• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Rampart encrypting options: I can't encrypt parameters

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi guys, I have a Web service developed in java, deployed on Tomcat / Axis2.
Every method in the service, has "User", a class containing username and password in plain.
I need to encrypt that parameters in the SOAP request, so i engaged rampart, and seems to do the job, but using a soap monitor i noticed that the user/password parameters are in plain text, clear and unencrypted!!!
the soap request catched by soap monitor is this:





Any ideas? how can I configure rampart to encrypt that section? thanks

Enrico
 
Saloon Keeper
Posts: 7582
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The password isn't in clear text; it's digested. What are you worried about?

Update: Oh, you mean your password, not the WS-Security password. Sorry.

Update #2: It doesn't look like you're using WS-Encryption, it looks like you're using WS-Signature (which leaves the contents in clear text).
 
Enrico Viappiani
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Moores wrote:The password isn't in clear text; it's digested. What are you worried about?

Update: Oh, you mean your password, not the WS-Security password. Sorry.

Update #2: It doesn't look like you're using WS-Encryption, it looks like you're using WS-Signature (which leaves the contents in clear text).



I'm used to think that this configuration of axis2.xml was enough, but it seems that i was wrong:



thanks in advance guys!
 
Tim Moores
Saloon Keeper
Posts: 7582
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Remove the Signature item. Or do you want to sign the request?

I also noticed an introduction to Encryption with Axis at http://www.javaranch.com/journal/2008/10/Journal200810.jsp#a5
 
Enrico Viappiani
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Moores wrote:Remove the Signature item. Or do you want to sign the request?

I also noticed an introduction to Encryption with Axis at http://www.javaranch.com/journal/2008/10/Journal200810.jsp#a5



Yeah I followed that guide some months ago!

Do you think that Signature will set the Encryption apart? I'll try it..

Edit: same problem , i'm searching for a full guide on rampart options and examples, but i can't find nothing useful
 
Enrico Viappiani
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
UPDATE: Added the policy.xml file... but nothing happens..
 
Tim Moores
Saloon Keeper
Posts: 7582
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is policy.xml?

Have you gotten the example in that article to run?
 
Enrico Viappiani
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tim Moores wrote:What is policy.xml?

Have you gotten the example in that article to run?



yes, but the body is plain text as before... i opened a issues on the apache page.

policy.xml sets the policy for the client and wsp protocol.
Rampart with encrypt tag, should encrypt the body as default anyway... I'm really stuck with this, i thinks this is a pretty stupid issue, but there's no error feedback on the console, i'm literally gettin mad..
 
Enrico Viappiani
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I received an answer by JSF.
Configuration by properties is deprecated.. so i need to do that by using a policy.xml file.. but honestly i can't find nothing useful on the steps to perform to accomplish that, just a bunch on nonsense examples and nothing serious.
Which file has to be modified, which not.. great confusion.. i think i'm gonna downgrade to rampart 1 and get the project to work.
 
Enrico Viappiani
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
solved.. i was using a soap monitor that decrypt the request before that the monitor catch it.
 
reply
    Bookmark Topic Watch Topic
  • New Topic