Re: Securing Axis2 REST Style Services
Hi Sanjay, I'm trying to find a place that could throw the NPE in the xmlsec-1.4.1 code. I still can't find a problem JCEMapper.loadAlgorithms() method is called with an element picked out of the config file and it should simply be able to process the rest of it without an issue. If we had line numbers it would have been very easy to spot the issue. Can you please try using this jar [1] and see whether you can reproduce this error with it? ( hopefully this is compiled with debug info). Thanks, Ruchith 1. http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta sanjay.gu...@billwiseinc.com wrote: Hi Ruchith, I am using verison 1.4.1. xmlsec-1.4.1.jar Thanks Sanjay -Original Message- From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] Sent: Wednesday, April 22, 2009 7:24 PM To: axis-user@ws.apache.org Subject: Re: Securing Axis2 REST Style Services Hi Sanjay, Which version of Apache xmlsec are you using? Thanks, Ruchith On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta sanjay.gu...@billwiseinc.com wrote: Hi Ruchith, Finally I got authentication working on rest call. I had to comment the db calls in the class that you provided to get past the db connection issue. Thank you so much for helping me out. Even though the authentication is working I get an error. See the stacktrace below. I see a jira for the same issue. Are there any side effect of this error? Thanks Sanjay http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html [FATAL] Bad: java.lang.NullPointerException at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) at org.apache.xml.security.Init.init(Unknown Source) at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) at org.apache.ws.security.WSSConfig.init(WSSConfig.java:256) at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) at org.apache.ws.security.message.WSSecBase.init(WSSecBase.java:52) at org.apache.ws.security.message.WSSecUsernameToken.init(WSSecUsernameToken.java:62) at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) java.lang.NullPointerException at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) at org.apache.xml.security.Init.init(Unknown Source) at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) at org.apache.ws.security.WSSConfig.init(WSSConfig.java:256) at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275
Re: Securing Axis2 REST Style Services
BTW ... you can also simply construct a UsernameToken element and insert the username and password as required and add it to the SOAP header with the security header, by just using axiom :-) -Ruchith On Thu, Apr 23, 2009 at 4:23 AM, Ruchith Fernando ruchith.ferna...@gmail.com wrote: Hi Sanjay, I'm trying to find a place that could throw the NPE in the xmlsec-1.4.1 code. I still can't find a problem JCEMapper.loadAlgorithms() method is called with an element picked out of the config file and it should simply be able to process the rest of it without an issue. If we had line numbers it would have been very easy to spot the issue. Can you please try using this jar [1] and see whether you can reproduce this error with it? ( hopefully this is compiled with debug info). Thanks, Ruchith 1. http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta sanjay.gu...@billwiseinc.com wrote: Hi Ruchith, I am using verison 1.4.1. xmlsec-1.4.1.jar Thanks Sanjay -Original Message- From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] Sent: Wednesday, April 22, 2009 7:24 PM To: axis-user@ws.apache.org Subject: Re: Securing Axis2 REST Style Services Hi Sanjay, Which version of Apache xmlsec are you using? Thanks, Ruchith On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta sanjay.gu...@billwiseinc.com wrote: Hi Ruchith, Finally I got authentication working on rest call. I had to comment the db calls in the class that you provided to get past the db connection issue. Thank you so much for helping me out. Even though the authentication is working I get an error. See the stacktrace below. I see a jira for the same issue. Are there any side effect of this error? Thanks Sanjay http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html [FATAL] Bad: java.lang.NullPointerException at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) at org.apache.xml.security.Init.init(Unknown Source) at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) at org.apache.ws.security.WSSConfig.init(WSSConfig.java:256) at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) at org.apache.ws.security.message.WSSecBase.init(WSSecBase.java:52) at org.apache.ws.security.message.WSSecUsernameToken.init(WSSecUsernameToken.java:62) at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) java.lang.NullPointerException at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) at org.apache.xml.security.Init.init(Unknown Source
Re: Securing Axis2 REST Style Services
) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4. Thanks Sanjay -Original Message- From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] Sent: Thursday, April 16, 2009 5:52 PM To: axis-user@ws.apache.org Subject: Re: Securing Axis2 REST Style Services Oops :-) Here you go : https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta sanjay.gu...@billwiseinc.com wrote: Hi Ruchith, Thanks for the quick reply. Could you please point me to the link that talks about this solutions. Thanks Sanjay -Original Message- From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] Sent: Thursday, April 16, 2009 4:31 PM To: axis-user@ws.apache.org Subject: Re: Securing Axis2 REST Style Services Hi, For the REST style calls you can use HTTPS + Basic Auth Have a look at this [1] handler from WSO2 WSAS. This will simply add the UsernameToken into the SOAP representation of the incoming REST request, which will be processed by Rampart (which you have already configured). Thanks, Ruchith On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta sanjay.gu...@billwiseinc.com wrote: HI, I have a POJO based services deployed in axis2 and it's working well. I have implememted the basic user/password security using rampart and it's working fine for SOAP calls. I generated the client using wsdl2java.My question is how do I secure the REST style calls. Do I need to do anything special. I need to deploy these services into production soon and any help or pointers would be greatly appreciated. Thanks Sanjay -- http://blog.ruchith.org -- http://blog.ruchith.org -- http://blog.ruchith.org
Re: Securing Axis2 REST Style Services
Hi, For the REST style calls you can use HTTPS + Basic Auth Have a look at this [1] handler from WSO2 WSAS. This will simply add the UsernameToken into the SOAP representation of the incoming REST request, which will be processed by Rampart (which you have already configured). Thanks, Ruchith On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta sanjay.gu...@billwiseinc.com wrote: HI, I have a POJO based services deployed in axis2 and it's working well. I have implememted the basic user/password security using rampart and it's working fine for SOAP calls. I generated the client using wsdl2java.My question is how do I secure the REST style calls. Do I need to do anything special. I need to deploy these services into production soon and any help or pointers would be greatly appreciated. Thanks Sanjay -- http://blog.ruchith.org
Re: Securing Axis2 REST Style Services
Oops :-) Here you go : https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta sanjay.gu...@billwiseinc.com wrote: Hi Ruchith, Thanks for the quick reply. Could you please point me to the link that talks about this solutions. Thanks Sanjay -Original Message- From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] Sent: Thursday, April 16, 2009 4:31 PM To: axis-user@ws.apache.org Subject: Re: Securing Axis2 REST Style Services Hi, For the REST style calls you can use HTTPS + Basic Auth Have a look at this [1] handler from WSO2 WSAS. This will simply add the UsernameToken into the SOAP representation of the incoming REST request, which will be processed by Rampart (which you have already configured). Thanks, Ruchith On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta sanjay.gu...@billwiseinc.com wrote: HI, I have a POJO based services deployed in axis2 and it's working well. I have implememted the basic user/password security using rampart and it's working fine for SOAP calls. I generated the client using wsdl2java.My question is how do I secure the REST style calls. Do I need to do anything special. I need to deploy these services into production soon and any help or pointers would be greatly appreciated. Thanks Sanjay -- http://blog.ruchith.org -- http://blog.ruchith.org
Re: Running rampart samples in axis2 standalone server or within Tomcat
http://wso2.org/library/knowledge-base/run-rampart-samples-apache-tomcat On Sun, Sep 14, 2008 at 8:32 AM, keith chapman [EMAIL PROTECTED] wrote: What the rampart samples will be doing is creating a service archive and dropping it into the services folder in the axis2 folder. One option will be for you to edit the ant script to copy this into the services folder in tomcat, or alternatively copy the service archive into the services folder in tomcat manually. Thanks, Keith. On Sat, Sep 13, 2008 at 11:07 AM, Shovan Kanjilal [EMAIL PROTECTED] wrote: Is there a document how to run the rampart samples within Tomcat? -- Keith Chapman Senior Software Engineer WSO2 Inc. Oxygenating the Web Service Platform. http://wso2.org/ blog: http://www.keith-chapman.org -- http://blog.ruchith.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: axis2 rampart and ws-trust
Please have a look at samples/policy/sample05 in the rampart standard binary distribution. You can subscribe and post Rampart/WS-Trust related issues to [EMAIL PROTECTED] Thanks, Ruchith On Fri, Sep 12, 2008 at 11:43 AM, Soyer, Muhammed A. [EMAIL PROTECTED] wrote: Hi, Does anybody know any links for some documentation and sample about the usage of ws-trust with axis2? I did some googling and couldn't find anything that may help me.. Thanks a lot -- http://blog.ruchith.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Rampart] Multiple Security headers in outgoning message
IMHO this is not possible right now with Rampart... and it doesn't really take the actor/role into account at the moment. Thanks, Ruchith On Fri, May 9, 2008 at 1:01 PM, Daniel Löf [EMAIL PROTECTED] wrote: Hi! I am using axis2 and Rampart 1.3 and I'm trying to construct a message = with a SOAP Header that will contain two separate security headers. For example: . . wsse:Security - wsu:Timestamp wsu:Id=Timestamp- wsu:Created2008-05-08T05:39:16Z/wsu:Created wsu:Expires2008-05-08T05:40:16Z/wsu:Expires /wsu:Timestamp /wsse:Security - wsse:Security soap:actor=. - wsu:Timestamp wsu:Id=Timestamp- wsu:Created2008-05-08T05:39:16Z/wsu:Created wsu:Expires2008-05-08T05:40:16Z/wsu:Expires /wsu:Timestamp /wsse:Security . . Is this possible at all? I do not seem to find anything that can make this work. Best Regards Daniel -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: rampart and sessions
Please have a look at policy/sample04 in the rampart distro. You can try rampart-1.4-RC2 [1] with Axis2-1.4 Thanks, Ruchith 1. http://people.apache.org/~nandana/rampart-1.4/RC2/dist/ On Thu, May 15, 2008 at 5:25 PM, Michelantonio Trizio [EMAIL PROTECTED] wrote: Hi, I'd like to know how I can make to work sessions and rampart at the same time. My problem is that I need sessions to manage servicegroup and I need cryptography. I believe I must use secure conversation, but I don't find much examples or documentation. If there is another way, I'd like to know that. Please, help me. Thanks, Mikelantonio -- It's creepy, but here we are, the Pilgrims, the crackpots of our time, trying to establish our own alternate reality. To build a world out of rocks and chaos. What it's going to be, I don't know. Even after all that rushing around, where we've ended up is the middle of nowhere in the middle of the night. And maybe knowing isn't the point. Where we're standing right now, in the ruins in the dark, what we build could be anything. [Choke - Chuck Palahniuk] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: rampart and sessions
I have not tried this ... but if you simply use message level security (not secure conversation) with soap session... it should simply work. This is because rampart simply secures each and every message according to the given policy without any concern about the session. If you can describe what you tried and the problems you faced I might be able to help. Thanks, Ruchith On Fri, May 16, 2008 at 4:45 PM, Michelantonio Trizio [EMAIL PROTECTED] wrote: Before I will make a lot of proofs, Can you say me if it is possible integrate rampart policy with soapsession? I'm trying to do that from 3 days, but I met a lot of problems. Thank you. Mikelantonio 2008/5/16 Ruchith Fernando [EMAIL PROTECTED]: Please have a look at policy/sample04 in the rampart distro. You can try rampart-1.4-RC2 [1] with Axis2-1.4 Thanks, Ruchith 1. http://people.apache.org/~nandana/rampart-1.4/RC2/dist/ On Thu, May 15, 2008 at 5:25 PM, Michelantonio Trizio [EMAIL PROTECTED] wrote: Hi, I'd like to know how I can make to work sessions and rampart at the same time. My problem is that I need sessions to manage servicegroup and I need cryptography. I believe I must use secure conversation, but I don't find much examples or documentation. If there is another way, I'd like to know that. Please, help me. Thanks, Mikelantonio -- It's creepy, but here we are, the Pilgrims, the crackpots of our time, trying to establish our own alternate reality. To build a world out of rocks and chaos. What it's going to be, I don't know. Even after all that rushing around, where we've ended up is the middle of nowhere in the middle of the night. And maybe knowing isn't the point. Where we're standing right now, in the ruins in the dark, what we build could be anything. [Choke - Chuck Palahniuk] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- It's creepy, but here we are, the Pilgrims, the crackpots of our time, trying to establish our own alternate reality. To build a world out of rocks and chaos. What it's going to be, I don't know. Even after all that rushing around, where we've ended up is the middle of nowhere in the middle of the night. And maybe knowing isn't the point. Where we're standing right now, in the ruins in the dark, what we build could be anything. [Choke - Chuck Palahniuk] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Axis2 1.4 and Rampart 1.3?
