users@jax-rpc.java.net

Re: Problem with XWS-SECURITY certificate validation

From: V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Fri, 16 Sep 2005 11:45:56 +0530

Thanks for pointing this... We will try and see if we can send you a
patch for this. A throw was missing at the place even though the
exception was being created....


Raman wrote:

> Hi All,
>
> We are using JWSDP 1.6 for our web services implementations. We are
> using XWS-SECURITY to sign the soap header from client side and verify
> it on servcer side. But we have a requirement to validate the
> certificate in soap request sent by the client, is in our server
> trust store or not. For this we are trying to use the
> CertificateValidationCallback. When I am returning false or throwing
> exception of type
> CertificateValidationCallback.CertificateValidationException from the
> validate method of implementation class for
> CertificateValidationCallback.CertificateValidator interface, XWS -
> SECURITY framework is not sending any SOAP Fault to the client the
> same thing I tried in JWSDP 1.5 it is able to return SOAP Fault to client.
>
> My Server side security configuration file is :
>
> <xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
> <xwss:Service>
> <xwss:SecurityConfiguration dumpMessages="true">
> <xwss:RequireSignature requireTimestamp="false">
> <xwss:Target type="qname">ns:ApplicationID</xwss:Target>
> </xwss:RequireSignature>
> </xwss:SecurityConfiguration>
> </xwss:Service>
> <xwss:SecurityEnvironmentHandler>
> sample.SecurityEnvironmentHandler
> </xwss:SecurityEnvironmentHandler>
> </xwss:JAXRPCSecurity>
>
> and client side configuratuion file is :
>
> <xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
> <xwss:Service>
> <xwss:SecurityConfiguration dumpMessages="true">
> <xwss:Sign includeTimestamp="false">
> <xwss:X509Token certificateAlias="xws-security-client"/>
> <xwss:CanonicalizationMethod
> algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/
> <http://www.w3.org/2001/10/xml-exc-c14n#%22/>>
> <xwss:SignatureMethod algorithm="
> http://www.w3.org/2000/09/xmldsig#dsa-sha1"/
> <http://www.w3.org/2000/09/xmldsig#dsa-sha1%22/>>
> <xwss:SignatureTarget type="qname"
> value="ns:ApplicationID">
> <xwss:DigestMethod
> algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/
> <http://www.w3.org/2000/09/xmldsig#sha1%22/>>
> <xwss:Transform algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"/
> <http://www.w3.org/2001/10/xml-exc-c14n#%22/>>
> </xwss:SignatureTarget>
> </xwss:Sign>
> </xwss:SecurityConfiguration>
> </xwss:Service>
> <xwss:SecurityEnvironmentHandler>
> sample.SecurityEnvironmentHandler
> </xwss:SecurityEnvironmentHandler>
> </xwss:JAXRPCSecurity>
>
> The SecurityEnvironmentHandler class is same as bundled with JWSDP
> 1.6 XWS-SECURITY sample.
>
>
> Thanks,
> Raman
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.