Announcement Announcement Module
Collapse
No announcement yet.
Wss4jSecurityInterceptor Configuration Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wss4jSecurityInterceptor Configuration

    Can anybody tell me weather my Wss4jSecurityInterceptor Configuration is correct

    Wss4jSecurityInterceptor Configuration :
    Code:
    <bean id="wsClientSecurityInterceptor"
    		class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    		<property name="validationActions" value="Encrypt Signature" />
    		<property name="securementActions" value="Signature Encrypt" />
    
    		<property name="securementSignatureKeyIdentifier" value="DirectReference" />
    		<property name="securementUsername" value="${ks-test-My_private.alias}" /> 
    		<property name="securementPassword" value="${ks-test-My-private-password}" />	
    		<property name="securementSignatureCrypto" ref="ks-test-My-private" />
    		<property name="securementSignatureParts" value="{Element}{}Header;{Element}{}Body" />
    
    		<property name="securementEncryptionCrypto" ref="ks-test-public" />
    		<property name="securementEncryptionUser" value="${ws.keys.test_public.alias}" />		
    		<!-- <property name="securementEncryptionKeyIdentifier" value="Thumbprint" /> -->
    		<property name="securementEncryptionKeyIdentifier" value="SKIKeyIdentifier" /><!-- X509SubjectKeyIdentifier -->
    		<property name="securementEncryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
    		<property name="securementEncryptionParts"
    			value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{}Body" />
    		<property name="validationSignatureCrypto" ref="ks-test-public" />
    		<property name="validationDecryptionCrypto" ref="ks-test-My-private" />
    	</bean>

    My WSDL is :
    Code:
    <wsp:Policy>
    		<wsp:ExactlyOne>
    		    <wsp:All>
    		        <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
    		            <wsp:Policy>
    		                <sp:InitiatorToken>
    		                    <wsp:Policy>
    		                        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
    		                            <wsp:Policy>
    		                                <sp:WssX509V3Token10/>
    		                            </wsp:Policy>
    		                        </sp:X509Token>
    		                    </wsp:Policy>
    		                </sp:InitiatorToken>
    		                <sp:RecipientToken>
    		                    <wsp:Policy>
    		                        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
    		                            <wsp:Policy>
    		                                <sp:WssX509V3Token10/>
    		                            </wsp:Policy>
    		                        </sp:X509Token>
    		                    </wsp:Policy>
    		                </sp:RecipientToken>
    		                <sp:AlgorithmSuite>
    		                    <wsp:Policy>
    		                        <sp:Basic256Rsa15/>
    		                    </wsp:Policy>
    		                </sp:AlgorithmSuite>
    		                <sp:Layout>
    		                    <wsp:Policy>
    		                        <sp:Strict/>
    		                    </wsp:Policy>
    		                </sp:Layout>
    		                <sp:OnlySignEntireHeadersAndBody/>
    		                <sp:EncryptSignature/>
    		            </wsp:Policy>
    		        </sp:AsymmetricBinding>
    		        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
    		            <wsp:Policy>
    		                <sp:MustSupportRefKeyIdentifier/>
    		                <sp:MustSupportRefEmbeddedToken/>
    		                <sp:MustSupportRefIssuerSerial/>
    		            </wsp:Policy>
    		        </sp:Wss10>
    		        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
    		            <sp:Body/>
    		            <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
    		        </sp:SignedParts>
    		        <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
    		            <sp:Body/>
    		        </sp:EncryptedParts>
    		    </wsp:All>
    		</wsp:ExactlyOne>
    	</wsp:Policy>

    Kindly help me out ?

  • #2
    You're asking the question because you believe it isn't correct. What are your reasons for believing that?

    Comment


    • #3
      This is because One I am unable to find some good resource where i can have detail description over securementSignatureParts , securementEncryptionParts , and how to map WSDL with Wss4jSecurityInterceptor Configuration .
      secondly the request(web service call) is returning 502 proxy error. I just want to make sure that my configuration is up to date.

      Kindly confirm me these points :
      1. wsdl has SignedParts : which i need to sign both header and body . for this <property name="securementSignatureParts" value="{Element}{}Header;{Element}{}Body" /> is it correct ?
      2. do i need to do some configuration for :
      <wsp:Policy>
      <sp:MustSupportRefKeyIdentifier/>
      <sp:MustSupportRefEmbeddedToken/>
      <sp:MustSupportRefIssuerSerial/>
      </wsp:Policy> ?

      And it is really helpful if you can provide some detail documents with example over Spring Message level security with Example

      Thanks in Advance.

      Comment

      Working...
      X