The axis2.xml of the sample needs to be updated! Thanks, Ruchith On Mon, May 5, 2008 at 6:44 PM, Savitsky, Alex [EMAIL PROTECTED] wrote: Nandana, Thanks for your suggestion, it has resolved the issue. BTW, my axis2.xml was taken directly from the example java-first-jaxws (Axis2 1.4 distro), which has the security declared in all but the OutFaultFlow phase - not sure whether this is intended or a bug... Thanks, Alex -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: May 3, 2008 1:10 AM To: axis-user@ws.apache.org Subject: Re: Axis2 1.4 and Rampart 1.3? Hi Alex, Are you using a custom axis2.xml in your scenario ? If so, can you please check that security phase is defined in phaseOrder type=OutFaultFlow . You can find the discussion about this in axis2-dev list. You have to define the security phase as the last phase in OutFaultFlow phase order. Looking at the default axis2.xml [1] will help you to do that. thanks, nandana [1] - http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/conf/axis2.xml?view=markup On 5/3/08, Savitsky, Alex [EMAIL PROTECTED] wrote: Now it doesn't deploy at all, with exception: ERROR [org.apache.axis2.deployment.ServiceDeployer] - The RecordWebService service, which is not valid, caused Did not find the desired phase 'Security' while deploying handler 'PolicyBasedSecurityOutHandler'. org.apache.axis2.phaseresolver.PhaseException: Did not find the desired phase 'Security' while deploying handler 'PolicyBasedSecurityOutHandler'. at org.apache.axis2.phaseresolver.PhaseHolder.addHandler(PhaseHolder.java:75) at org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToFlow(PhaseResolver.java:68) at org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:104) at org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:110) at org.apache.axis2.description.AxisOperation.onEngage(AxisOperation.java:158) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:490) at org.apache.axis2.description.AxisService.onEngage(AxisService.java:785) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:490) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:453) at org.apache.axis2.deployment.DeploymentEngine.fillServiceGroup(DeploymentEngine.java:552) at org.apache.axis2.deployment.DeploymentEngine.addServiceGroup(DeploymentEngine.java:499) at org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:86) at org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:136) at org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:597) at org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:144) at org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:330) at org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:227) at org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngine.java:131) at org.apache.axis2.deployment.WarBasedAxisConfigurator.loadServices(WarBasedAxisConfigurator.java:284) at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:82) at org.apache.axis2.transport.http.AxisServlet.initConfigContext(AxisServlet.java:511) at org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:431) Did the configuration steps change? In 1.3, all I had to do was to provide the policy element in services.xml, and this element seem to have the same format in 1.4 samples as in 1.3 Regards, Alex -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: May 2, 2008 2:37 PM To: axis-user@ws.apache.org Subject: Re: Axis2 1.4 and Rampart 1.3? Hi Alex, Can you try with Rampart 1.4 RC [1] ? thanks, nandana [1] - http://people.apache.org/~nandana/rampart-1.4/RC1/ On 5/3/08, Savitsky, Alex [EMAIL PROTECTED] wrote: Hi all, Does Axis2 1.4 work with Rampart 1.3? I have an existing app that works for the Axis2 1.3 and Rampart 1.3 combination, but when I upgrade server and client to 1.4, I get an exception from server: ERROR [org.apache.axis2.engine.AxisEngine] - Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-s ec ext-1.0.xsd : Security
Re: Axis2 1.4 and Rampart 1.3?
Fixed in the axis2 trunk [1] ! Thanks, Ruchith 1. http://svn.apache.org/viewvc?rev=653698view=rev On Tue, May 6, 2008 at 12:54 PM, Ruchith Fernando [EMAIL PROTECTED] wrote: The axis2.xml of the sample needs to be updated! Thanks, Ruchith On Mon, May 5, 2008 at 6:44 PM, Savitsky, Alex [EMAIL PROTECTED] wrote: Nandana, Thanks for your suggestion, it has resolved the issue. BTW, my axis2.xml was taken directly from the example java-first-jaxws (Axis2 1.4 distro), which has the security declared in all but the OutFaultFlow phase - not sure whether this is intended or a bug... Thanks, Alex -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: May 3, 2008 1:10 AM To: axis-user@ws.apache.org Subject: Re: Axis2 1.4 and Rampart 1.3? Hi Alex, Are you using a custom axis2.xml in your scenario ? If so, can you please check that security phase is defined in phaseOrder type=OutFaultFlow . You can find the discussion about this in axis2-dev list. You have to define the security phase as the last phase in OutFaultFlow phase order. Looking at the default axis2.xml [1] will help you to do that. thanks, nandana [1] - http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/conf/axis2.xml?view=markup On 5/3/08, Savitsky, Alex [EMAIL PROTECTED] wrote: Now it doesn't deploy at all, with exception: ERROR [org.apache.axis2.deployment.ServiceDeployer] - The RecordWebService service, which is not valid, caused Did not find the desired phase 'Security' while deploying handler 'PolicyBasedSecurityOutHandler'. org.apache.axis2.phaseresolver.PhaseException: Did not find the desired phase 'Security' while deploying handler 'PolicyBasedSecurityOutHandler'. at org.apache.axis2.phaseresolver.PhaseHolder.addHandler(PhaseHolder.java:75) at org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToFlow(PhaseResolver.java:68) at org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:104) at org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:110) at org.apache.axis2.description.AxisOperation.onEngage(AxisOperation.java:158) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:490) at org.apache.axis2.description.AxisService.onEngage(AxisService.java:785) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:490) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:453) at org.apache.axis2.deployment.DeploymentEngine.fillServiceGroup(DeploymentEngine.java:552) at org.apache.axis2.deployment.DeploymentEngine.addServiceGroup(DeploymentEngine.java:499) at org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:86) at org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:136) at org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:597) at org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:144) at org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:330) at org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:227) at org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngine.java:131) at org.apache.axis2.deployment.WarBasedAxisConfigurator.loadServices(WarBasedAxisConfigurator.java:284) at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:82) at org.apache.axis2.transport.http.AxisServlet.initConfigContext(AxisServlet.java:511) at org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:431) Did the configuration steps change? In 1.3, all I had to do was to provide the policy element in services.xml, and this element seem to have the same format in 1.4 samples as in 1.3 Regards, Alex -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: May 2, 2008 2:37 PM To: axis-user@ws.apache.org Subject: Re: Axis2 1.4 and Rampart 1.3? Hi Alex, Can you try with Rampart 1.4 RC [1] ? thanks, nandana [1] - http://people.apache.org/~nandana/rampart-1.4/RC1/ On 5/3/08, Savitsky, Alex [EMAIL PROTECTED] wrote: Hi all, Does Axis2 1.4 work
Re: MessageContext in handler
Why don't you use a static hook in the callback handler class itself? Thanks, Ruchith On Fri, May 2, 2008 at 7:37 AM, Parham, Clinton [EMAIL PROTECTED] wrote: Hi, I'm new to Axis2 and still trying to get comfortable with the new architecture. I have engaged the Rampart module and during CallbackHandler.handle(), I need to connect to my database to verify the password. Once verified, I would like to store the database connection (along with some other related information) for reuse later in the processing. Under heavy utilization, requesting two database connections per request starts adding up. How can I do this? MessageContext (where I stored this with Axis1) is null during CallbackHandler.handle(). I've seen other similar postings but no clear answer. Thank you. -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: can I use use rampart with JAX-WS style webservice
I haven't tried this but I think the following solution will work: - first implement lifecycle management on the service [1] - now in the init method you can get hold of the AxisService instance and then you can engage the rampart module on it. - Finally you can load the policy from a file as an org.apache.neethi.Policy object and add that to the AxisService instance as well. Now you have a WS-Sec enabled service :-) HTH Thanks, Ruchith p.s. You can also try WSO2 WSAS [2] and try the WS-Sec support available as well! 1. http://ws.apache.org/axis2/1_3/api/org/apache/axis2/service/Lifecycle.html 2. http://wso2.org/downloads/wsas On Wed, Apr 30, 2008 at 8:39 PM, [EMAIL PROTECTED] wrote: Hi I have a web service developed using jax-ws style annotations. So it does not require a services.xml, It is deployed to axis2 as jar file under WEB-INF\servicejars directory. Now if I want to secure this service using rampart how do I link the policy.xml? Where do I add the stuff such as module ref=rampart that one usually adds into services.xml ? cheers Tezcan -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart Sandesha2 Nighly Builds?
