. create a keystore file for the server {{{
keytool -genkey
-alias server
-dname "CN=My Server"
-keypass serverKeyPW
-keystore server.keystore
-storepass serverStorePW }}}
2. create a keystore (and public-key/private-key pair) for the client {{{
keytool -genkey
-alias client1
-dname "CN=Client 1"
-keypass client1KeyPW
-keystore client1.keystore
-storepass client1StorePW }}}
3. generate a self-signed certificate for the client (stored within the keystore) \
{{{ keytool -selfcert
-alias client1
-keypass client1KeyPW
-keystore client1.keystore
-storepass client1StorePW }}}
4. export the self-signed X.509 certificate {{{
keytool -export
-alias client1
-keystore client1.keystore
-storepass client1StorePW
-file client.x509 }}}
5. import the certificate into the server's keystore {{{
keytool -import
-alias client1
-file client.x509
-keystore server.keystore
-storepass serverStorePW }}}
6. repeat the above for each client you want the server to accept signed messages \
from 7. add the following to the server's server-config.wsdd {{{
<service name="MyWebservice" provider="java:RPC" style="document" use="literal">
<!-- WS-Security handlers -->
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="Signature"/>
<parameter name="actor" value="clientSig"/>
<parameter name="signaturePropFile" value="server-crypto.properties" />
</handler>
</requestFlow>
...
}}}
8. create a server-crypto.properties file with the following contents: {{{
org.apache.ws.security.crypto.provider = \
org.apache.ws.security.components.crypto.Merlin \
org.apache.ws.security.crypto.merlin.keystore.type = jks \
org.apache.ws.security.crypto.merlin.keystore.password = serverStorePW \
org.apache.ws.security.crypto.merlin.file = server.keystore }}}
9. place the server.keystore and server-crypto.properties files in the \
WEB-INF/classes directory and the server-config.wsdd file in the WEB-INF directory. \
10. on the client side you'll need a similar client-config.wsdd to tell Axis to \
generate the signature {{{ <?xml version="1.0"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/" \
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Signature"/>
<parameter name="actor" value="clientSig"/>
<parameter name="user" value="client1"/>
<parameter name="passwordCallbackClass" value="Client1PWCallback"/>
<parameter name="signaturePropFile" value="client1-crypto.properties" \
/> </handler>
</requestFlow>
</globalConfiguration>
</deployment>
}}} and a similar client1-crypto.properties file to tell it what key to sign with \
{{{ org.apache.ws.security.crypto.provider = \
org.apache.ws.security.components.crypto.Merlin \
org.apache.ws.security.crypto.merlin.keystore.type = jks \
org.apache.ws.security.crypto.merlin.keystore.password = client1StorePW \
org.apache.ws.security.crypto.merlin.file = client1.keystore }}}
11. you also need to create the password callback classes... (TODO)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic