(almost done)
How to set up XML-Signature using WSS4J and Axis 1.2.1
- create a keystore file for the server
2. create a keystore (and public-key/private-key pair) for the client
keytool -genkey -alias server -dname "CN=My Server" -keypass serverKeyPW -keystore server.keystore -storepass serverStorePW
3. generate a self-signed certificate for the client (stored within the keystore)keytool -genkey -alias client1 -dname "CN=Client 1" -keypass client1KeyPW -keystore client1.keystore -storepass client1StorePW
4. export the self-signed X.509 certificatekeytool -selfcert -alias client1 -keypass client1KeyPW -keystore client1.keystore -storepass client1StorePW
5. import the certificate into the server's keystorekeytool -export -alias client1 -keystore client1.keystore -storepass client1StorePW -file client.x509
keytool -import -alias client1 -file client.x509 -keystore server.keystore -storepass serverStorePW
6. repeat the above for each client you want the server to accept signed messages from 7. add the following to the server's server-config.wsdd8. create a server-crypto.properties file with the following contents:<service name="MyWebservice" provider="java:RPC" style="document" use="literal"> <!-- WS-Security handlers --> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="action" value="Signature"/> <parameter name="actor" value="clientSig"/> <parameter name="signaturePropFile" value="server-crypto.properties" /> </handler> </requestFlow> ...
9. place the server.keystore and server-crypto.properties files in the WEB-INF/classes directory and the server-config.wsdd file in the WEB-INF directory. 10. on the client side you'll need a similar client-config.wsdd to tell Axis to generate the signatureorg.apache.ws.security.crypto.provider = org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type = jks org.apache.ws.security.crypto.merlin.keystore.password = serverStorePW org.apache.ws.security.crypto.merlin.file = server.keystore
and a similar client1-crypto.properties file to tell it what key to sign with<?xml version="1.0"?> <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/> <globalConfiguration> <requestFlow> <handler type="java:org.apache.ws.axis.security.WSDoAllSender"> <parameter name="action" value="Signature"/> <parameter name="actor" value="clientSig"/> <parameter name="user" value="client1"/> <parameter name="passwordCallbackClass" value="Client1PWCallback"/> <parameter name="signaturePropFile" value="client1-crypto.properties" /> </handler> </requestFlow> </globalConfiguration> </deployment>
11. you also need to create the password callback classes... (TODO)org.apache.ws.security.crypto.provider = org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type = jks org.apache.ws.security.crypto.merlin.keystore.password = client1StorePW org.apache.ws.security.crypto.merlin.file = client1.keystore