Rampart nightly builds are available here : http://people.apache.org/~ruchithf/rampart/SNAPSHOT/ These are compatible with the latest Axis2 nightly builds: http://people.apache.org/dist/axis2/nightly/ Thanks, Ruchith On Sun, Apr 13, 2008 at 10:24 PM, Sukma Agung Verdianto [EMAIL PROTECTED] wrote: Hi All, Where can I get Rampart and Sandesha2 nighly builds which is compatible with Axis2 1.3??? Regards, Sukma -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2] 1.4 RC4
#2 is sorted with https://issues.apache.org/jira/browse/AXIS2-3711 Thanks, Ruchith On Mon, Apr 7, 2008 at 3:06 PM, Amila Suriarachchi [EMAIL PROTECTED] wrote: hi dims, Sorry to mention this at this time. I had some test with the Rampart and found following issues. 1. org/apache/axis2/wsdl/codegen/extension/ModulePolicyExtension rampart need this class and this class is available with the axis2-codegen.jar. This jar is not included in the axis2.war. So can we add this jar to war as well. 2. axis2-mtompolicy-SNAPSHOT.jar rampart need this file as well. But for some reason it is not included in the distribution. thanks, Amila. On Sun, Apr 6, 2008 at 4:26 PM, Davanum Srinivas [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I've posted the RC4 here: ~ http://people.apache.org/~dims/axis2-1.4/RC4/ Notes: - - There's a text file with revision numbers that i used for all the ~ SNAPSHOTS - - There's a m2-repo.zip with all the m2 artifacts - - There's an online repo as well ~ http://people.apache.org/~dims/axis2-1.4/RC4/m2-repo/ Please kick the tires and raise JIRA's. I've cut the 1.4 Branch as well, it's here: ~ https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_4/ Thanks, dims -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Cygwin) iD8DBQFH+KxigNg6eWEDv1kRAi/AAJ4wXM8oaYG4rMiq0v4H6ljgG4744wCeMncx iURMaFeH7Sx0kKyCOSbUIao= =sDuo -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Amila Suriarachchi, WSO2 Inc. -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with SOAPHeader
Can you please try using this [1] jar ... instead of the one I sent earlier... My guess is that the earlier jar file was generated before that fix went in. Thanks, Ruchith 1. http://people.apache.org/repo/m2-snapshot-repository/org/apache/ws/commons/axiom/axiom-dom/SNAPSHOT/axiom-dom-20080310.022829-66.jar On Mon, Mar 10, 2008 at 4:00 PM, Nuria Rodríguez García [EMAIL PROTECTED] wrote: Hi Ruchith, Thank you very much for your help. I used the new jar and I included the source code too but I'm having the same problem. Is it necessary to change something in my client side? Thanks, Nuria 2008/3/7, Ruchith Fernando [EMAIL PROTECTED]: I believe there will be another release of Axiom close to the release of Axis2... maybe you will be able to try the latest axiom-dom-SNAPSHOT.jar with your project. Please try the jar file available here : http://people.apache.org/repo/m2-snapshot-repository/org/apache/ws/commons/axiom/axiom-dom/SNAPSHOT/axiom-dom-20080307.033922-64.jar Thanks, Ruchith On Fri, Mar 7, 2008 at 6:48 PM, Nuria Rodríguez García [EMAIL PROTECTED] wrote: Hi, Thank you very much. But how could I use this class in my project? Are you going to publish a new release of the axiom api? Regards, Nuria 2008/3/7, Ruchith Fernando [EMAIL PROTECTED]: Hi Nuria, This is a bug in DOOM, the AXIOM DOM implementation. I just fixed this and checked it in. [1] Thanks, Ruchith 1. http://svn.apache.org/viewvc?rev=634561view=rev On Thu, Mar 6, 2008 at 5:59 PM, Nuria Rodríguez García [EMAIL PROTECTED] wrote: Hi, I can't add information in SOAPHeader when I engage rampart and addressing module. My header is the following: soapenv:Header wsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; soapenv:mustUnderstand=1 wsu:Timestamp xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsu:Id=Timestamp-32653965 wsu:Created2008-03-06T11:37:41.497Z/wsu:Created wsu:Expires2008-03-06T11:42:41.497Z/wsu:Expires /wsu:Timestamp wsse:UsernameToken xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsu:Id=UsernameToken-11737724 wsse:Usernamealice/wsse:Username wsse:Password Type=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText;bobPW/wsse:Password /wsse:UsernameToken /wsse:Security content Attachment idAttachFile=$FILE{FileTestA.txt} nameAttachFile=FileTestA.txt/ Attachment idAttachFile=$FILE{FileTestB.txt} nameAttachFile=FileTestA.txt/ /content wsa:Tohttp://localhost:8081/axis2/services/SWASampleService/wsa:To wsa:MessageIDurn:uuid:E23726932EDEB77EB81204803460112/wsa:MessageID wsa:Actionprocess/wsa:Action /soapenv:Header I receive the following exception in server side: java.lang.NullPointerException at org.apache.axiom.soap.impl.dom.SOAPHeaderImpl.getHeaderBlocksWithNSUR I(SOAPHeaderImpl.java:244) at org.apache.rampart.RampartEngine.process(RampartEngine.java:96) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.jav a:85) at org.apache.axis2.engine.Phase.invoke(Phase.java:292) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:235) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq uest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1 21) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:237) I don't know if it is possible and I would need to know if there is a way to do it. If I engage only addressing module this works. Thanks, Nuria -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org
Re: Non-English characters problem with axis2-1.2 and rampart-1.2 module
I think this is probably due to this : [1] problem. Can you please replace your xmlsec-version.jar file with the xmlsec-1.4.1.jar from here [2] Thanks, Ruchith 1. https://issues.apache.org/jira/browse/RAMPART-101 2. http://xml.apache.org/security/dist/java-library/xml-security-bin-1_4_1.zip On Sat, Mar 8, 2008 at 1:25 PM, Uygar Yüzsüren [EMAIL PROTECTED] wrote: We apply timestamp, signature and encryption operations on messages. Below is our policy.xml file... wsp:Policy xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy; wsp:ExactlyOne wsp:All sp:AsymmetricBinding xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:InitiatorToken wsp:Policy sp:X509Token sp:IncludeToken=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient; wsp:Policy sp:WssX509V3Token10/ /wsp:Policy /sp:X509Token /wsp:Policy /sp:InitiatorToken sp:RecipientToken wsp:Policy sp:X509Token sp:IncludeToken=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never; wsp:Policy sp:WssX509V3Token10/ /wsp:Policy /sp:X509Token /wsp:Policy /sp:RecipientToken sp:AlgorithmSuite wsp:Policy sp:Basic128Rsa15/ /wsp:Policy /sp:AlgorithmSuite sp:Layout wsp:Policy sp:Strict/ /wsp:Policy /sp:Layout sp:EncryptBeforeSigning/ sp:IncludeTimestamp/ /wsp:Policy /sp:AsymmetricBinding sp:Wss10 xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:MustSupportRefKeyIdentifier/ sp:MustSupportRefEmbeddedToken/ sp:MustSupportRefIssuerSerial/ /wsp:Policy /sp:Wss10 sp:EncryptedParts xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; sp:Body/ /sp:EncryptedParts sp:SignedParts xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; sp:Body/ /sp:SignedParts rampc:RampartConfig xmlns:rampc=http://ws.apache.org/rampart/c/policy; rampc:Userclient/rampc:User rampc:TimeToLive360/rampc:TimeToLive rampc:EncryptionUserservice/rampc:EncryptionUser rampc:PasswordTypePlain/rampc:PasswordType rampc:PasswordCallbackClass/home/myhome/rampart/callback/libpwcb.so/rampc:PasswordCallbackClass rampc:ReceiverCertificate/home/myhome/keys/service.pem/rampc:ReceiverCertificate rampc:Certificate/home/myhome/keys/client.pem/rampc:Certificate rampc:PrivateKey/home/myhome/keys/client-priv.pem/rampc:PrivateKey /rampc:RampartConfig /wsp:All /wsp:ExactlyOne /wsp:Policy -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with SOAPHeader
I believe there will be another release of Axiom close to the release of Axis2... maybe you will be able to try the latest axiom-dom-SNAPSHOT.jar with your project. Please try the jar file available here : http://people.apache.org/repo/m2-snapshot-repository/org/apache/ws/commons/axiom/axiom-dom/SNAPSHOT/axiom-dom-20080307.033922-64.jar Thanks, Ruchith On Fri, Mar 7, 2008 at 6:48 PM, Nuria Rodríguez García [EMAIL PROTECTED] wrote: Hi, Thank you very much. But how could I use this class in my project? Are you going to publish a new release of the axiom api? Regards, Nuria 2008/3/7, Ruchith Fernando [EMAIL PROTECTED]: Hi Nuria, This is a bug in DOOM, the AXIOM DOM implementation. I just fixed this and checked it in. [1] Thanks, Ruchith 1. http://svn.apache.org/viewvc?rev=634561view=rev On Thu, Mar 6, 2008 at 5:59 PM, Nuria Rodríguez García [EMAIL PROTECTED] wrote: Hi, I can't add information in SOAPHeader when I engage rampart and addressing module. My header is the following: soapenv:Header wsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; soapenv:mustUnderstand=1 wsu:Timestamp xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsu:Id=Timestamp-32653965 wsu:Created2008-03-06T11:37:41.497Z/wsu:Created wsu:Expires2008-03-06T11:42:41.497Z/wsu:Expires /wsu:Timestamp wsse:UsernameToken xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsu:Id=UsernameToken-11737724 wsse:Usernamealice/wsse:Username wsse:Password Type=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText;bobPW/wsse:Password /wsse:UsernameToken /wsse:Security content Attachment idAttachFile=$FILE{FileTestA.txt} nameAttachFile=FileTestA.txt/ Attachment idAttachFile=$FILE{FileTestB.txt} nameAttachFile=FileTestA.txt/ /content wsa:Tohttp://localhost:8081/axis2/services/SWASampleService/wsa:To wsa:MessageIDurn:uuid:E23726932EDEB77EB81204803460112/wsa:MessageID wsa:Actionprocess/wsa:Action /soapenv:Header I receive the following exception in server side: java.lang.NullPointerException at org.apache.axiom.soap.impl.dom.SOAPHeaderImpl.getHeaderBlocksWithNSUR I(SOAPHeaderImpl.java:244) at org.apache.rampart.RampartEngine.process(RampartEngine.java:96) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.jav a:85) at org.apache.axis2.engine.Phase.invoke(Phase.java:292) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:235) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq uest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1 21) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:237) I don't know if it is possible and I would need to know if there is a way to do it. If I engage only addressing module this works. Thanks, Nuria -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Example policy file needed
