WSE 3.0 Client calling Webservice in Java

Tech-Archive recommends: Speed Up your PC by fixing your registry

Hello ,

How can i change the order in which the security elements appear in
the wsse:security header.

My C# webservice client is using WSE 3.0.

When i call the order in which the token appears under security header
is

wsse:Security
wsu:Timestamp - This is defaul timestamp token
wsse:Identity - A custom token
wsse:UsernameToken - An username token
xenc:EncryptedKey - X509 security token for encryption
ds:Signature - X509 securty token for signature

I want this to be changed to the order below

wsse:Security
wsu:Timestamp - This is defaul timestamp token
wsse:Identity - A custom token
xenc:EncryptedKey - X509 security token for encryption
ds:Signature - X509 securty token for signature
wsse:UsernameToken - An username token

Is this possible...

I have written a custom Custom SecurityOutputFilter but changing the
order in which the token are added does'nt help.

My code is below..

public override void SecureMessage(SoapEnvelope envelope, Security
security)
{
signatureElemId = "";
security.MustUnderstand = false;

//remove unwanted header elements
removeActionHeaders(ref envelope);

// Generate a unique ID
string bodyElemId = Guid.NewGuid().ToString();
// Add a 'wsu:Id' to the body
AddIdAttribute(envelope.Body, bodyElemId);

if (customToken != null)
security.Tokens.Add(customToken);

foreach (string subString in expTokens.Split(reqFlow))
{
if (subString.Equals("Signature"))
{
// Sign the message with the Web service's
security token.
if (signToken != null && bSign)
SignSOAPRequest(envelope,
security);
}
else if (subString.Equals("UsernameToken"))
{
// Add the username security Token
if (userToken != null)
security.Tokens.Add(userToken);
}
else if (subString.Equals("Encrypt"))
{
// Encrypt the message with the client's security
token.
if (encryptToken != null && bEncrypt)
EncryptSOAPRequest(envelope, security);
}
}

// Store the client and server security tokens in the
request state.
RequestState state = new RequestState(signToken,
encryptToken);
// Store the request state in the proxy's operation
state.
// This makes these tokens accessible when SOAP responses
are
// verified to have sufficient security requirements.
envelope.Context.OperationState.Set(state);
}

Can anyone pls help in finding a solution to this..

.

Relevant Pages

  • Re: about SecuriID on mobile devices
    ... )> implementing most security devices, ... Tokens to assert identity or status were widely used long before the ... message that mentioned Grid Cards and S/Key lists, ... Physical OTP tokens ...
    (sci.crypt)
  • Re: about SecuriID on mobile devices
    ... )> implementing most security devices, ... Tokens to assert identity or status were widely used long before the ... message that mentioned Grid Cards and S/Key lists, ... Physical OTP tokens ...
    (sci.crypt)
  • [NT] Microsoft Windows Improper Token Validation
    ... Get your security news from a reliable source. ... Access tokens contain the following information: ... a thread can impersonate a client account. ... Tokens to access network shares using UNC. ...
    (Securiteam)
  • Re: Hi-tech no panacea for ID theft woes
    ... > know a hammer from a nail when it comes to computer security. ... > measures, eg. not opening unknown attachments, not writing your pin ... includes any lists of pin/passwords and all cards (including cards ... environment and lost/stolen tokens ... ...
    (alt.computer.security)
  • [AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation
    ... AppSecInc Team SHATTER Security Advisory ... A local privilege elevation vulnerability exists on the Windows ... a thread can impersonate a client account. ... Tokens to access network shares using UNC. ...
    (Bugtraq)