IMHO we have to improve both Axis2 and Rampart if we are to support policy alternatives. A service can express a set of alternatives that it can handle and right now we should be able to fix Rampart to support this. However at the client side we should have some way of picking the alternative. At this point we have to decide how Axis2 client API has to behave. Thoughts? Thanks, Ruchith On Wed, Mar 5, 2008 at 8:31 PM, George Stanchev [EMAIL PROTECTED] wrote: Hi Nandana, Is that Neethi or Rampart shortcoming? I also am in need of alternative policy support for the same two token types as in Simon's message. Do you need a JIRA? Best Regards, George -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 1:31 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Currently Apache Rampart doesn't support alternative security policies for an endpoint. Current workaround is having two separate EPRs with the alternative policies. Would that suit your scenario ? If not you can try to convince the Rampart community to support alternative security policies starting a thread in the Rampart dev list. thanks, /nandana On Tue, Mar 4, 2008 at 10:58 PM, Glenn Dougherty [EMAIL PROTECTED] wrote: Nandana, et al, We are looking for a combined ws-policy example that supports both Username Token and SAML assertions. Meaning, we need to provide a service that supports the caller passing either a username token or a SAML assertion. Does anyone have an example that shows these two options within in one ws-policy file? We have not been successful in configuring the Axis2 1.3 stack for this effort. Regards, Glenn -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 3:27 AM To: axis-user@ws.apache.org Subject: Re: Example policy file needed Hi Simon, Please take a look at samples come with the Apache Rampart distribution. They contain policies that defines Sample 01 - Username Token authentication Sample 05 - SAML token thanks, nandana [1] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample01/ [2] - https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module s/ramp art-samples/policy/sample02/ On Thu, Feb 21, 2008 at 12:36 AM, Simon Nunn [EMAIL PROTECTED] wrote: I am trying to use ws-policy for my webservice. I would like for the service to receive either a saml assertion or a username token for authetication. I have been unsuccessful in getting a ws-policy configured for this. Does anyone have an example of a policy file that does this? Thanks, Simon -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-English characters problem with axis2-1.2 and rampart-1.2 module
Hi, Can you please specify the security operations you apply on the message? Thanks, Ruchith On Thu, Mar 6, 2008 at 8:02 PM, Uygar Yüzsüren [EMAIL PROTECTED] wrote: Hi everyone, We have been developing a web service for domain registration with axis2 version 1.2 and rampart security module version 1.2. The problem is that when we deploy the service with security enabled (timestamp, signature and encryption), non-english characters such as ş, Ş, ö, Ö etc. are not properly displayed at the server side, on the other hand, they are all displayed properly when we deploy without security module. We checked the configuration parameters and we use UTF-8 defaults as character encoding at both client and server sides. Could you please advice about the problem? -- http://blog.ruchith.org http://wso2.org
Re: Problem with SOAPHeader
Hi Nuria, This is a bug in DOOM, the AXIOM DOM implementation. I just fixed this and checked it in. [1] Thanks, Ruchith 1. http://svn.apache.org/viewvc?rev=634561view=rev On Thu, Mar 6, 2008 at 5:59 PM, Nuria Rodríguez García [EMAIL PROTECTED] wrote: Hi, I can't add information in SOAPHeader when I engage rampart and addressing module. My header is the following: soapenv:Header wsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; soapenv:mustUnderstand=1 wsu:Timestamp xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsu:Id=Timestamp-32653965 wsu:Created2008-03-06T11:37:41.497Z/wsu:Created wsu:Expires2008-03-06T11:42:41.497Z/wsu:Expires /wsu:Timestamp wsse:UsernameToken xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsu:Id=UsernameToken-11737724 wsse:Usernamealice/wsse:Username wsse:Password Type=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText;bobPW/wsse:Password /wsse:UsernameToken /wsse:Security content Attachment idAttachFile=$FILE{FileTestA.txt} nameAttachFile=FileTestA.txt/ Attachment idAttachFile=$FILE{FileTestB.txt} nameAttachFile=FileTestA.txt/ /content wsa:Tohttp://localhost:8081/axis2/services/SWASampleService/wsa:To wsa:MessageIDurn:uuid:E23726932EDEB77EB81204803460112/wsa:MessageID wsa:Actionprocess/wsa:Action /soapenv:Header I receive the following exception in server side: java.lang.NullPointerException at org.apache.axiom.soap.impl.dom.SOAPHeaderImpl.getHeaderBlocksWithNSUR I(SOAPHeaderImpl.java:244) at org.apache.rampart.RampartEngine.process(RampartEngine.java:96) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.jav a:85) at org.apache.axis2.engine.Phase.invoke(Phase.java:292) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:235) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq uest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1 21) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:237) I don't know if it is possible and I would need to know if there is a way to do it. If I engage only addressing module this works. Thanks, Nuria -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Error when obtaining UsernameToken information from a different class.
HI Sanjay, Your services.xml looks fine ... but the only situation that Axis2 can throw this error is when the services.xml does not specify the messageReceiver. Please check the services.xml file in your deployed service archive. Thanks, Ruchith On Tue, Mar 4, 2008 at 2:31 PM, Sanjay Vivek [EMAIL PROTECTED] wrote: Hi Nandana, I've attached the services.xml with this email. Thanks again for your help. Cheers. Regards Sanjay -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: 04 March 2008 08:11 To: axis-user@ws.apache.org Subject: Re: Error when obtaining UsernameToken information from a different class. Hi Sanjay, Can you please post the services.xml you used ? Error message says Message Receiver not found for AxisOperation: echo. It is thrown by the AxisEngine when the message receiver is null. thanks, /nandana - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: rampart decryption issue
Please specify signaturePropFile element in your inflowSecurity parameter : parameter name=InflowSecurity action itemsTimestamp Encrypt/items passwordCallbackClasstest.PasswordHandler/passwordCallbackClass decryptionPropFileclient.properties/decryptionPropFile signaturePropFile../signaturePropFile /action /parameter Thanks, Ruchith On Wed, Feb 20, 2008 at 5:42 PM, Paul Ryan [EMAIL PROTECTED] wrote: Hi, I'm attempting to call a secure web service hosted within Oracles OWSM using an Axis2 client. The client is using rampart 1.3 and wss4j 1.5.3 to handle the singing and encrypting of the SOAP message. Signing and encrypting the SOAP request works fine, the message is successfully verified and decrypted on the Oracle side but the Axis2 client seems to be having a problem decrypting the response message. I get an np exception as follows org.apache.axis2.AxisFault at org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:92) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72) at org.apache.axis2.engine.Phase.invoke(Phase.java:292) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at test.VehicleStub.getVehicle(VehicleStub.java:142) at test.VehicleTest.testgetVehicle(VehicleTest.java:35) Caused by: java.lang.NullPointerException at org.apache.ws.security.message.token.X509Security.getX509Certificate(X509Security.java:87) at org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCertificatesTokenReference(BinarySecurityTokenProcessor.java:92) at org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleToken(BinarySecurityTokenProcessor.java:74) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:284) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:206) at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:213) at org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86) ... 25 more I've debugged the code and have followed the processing from the rampart WSDoAllReceiver wss4j WSSecurityEngine wss4j BinarySecurityTokenProcessor In the BinarySecurityTokenProcessor I can see that the crypto variable is null and the decCrypto variable is set but in the following code only the crypto variable is passed to the getCertificatesTokenReference() method causing the npe. public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig config) throws WSSecurityException { this.getCertificatesTokenReference(elem, crypto); returnResults.add(0, new WSSecurityEngineResult(WSConstants.BST, this.token, this.certificates)); } private void getCertificatesTokenReference(Element elem, Crypto crypto) throws WSSecurityException { this.createSecurityToken(elem); if (token instanceof PKIPathSecurity) { this.certificates = ((PKIPathSecurity) token).getX509Certificates(false, crypto); } else if (token instanceof X509Security) { NPE X509Certificate cert = ((X509Security) token).getX509Certificate(crypto); this.certificates = new X509Certificate[1]; this.certificates[0] = cert; } } My rampart client configuration section is as follows parameter name=OutflowSecurity action itemsTimestamp Signature Encrypt/items userpaul1/user signaturePropFileclient.properties/signaturePropFile passwordCallbackClasstest.PasswordHandler/passwordCallbackClass signatureKeyIdentifierDirectReference/signatureKeyIdentifier encryptionUserpaul1/encryptionUser encryptionPropFileclient.properties/encryptionPropFile encryptionKeyIdentifierDirectReference/encryptionKeyIdentifier /action /parameter parameter name=InflowSecurity action itemsTimestamp Encrypt/items passwordCallbackClasstest.PasswordHandler/passwordCallbackClass decryptionPropFileclient.properties/decryptionPropFile /action /parameter I probably have a mis-configuration problem, any help would be welcome. Regards, Paul. -- http://blog.ruchith.org http://wso2.org
Re: SCT
Hi Hardev, Your messages exchanges sounds fine up to the point where the callback handler accesses the STS to obtain the symm key. IMHO WS-Trust doesn't provide a specific way to obtain a key at this point of a standard WS-Trust exchange. We have you use case implemented in a slightly different approach: - Client contacts the STS and obtains a SAML token to talk to a service - The STS includes a symm key encrypted for the service within the SAML token - The RSTR (response from the STS to the client) will have that *same* symm key for the client to extract - (When using Rampart/Rahas the client uses org.apache.rahas.client.STSClient which will extract this information and bundle all of it into a org.apache.rahas.Token instance) - Now this SAML token (assertion) will be added to the Security header of the message from client to service and the symm key that is associated with the SAML token will be used to encrypt/sign the message as specified by the service policy. - At the service the SAML assertion in the Security header will be processed and the symm key will be extracted. - Processing at the service will use this extracted symm key to decrypt/verify signature where necessary. A sample client that does this sort of a message exchange is available here : [1] Now ... SCT usage scenario is usually a WS-SecureConversation scenario where rampart/rahas supports the application service it self to act as an STS. In this case since the service and the STS both are the same the symm key created is known at the service, and it is not included in the SecurityContextToken (SCT) itself. Are you sure you want to use this SCT scenario in the context of WS-SecureConversation or are you looking for a pure WS-Trust scenario as I explained above. Thanks, Ruchith 1. https://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java On Sat, Feb 23, 2008 at 3:06 AM, Hardev Sian [EMAIL PROTECTED] wrote: Hi Dimuthu, I have had a look at that sample but it doesn't provide what I am looking for. My use case is that I have acquired a SCT from an STS service. I want to now embed that token in the outgoing request which can then be accessed by a callback handler. The callback handler can access the STS to get the symmetric key for that token and encrypt the outbound data with that. Similarly the callback at the handler can access the same to decrypt, the response can be handled in the same manner. I am just not familiar enough how to set the policies to achieve this. Any help in doing this is greatly appreciated. Thank you, Hardev Dimuthu Leelarathne [EMAIL PROTECTED] wrote: Hi, You can find a SCT sample inside the rampart 1.3 distribution. samples/policy/sample04 Thank you, Dimuthu On Fri, 2008-02-22 at 16:52 +1100, Hardev Sian wrote: I know that rahas has been integrated into rampart but I was interested at looking at this example : http://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java which talks about using an acquired SCT token to secure the web service requests/responses. Can anybody help in locating this or something similar. Thanks, Hardev __ Get the name you always wanted with the new y7mail email address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Get the name you always wanted with the new y7mail email address. -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: WSSecurity using Rampart and EmbeddedKey
On Jan 18, 2008 7:17 PM, Jose Luis Alba [EMAIL PROTECTED] wrote: Hi All, It's possible to encrypt a message using an embedded key (for symmetric encryption) and send that key using the transport key encryption? I don't think we can do this in the context of WS-Sec* specifications. However the standard way is to create a one time key (K) that is encrypted by the recipient's public key and that key (K) is used to encrypt the payload. Encrypted K will be included in the security header for extraction at the recipient. Thanks, Ruchith I have tried to do it with Rampart configuration using encryptionKeyIdentifierEmbeddedKeyName/encryptionKeyIdentifier but the key is not sent. Send and embedded key goes against specification? Thanks all, Jose Luis Web Revelación Yahoo! 2007: Premio Favorita del Público - ¡Vota tu preferida! -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: client for a secure conversation
[EMAIL PROTECTED] to subscribe : [EMAIL PROTECTED] Please subscribe first and then post your messages. Thanks, Ruchith On Jan 16, 2008 3:52 PM, Antonio Manuel Muñiz Martín [EMAIL PROTECTED] wrote: Which is the adderss of Rampart list? 2008/1/15, Nandana Mihindukulasooriya [EMAIL PROTECTED]: Hi Anil, I would like to get a reference to writing a client for a secure conversation using the rampart module, I saw the sample 4 in the samples with the rampart module and it does not help me show how to send multiple messages in a single secure conversation. Replied to your mail regarding this in the Rampart list. Thanks, Nandana -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [axis2] WS-Security axis2 1.3 with rampart 1.3 custom token?
Rampart should have an option for users to add custom tokens in. Please file a JIRA. https://issues.apache.org/jira/browse/RAMPART Thanks, Ruchith On Jan 9, 2008 2:59 PM, [EMAIL PROTECTED] wrote: Hi all, i'm using axis2 1.3 with rampart 1.3 for ws-security. I have a runnig exsample with UsernameToken. That's fine so far. But now i have the need to transport a custom token with wss header. I'm runnig on a IBM websphere applicationserver and must transport a LTPA token. IBM is transporting this as follows in wss header: wsse:Security soapenv:mustUnderstand=1 xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd; wsse:BinarySecurityToken xmlns:wsst=http://www.ibm.com/websphere/appserver/tokentype/5.0.2 ValueType=wsst:LTPA nwHBBZwUF+m94fAuY57oQrGFyKnIIYMM5OOlkbtMWx5yaIo= /wsse:BinarySecurityToken /wsse:Security (see http://www-128.ibm.com/developerworks/webservices/library/ws-multiport/index.html#listing3) IBM is using the BinarySecurityToken to transport there own token (the LTPA token). So my question is how to extend/use rampart to transport a cutom token myself? Regards Holger -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NoSuchMethodError when engaging Rampart.
Which version of Sandesha2 are you using? Thanks, Ruchith On Jan 8, 2008 6:42 PM, Sanjay Vivek [EMAIL PROTECTED] wrote: Hi everyone, I'm attempting to call a simple Web Service (an Echo Service) that is protected by WS-Security UsernameToken. I'm using Axis2-1.3 and Rampart 1.3. However, I'm getting the following exceptions when I try to run the client service: Exception in thread main java.lang.NoSuchMethodError: org.apache.axis2.description.PolicyInclude.getEffectivePolicy()Lorg/apac he/ws/policy/Policy; at org.apache.rampart.Rampart.engageNotify(Rampart.java:48) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescriptio n.java:454) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescriptio n.java:421) at org.apache.axis2.engine.AxisConfiguration.engageModule(AxisConfiguration .java:438) at org.apache.axis2.engine.AxisConfiguration.engageGlobalModules(AxisConfig uration.java:567) at org.apache.axis2.deployment.DeploymentEngine.engageModules(DeploymentEng ine.java:589) at org.apache.axis2.deployment.FileSystemConfigurator.engageGlobalModules(F ileSystemConfigurator.java:141) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration Context(ConfigurationContextFactory.java:77) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration ContextFromFileSystem(ConfigurationContextFactory.java:180) at org.apache.rampart.samples.EchoServiceClient.main(EchoServiceClient.java :17) I've looked around and it seems to be an exception thrown when engaging the Sandesha module. However, I'm not using Sandesha at all so I'm rather puzzled by this. Does anyone have any idea what's going on? I'm guessing it's something to do with libraries but I've all the required jars on my classpath (I hope so anyway). Any help would be greatly appreciated. Regards -- Sanjay Vivek Web Analyst Middleware Team ISS University of Newcastle Upon Tyne - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: BAY108-DAV6AE19CD9C371CBB93AB9CAE930 () phx ! gbl
On Jan 4, 2008 10:14 PM, red dog [EMAIL PROTECTED] wrote: Hi everyone, Is there any resolution to this? I'm facing the same issue and I'm using Axis 2 and rampart module 1.3. If I just send a SOAP message with an empty security header my method gets called. This is a bug in the parameter based configuration! Pleases switch to policy based configuration to aviod this. Thanks, Ruchith POST /axis2/services/sample03 HTTP/1.1 User-Agent: Axis2 SOAPAction: urn:echo Host: localhost:18088 Transfer-Encoding: chunked Content-Type: text/xml; charset=UTF-8 1ba ?xml version='1.0' encoding='UTF-8'?soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/;soapenv:Headerwsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; soapenv:mustUnderstand=1 //soapenv:Headersoapenv:Bodyns1:echo xmlns:ns1=http://sample03.samples.rampart.apache.org/xsd;param0Hello world/param0/ns1:echo/soapenv:Body/soapenv:Envelope 0 Response: HTTP/1.1 200 OK Date: Fri, 04 Jan 2008 15:59:48 GMT Server: Simple-Server/1.1 Transfer-Encoding: chunked Content-Type: text/xml; charset=UTF-8 133 ?xml version='1.0' encoding='UTF-8'?soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/;soapenv:Header /soapenv:Bodyns:echoResponse xmlns:ns=http://sample03.samples.rampart.apache.org/xsd;ns:returnHello world/ns:return/ns:echoResponse/soapenv:Body/soapenv:Envelope 0 After debugging I relized that the handle() method from the MyServiceCallbackHandler is not getting called although the handler is getting invoked (tested by adding an empty constructor to the class). Your help is much appreciated. Thank you. Looking for last minute shopping deals? Find them fast with Yahoo! Search. -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Bouncy Castle JCE provider and WSS4J
You should be able to use a provider that has support for all required algorithms. I haven't used used WSS4J with any other and I get errors due to missing algo implementations when using the default Sun JCE impls. Thanks, Ruchith On Jan 17, 2008 2:46 AM, George Stanchev [EMAIL PROTECTED] wrote: Hell, Does WSS4J have a hard dependency on Bouncycastle JCE or I can use any JCE provider (or Sun's provided)? Thanks! ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ** -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2 1.1.1] Security policy not enforced
On Jan 8, 2008 3:55 PM, Niu [EMAIL PROTECTED] wrote: Hi Ruchith, Thanks for the prompt response. I will explore on the policy based model. However, you will still post the patch solution rite? :) Yep ... will send a patch ... got to test the patch module on Aixs2/Rampart 1.1(.1). Thanks, Ruchith Thanks Best Rgds, Niu -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 08, 2008 9:17 AM To: axis-user@ws.apache.org Subject: Re: [Axis2 1.1.1] Security policy not enforced Yes ... you can move your configuration to policy based model to overcome this issue as well. Thanks, Ruchith On Jan 7, 2008 4:47 PM, Paul Fremantle [EMAIL PROTECTED] wrote: Ruchith Is it another fix to use the Policy-based model instead? Paul On Jan 7, 2008 8:54 AM, Ruchith Fernando [EMAIL PROTECTED] wrote: Hi, This is a bug in the wss4j library and it occurs when you use the parameter based configuration. This can be patched by using another handler to check the configuration and for security results. Will post this solution shortly! Thanks, Ruchith On Jan 7, 2008 12:35 PM, Niu [EMAIL PROTECTED] wrote: Hi, I am using axis2 version 1.1.1 and rampart version 1.1.1. I have a web services configured to require all incoming messages to include a Timestamp and a Signature. The implementation has been working fine for months. However, lately, I just discovered that the configuration did not actually enforce the security policy as I could just invoke the web services by sending a SOAP message with an empty Security tag in the SOAP header (like the attached SOAP message). Is this a bug or wrong configuration?? Appreciate if somebody can offer a solution. ?xml version='1.0' encoding='utf-8'? soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; xmlns:ns2=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-secext-1.0.xsd soap:Header ns2:Security soap:mustUnderstand=1/ /soap:Header soap:Body ValidateCredentialRequest xmlns=http://example.org/partnerapi/; endUserIdentifier xmlns=${NAME}/endUserIdentifier endUserPin xmlns=${PASSWORD}/endUserPin /ValidateCredentialRequest /soap:Body /soap:Envelope The following is a snapshot of my Services.xml file: serviceGroup service name=partnerapi messageReceivers messageReceiver mep=http://www.w3.org/2004/08/wsdl/in-out; class=org.example.partnerapi.PartnerapiMessageReceiverInOut/ /messageReceivers parameter name=ServiceClass locked=falseorg.example.partnerapi.PartnerapiSkeleton/parameter parameter name=InflowSecurity action itemsSignature Timestamp/items passwordCallbackClassPWCallback/passwordCallbackClass signaturePropFilesecurity.properties/signaturePropFile /action /parameter operation name=validateCredential mep=http://www.w3.org/2004/08/wsdl/in-out; actionMappingurn:validateCredential/actionMapping outputActionMappinghttp://example.org/partnerapi/partnerapiPortType/valida teCredentialResponse/outputActionMapping /operation /service /serviceGroup Thanks Best Rgds, Niu /--- \ Confidential and/ or privileged information may be contained in this e-mail and any attachments transmitted with it ('Message'). If you are not the addressee indicated in this Message (or responsible for delivery of this Message to such person),you are hereby notified that any dissemination, distribution, printing or copying of this Message or any part thereof is prohibited. Please delete this Message if received in error and advise the sender by return e-mail. Opinions, conclusions and other information in this Message that do not relate to the official business of this company shall be understood as neither given nor endorsed by this company. This mail is certified Virus Free by *ProtectNow! (InternetNow Sdn Bhd) *Scanner Engine powered by Norman Virus Control \--/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org
Re: [Axis2 1.1.1] Security policy not enforced
Hi, This is a bug in the wss4j library and it occurs when you use the parameter based configuration. This can be patched by using another handler to check the configuration and for security results. Will post this solution shortly! Thanks, Ruchith On Jan 7, 2008 12:35 PM, Niu [EMAIL PROTECTED] wrote: Hi, I am using axis2 version 1.1.1 and rampart version 1.1.1. I have a web services configured to require all incoming messages to include a Timestamp and a Signature. The implementation has been working fine for months. However, lately, I just discovered that the configuration did not actually enforce the security policy as I could just invoke the web services by sending a SOAP message with an empty Security tag in the SOAP header (like the attached SOAP message). Is this a bug or wrong configuration?? Appreciate if somebody can offer a solution. ?xml version='1.0' encoding='utf-8'? soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; xmlns:ns2=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; soap:Header ns2:Security soap:mustUnderstand=1/ /soap:Header soap:Body ValidateCredentialRequest xmlns=http://example.org/partnerapi/; endUserIdentifier xmlns=${NAME}/endUserIdentifier endUserPin xmlns=${PASSWORD}/endUserPin /ValidateCredentialRequest /soap:Body /soap:Envelope The following is a snapshot of my Services.xml file: serviceGroup service name=partnerapi messageReceivers messageReceiver mep=http://www.w3.org/2004/08/wsdl/in-out; class=org.example.partnerapi.PartnerapiMessageReceiverInOut/ /messageReceivers parameter name=ServiceClass locked=falseorg.example.partnerapi.PartnerapiSkeleton/parameter parameter name=InflowSecurity action itemsSignature Timestamp/items passwordCallbackClassPWCallback/passwordCallbackClass signaturePropFilesecurity.properties/signaturePropFile /action /parameter operation name=validateCredential mep=http://www.w3.org/2004/08/wsdl/in-out; actionMappingurn:validateCredential/actionMapping outputActionMappinghttp://example.org/partnerapi/partnerapiPortType/validateCredentialResponse/outputActionMapping /operation /service /serviceGroup Thanks Best Rgds, Niu /---\ Confidential and/ or privileged information may be contained in this e-mail and any attachments transmitted with it ('Message'). If you are not the addressee indicated in this Message (or responsible for delivery of this Message to such person),you are hereby notified that any dissemination, distribution, printing or copying of this Message or any part thereof is prohibited. Please delete this Message if received in error and advise the sender by return e-mail. Opinions, conclusions and other information in this Message that do not relate to the official business of this company shall be understood as neither given nor endorsed by this company. This mail is certified Virus Free by *ProtectNow! (InternetNow Sdn Bhd) *Scanner Engine powered by Norman Virus Control \--/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2 1.1.1] Security policy not enforced
Yes ... you can move your configuration to policy based model to overcome this issue as well. Thanks, Ruchith On Jan 7, 2008 4:47 PM, Paul Fremantle [EMAIL PROTECTED] wrote: Ruchith Is it another fix to use the Policy-based model instead? Paul On Jan 7, 2008 8:54 AM, Ruchith Fernando [EMAIL PROTECTED] wrote: Hi, This is a bug in the wss4j library and it occurs when you use the parameter based configuration. This can be patched by using another handler to check the configuration and for security results. Will post this solution shortly! Thanks, Ruchith On Jan 7, 2008 12:35 PM, Niu [EMAIL PROTECTED] wrote: Hi, I am using axis2 version 1.1.1 and rampart version 1.1.1. I have a web services configured to require all incoming messages to include a Timestamp and a Signature. The implementation has been working fine for months. However, lately, I just discovered that the configuration did not actually enforce the security policy as I could just invoke the web services by sending a SOAP message with an empty Security tag in the SOAP header (like the attached SOAP message). Is this a bug or wrong configuration?? Appreciate if somebody can offer a solution. ?xml version='1.0' encoding='utf-8'? soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; xmlns:ns2=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; soap:Header ns2:Security soap:mustUnderstand=1/ /soap:Header soap:Body ValidateCredentialRequest xmlns=http://example.org/partnerapi/; endUserIdentifier xmlns=${NAME}/endUserIdentifier endUserPin xmlns=${PASSWORD}/endUserPin /ValidateCredentialRequest /soap:Body /soap:Envelope The following is a snapshot of my Services.xml file: serviceGroup service name=partnerapi messageReceivers messageReceiver mep=http://www.w3.org/2004/08/wsdl/in-out; class=org.example.partnerapi.PartnerapiMessageReceiverInOut/ /messageReceivers parameter name=ServiceClass locked=falseorg.example.partnerapi.PartnerapiSkeleton/parameter parameter name=InflowSecurity action itemsSignature Timestamp/items passwordCallbackClassPWCallback/passwordCallbackClass signaturePropFilesecurity.properties/signaturePropFile /action /parameter operation name=validateCredential mep=http://www.w3.org/2004/08/wsdl/in-out; actionMappingurn:validateCredential/actionMapping outputActionMappinghttp://example.org/partnerapi/partnerapiPortType/validateCredentialResponse/outputActionMapping /operation /service /serviceGroup Thanks Best Rgds, Niu /---\ Confidential and/ or privileged information may be contained in this e-mail and any attachments transmitted with it ('Message'). If you are not the addressee indicated in this Message (or responsible for delivery of this Message to such person),you are hereby notified that any dissemination, distribution, printing or copying of this Message or any part thereof is prohibited. Please delete this Message if received in error and advise the sender by return e-mail. Opinions, conclusions and other information in this Message that do not relate to the official business of this company shall be understood as neither given nor endorsed by this company. This mail is certified Virus Free by *ProtectNow! (InternetNow Sdn Bhd) *Scanner Engine powered by Norman Virus Control \--/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Paul Fremantle Co-Founder and VP of Technical Sales, WSO2 OASIS WS-RX TC Co-chair blog: http://pzf.fremantle.org [EMAIL PROTECTED] Oxygenating the Web Service Platform, www.wso2.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: General security error (Unexpected number of X509Data: for Signature)
Interop problems ... You probably want to switch to using the WS-SecurityPolicy based configuration. I can assure you that Rampart + WS-SecurityPolicy interops with .NET (WCF) on WS-Security 1.0, WS-Security 1.1 and WS-SecureConversation scenarios. The test suite we used for the interop with WCF services is available here [1] where we have 66 successful scenarios on the above three specs. Thanks, Ruchith [1] https://wso2.org/repos/wso2/trunk/interop/test-suites/security On Dec 6, 2007 3:07 AM, Rachel Primrose [EMAIL PROTECTED] wrote: Right on the button - eclipse + classpaths = pain. I renamed everything to wow.whatever and now I'm onto the .NET interop problems, which I will probably be posting about when I get really stuck. Thanks so much. On Dec 5, 2007 7:46 PM, Ruchith Fernando [EMAIL PROTECTED] wrote: Yep ... everything looks fine ... However I'm wondering whether you have any other client_crypto.properties file in your classpath that causes the wrong keystore to be picked where there's no key with alias test123. Therefore can you please rename the keystore file and the .properties file and check. Thanks, Ruchith On Dec 5, 2007 5:50 AM, Rachel Primrose [EMAIL PROTECTED] wrote: Hello, I've been having trouble signing my messages as they go out, and the usual is the alias the right one solution I've been reading about does not work! Here is my keystore: Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 1 entry Alias name: test123 Creation date: 5/12/2007 Entry type: PrivateKeyEntry Certificate chain length: 3 Certificate[1]: Here is my axis2.xml security outflow: parameter name=OutflowSecurity action itemsTimestamp Signature/items usertest123/user passwordCallbackClasstest.oot.PWCallback/passwordCallbackClass signaturePropFileclient_crypto.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier parameter name=referencePropertyNames value={Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To; / parameter name=signatureParts value= {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo; {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp; / /action /parameter Here is my client_crypto.properties file: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 org.apache.ws.security.crypto.merlin.keystore.password=test org.apache.ws.security.crypto.merlin.keystore.alias=test123 org.apache.ws.security.crypto.merlin.file=oot-stage.p12 And my pwcallback class: pc.setPassword(test); The error I get is: org.apache.axis2.AxisFault: WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature); nested exception is: org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature) at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:92) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74) at org.apache.axis2.engine.Phase.invoke(Phase.java:382) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202) Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature
Re: General security error (Unexpected number of X509Data: for Signature)
/phase phase name=soapmonitorPhase/ phase name=OperationOutPhase/ !--system predefined phase-- !--these phase will run irrespective of the service-- phase name=PolicyDetermination/ phase name=MessageOut/ phase name=Security/ /phaseOrder As always, any help is appreciated. Thanks. - Rachel On Dec 6, 2007 1:45 PM, Ruchith Fernando [EMAIL PROTECTED] wrote: Interop problems ... You probably want to switch to using the WS-SecurityPolicy based configuration. I can assure you that Rampart + WS-SecurityPolicy interops with .NET (WCF) on WS-Security 1.0, WS-Security 1.1 and WS-SecureConversation scenarios. The test suite we used for the interop with WCF services is available here [1] where we have 66 successful scenarios on the above three specs. Thanks, Ruchith [1] https://wso2.org/repos/wso2/trunk/interop/test-suites/security On Dec 6, 2007 3:07 AM, Rachel Primrose [EMAIL PROTECTED] wrote: Right on the button - eclipse + classpaths = pain. I renamed everything to wow.whatever and now I'm onto the .NET interop problems, which I will probably be posting about when I get really stuck. Thanks so much. On Dec 5, 2007 7:46 PM, Ruchith Fernando [EMAIL PROTECTED] wrote: Yep ... everything looks fine ... However I'm wondering whether you have any other client_crypto.properties file in your classpath that causes the wrong keystore to be picked where there's no key with alias test123. Therefore can you please rename the keystore file and the .properties file and check. Thanks, Ruchith On Dec 5, 2007 5:50 AM, Rachel Primrose [EMAIL PROTECTED] wrote: Hello, I've been having trouble signing my messages as they go out, and the usual is the alias the right one solution I've been reading about does not work! Here is my keystore: Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 1 entry Alias name: test123 Creation date: 5/12/2007 Entry type: PrivateKeyEntry Certificate chain length: 3 Certificate[1]: Here is my axis2.xml security outflow: parameter name=OutflowSecurity action itemsTimestamp Signature/items usertest123/user passwordCallbackClasstest.oot.PWCallback/passwordCallbackClass signaturePropFileclient_crypto.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier parameter name=referencePropertyNames value={Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To; / parameter name=signatureParts value= {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo; {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp; / /action /parameter Here is my client_crypto.properties file: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 org.apache.ws.security.crypto.merlin.keystore.password=test org.apache.ws.security.crypto.merlin.keystore.alias=test123 org.apache.ws.security.crypto.merlin.file=oot-stage.p12 And my pwcallback class: pc.setPassword(test); The error I get is: org.apache.axis2.AxisFault: WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature); nested exception is: org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature) at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:92) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74
Re: General security error (Unexpected number of X509Data: for Signature)
Yep ... everything looks fine ... However I'm wondering whether you have any other client_crypto.properties file in your classpath that causes the wrong keystore to be picked where there's no key with alias test123. Therefore can you please rename the keystore file and the .properties file and check. Thanks, Ruchith On Dec 5, 2007 5:50 AM, Rachel Primrose [EMAIL PROTECTED] wrote: Hello, I've been having trouble signing my messages as they go out, and the usual is the alias the right one solution I've been reading about does not work! Here is my keystore: Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 1 entry Alias name: test123 Creation date: 5/12/2007 Entry type: PrivateKeyEntry Certificate chain length: 3 Certificate[1]: Here is my axis2.xml security outflow: parameter name=OutflowSecurity action itemsTimestamp Signature/items usertest123/user passwordCallbackClasstest.oot.PWCallback/passwordCallbackClass signaturePropFileclient_crypto.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier parameter name=referencePropertyNames value={Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To; / parameter name=signatureParts value= {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From; {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo; {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp; / /action /parameter Here is my client_crypto.properties file: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 org.apache.ws.security.crypto.merlin.keystore.password=test org.apache.ws.security.crypto.merlin.keystore.alias=test123 org.apache.ws.security.crypto.merlin.file=oot-stage.p12 And my pwcallback class: pc.setPassword(test); The error I get is: org.apache.axis2.AxisFault: WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature); nested exception is: org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature) at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:92) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74) at org.apache.axis2.engine.Phase.invoke(Phase.java:382) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202) Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature) at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192) at org.apache.rampart.handler.WSDoAllSender.processBasic(WSDoAllSender.java:254) at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:86) ... 8 more And when I set level=DEBUG in my log4j.properties: 985 [main] DEBUG org.apache.ws.security.util.Loader - Trying to find [client_crypto.properties] using [EMAIL PROTECTED] class loader. 1000 [main] DEBUG org.apache.ws.security.components.crypto.CryptoFactory - Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin] 1000 [main] DEBUG org.apache.ws.security.util.Loader - Trying to find [oot-stage.p12] using [EMAIL PROTECTED] class loader. 1000 [main] DEBUG org.apache.ws.security.util.Loader - Trying to find [oot-stage.p12] using [EMAIL PROTECTED] class loader. 1000 [main] DEBUG org.apache.ws.security.util.Loader - Trying to find
Re: org.apache.axis2.deployment.DeploymentException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix wsp
Hi, Please send your services.xml file used in the service archive. Seems like the you are missing the declaration of the policy namespace with prefix wsp . Thanks, Ruchith p.s. Please try not to cross post to all three axis-user, axis-dev and rampart-dev lists. Rajesh, Peter (CLAIMS, WIP) wrote: When I deploy the webservice .aar file in Weblogic 8.1 application server below error is displayed in the console. JDK is 1.4.2_08. Please let me know how to resolve this issue. org.apache.axis2.deployment.DeploymentException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix wsp at [row,col {unknown-source}]: [35,49] at org.apache.axis2.deployment.repository.util.ArchiveReader.processService Group(ArchiveReader.java:144) at org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java: 78) at org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(De ploymentFileData.java:137) at org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.j ava:571) at org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList .java:141) at org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener .java:318) at org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryL istener.java:220) at org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngi ne.java:118) at org.apache.axis2.deployment.WarBasedAxisConfigurator.loadServices(WarBas edAxisConfigurator.java:272) at org.apache.axis2.context.ConfigurationContextFactory.createConfiguration Context(ConfigurationContextFactory.java:78) at org.apache.axis2.transport.http.AxisServlet.initConfigContext(AxisServle t.java:500) at org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:420) at weblogic.servlet.internal.ServletStubImpl$ServletInitAction.run(ServletS tubImpl.java:1094) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSu bject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121 ) at weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl. java:970) at weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImp l.java:949) at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl .java:888) at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServ letContext.java:3430) at weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppSer vletContext.java:3375) at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppSe rvletContext.java:3356) at weblogic.servlet.internal.WebAppServletContext.setStarted(WebAppServletC ontext.java:6208) at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:864) at weblogic.j2ee.J2EEApplicationContainer.start(J2EEApplicationContainer.ja va:2134) at weblogic.j2ee.J2EEApplicationContainer.activate(J2EEApplicationContainer .java:2175) at weblogic.j2ee.J2EEApplicationContainer.activate(J2EEApplicationContainer .java:2122) at weblogic.management.deploy.slave.SlaveDeployer$Application.setActivation (SlaveDeployer.java:3099) at weblogic.management.deploy.slave.SlaveDeployer.setActivationStateForAllA pplications(SlaveDeployer.java:1768) at weblogic.management.deploy.slave.SlaveDeployer.resume(SlaveDeployer.java :351) at weblogic.management.deploy.DeploymentManagerServerLifeCycleImpl.resume(D eploymentManagerServerLifeCycleImpl.java:229) at weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:136) at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:965) at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:360) at weblogic.Server.main(Server.java:32) Caused by: org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix wsp at [row,col {unknown-source}]: [35,49] at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:2 39) at org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:318) at org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:614 ) at org.apache.axis2.deployment.DescriptionBuilder.buildOM(DescriptionBuilde r.java:97) at org.apache.axis2.deployment.repository.util.ArchiveReader.buildServiceGr oup(ArchiveReader.java:70) at org.apache.axis2.deployment.repository.util.ArchiveReader.processService Group(ArchiveReader.java:137) ... 33 more Thanks Regards, Peter Rajesh * This communication, including attachments, is for the exclusive use of addressee and may contain
Re: [Axis2] (Long) Ws-Policy: problem with SAMLtoken and WSAS example
Hi, Please see my comments below: On 11/2/07, Massimiliano Masi [EMAIL PROTECTED] wrote: Hi All, I'm very frustrated: I'm developing policies for getting a SAML 2 token from a WS-Trust STS implemented using Rahas. I've to put it in the wsse:Security. So I created the following policy for the service that needs the token as is [1] (taken from the WSAS example). I got NPE: Can you please send the request message and the response message you receive from the STS? Seems like the NPE occurs when Axis2 tries to handle receive the error message. 19:20:49,721 ERROR [AxisServlet] java.lang.NullPointerException at java.util.PropertyResourceBundle.handleGetObject(PropertyResourceBundle.java:103) at java.util.ResourceBundle.getObject(ResourceBundle.java:319) at java.util.ResourceBundle.getString(ResourceBundle.java:285) at org.apache.rahas.TrustException.getMessage(TrustException.java:105) at org.apache.rahas.TrustException.init(TrustException.java:54) at org.apache.rahas.TrustException.init(TrustException.java:83) at com.spirit.XUA.utils.SpiritTokenIssuer.issue(SpiritTokenIssuer.java:234) org.apache.axis2.AxisFault: java.lang.NullPointerException at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528) at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:127) at com.spirit.XUA.utils.XUAAssertions.getAuthenticatedViaWSTrust(XUAAssertions.java:430) So, I cannot access the STS, that gives me a TrustException. If I use the following policy [2] I got this MTOM (?) exception client side (after getting in the right way the SAML assertion): IMHO this policy is not correct. If you simply need the SAML token added to the wsse:Security header you should define a SignedSupportingTokens assertion with the issued token, rather than a ProtectionToken. Also please include axis2-mtompolicy-version.jar file in your classpath as wll. Thanks, Ruchith p.s. Please subscribe([EMAIL PROTECTED]) and post rampart/rahas specific issues in [EMAIL PROTECTED] list. [java] org.apache.axis2.AxisFault: org/apache/axis2/policy/model/MTOMAssertion [java]at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:194) [java]at org.apache.tools.ant.taskdefs.Java.run(Java.java:747) [java]at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:201) [java]at org.apache.tools.ant.taskdefs.Java.execute(Java.java:104) [java]at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288) [java]at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [java]at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [java]at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [java]at java.lang.reflect.Method.invoke(Method.java:585) [java]at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105) [java]at org.apache.tools.ant.Task.perform(Task.java:348) [java]at org.apache.tools.ant.Target.execute(Target.java:357) [java]at org.apache.tools.ant.Target.performTasks(Target.java:385) [java]at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1329) [java]at org.apache.tools.ant.Project.executeTarget(Project.java:1298) [java]at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41) [java]at org.eclipse.ant.internal.ui.antsupport.EclipseDefaultExecutor.executeTargets(EclipseDefaultExecutor.java:32) [java]at org.apache.tools.ant.Project.executeTargets(Project.java:1181) [java]at org.eclipse.ant.internal.ui.antsupport.InternalAntRunner.run(InternalAntRunner.java:423) [java]at org.eclipse.ant.internal.ui.antsupport.InternalAntRunner.main(InternalAntRunner.java:137) [java] Caused by: org.apache.axis2.AxisFault: org/apache/axis2/policy/model/MTOMAssertion [java]at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486) [java]at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343) [java]at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) [java]at
[ANN] Apache Rampart training
HI Folks, I will be in San Jose on the 1st November and will be conducting a training session on Apache Rampart[1]. Anyone interested? Register here [2]. Also I'll be in Indianapolis for a week (10-17 Nov) if anybody's interested we should be able to provide similar training there as well. Those interested please contact me. Thanks, Ruchith 1. http://wso2.com/services/training/intro-apache-rampart/ 2. http://wso2.com/services/training/ -- http://blog.ruchith.org http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart throws NPE
Hi Murali, The NPE was thrown because there was no SOAP header in the request SOAP envelope. I just fixed this [1]. However, IMHO the way you have specified policy doesn't seem to correct to me. An example where we use a SAML token to protect a message is available with WSO2 WSAS [2] - sts-sample. Please have a look at how we set the service policy in this sample. Thanks, Ruchith [1] http://svn.apache.org/viewvc?rev=584382view=rev [2] http://dist.wso2.org/products/wsas/java/2.1/ Murali Krishnan wrote: The services.xml file contents I had included appear wrong in the earlier message. I have attached it in this mail. - Original Message From: Murali Krishnan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: axis-user@ws.apache.org Sent: Wednesday, October 3, 2007 2:19:56 PM Subject: Rampart throws NPE I'm trying to call a simple service deployed in Axis2. I'm trying to enforce that this service requires a SamlToken whenever it is called... If I invoke this service with a soap request that doesn't have any security headers, I get the below exception at the server. If I disenagage 'rampart' for the service, there is no problem. Am I doing anything wrong in this scenario? Thanks, Murali java.lang.NullPointerException at org.apache.rampart.RampartEngine.process(RampartEngine.java:90) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:85) at org.apache.axis2.engine.Phase.invoke(Phase.java:292) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:120) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) The soap request is like this: POST /axis2/services/SimpleService HTTP/1.1 Content-Type: text/xml; charset=UTF-8 SOAPAction: urn:echo User-Agent: Axis2 Host: 127.0.0.1: Content-Length: 244 ?xml version='1.0' encoding='UTF-8'? soapenv:Body nameHello world/name /ns1:echo /soapenv:Body /soapenv:Envelope The services.xml is like this below: service name=SimpleService parameter name=ServiceClass locked=falsecom.softwareag.ws.SimpleService/parameter operation name=echo messageReceiver class=org.apache.axis2.rpc.receivers.RPCMessageReceiver/ /operation operation name=add/ module ref=rampart/ !-- module ref=addressing/-- wsp:ExactlyOne wsp:All xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; / /wsp:All /wsp:ExactlyOne /wsp:Policy /service Yahoo! oneSearch: Finally, mobile search that gives answers http://us.rd.yahoo.com/evt=48252/*http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC, not web links. Yahoo! oneSearch: Finally, mobile search that gives answers http://us.rd.yahoo.com/evt=48252/*http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC, not web links. signature.asc Description: OpenPGP digital signature
Re: Rampart sample/tutorial
Please see this : http://wso2.org/library/240 Thanks, Ruchith On 8/31/07, Todd Allen [EMAIL PROTECTED] wrote: I need to implement user name/password authentication in an Axis2 1.1 web service. Can someone point me to a useful set of samples or a good tutorial on Rampart and the user name token? Thanks, Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANN] Apache Rampart 1.3 Released
This is the 1.3 release of Apache Rampart. Apache Rampart 1.3 is a toolkit that provides implementations of the WS-Sec* specifications for Apache Axis2 1.3, based on Apache WSS4J 1.5.3 and the Apache AXIOM-DOOM 1.2.5 implementations. You can download the releases from: http://www.apache.org/dyn/closer.cgi/ws/rampart/1_3 There are two main Apache Axis2 modules provided with this release. * rampart-1.3.mar This provides support for WS-Security and WS-SecureConversation features. * rahas-1.3.mar This module provides the necessary components to enable SecurityTokenService functionality on a service. Apache Rampart 1.3 uses a configuration model based on WS-Policy and WS-Security Policy. It is important to note that the Apache Rampart 1.0 style configuration is also available even though being marked as deprecated. Apache Rampart 1.3 can be successfully used with the next Apache Sandesha2 release targeted towards Apache Axis2 1.3 to configure WS-SecureConversation + WS-ReliableMessaging scenarios. The rampart module was successfully tested for interoperability with other WS-Security implementations. WS - Sec* specifications supported by Apache Rampart are as follows: * WS - Security 1.0 * WS - Secure Conversation - February 2005 * WS - Security Policy - 1.1 - July 2005 * WS - Trust - February 2005 * WS - Trust - WS-SX spec - EXPERIMENTAL Thank you for using Apache Rampart. Apache Rampart team signature.asc Description: OpenPGP digital signature
Re: Rampart and SAML question
It is important that the policy used uses an IssuedToken assertion. https://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/conf/service.policy.xml Now when RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN property provides an id of a token in the token store rampart will use that token as the issued token. Thanks, Ruchith On 8/30/07, Dimuthu [EMAIL PROTECTED] wrote: Hi, You can do it as follows [1] I got the code from this sample available here[2] Cheers, Dimuthu [1] Token tok = new Token(Token(tokenId, youTokenElem, dateCreated, dateExpires)); TokenStorage store = TrustUtil.getTokenStore(ctx); store.add(token); //Store token TokenStorage store = TrustUtil.getTokenStore(ctx); store.add(responseToken); //Service invocation ServiceClient client = new ServiceClient(ctx, null); client.engageModule(rampart); client.engageModule(addressing); client.getServiceContext().setProperty(RampartMessageData.KEY_RAMPART_POLICY, servicePolicy); Options options = client.getOptions(); options.setAction(urn:echoOMElement); options.setSoapVersionURI(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI); options.setTo(new EndpointReference(service)); options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId()); OMElement respEelm = client.sendReceive(getPayload()); System.out.println(RESPONSE FROM SERVICE: \n + respEelm); [2]http://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java On Wed, 2007-08-29 at 17:46 +0200, Massimiliano Masi wrote: Hi all, I have a SAML2 Authentication Assertion as OMElement, created by opensaml2. How can I include it in the SOAP Header using the rampart api? Is there a way to do it? Thank you in advance, Massimiliano This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart and Axis2 1.3
Hi, org.apache.axis2.wsdl.codegen.extension.ModulePolicyExtension has been moved to the axis2-codegen.jar and this is not available in the axis2.war. You will have to add the axis2-codegen-1.3.jar to the WEB-INF/lib/ dir of the axis2.war to solve this issue. All rampart samples with work without any issue with the axis2 standard binary dist since axis2-codegen-1.3 jar is available in it. Thanks, Ruchith On 8/23/07, Davanum Srinivas [EMAIL PROTECTED] wrote: We are still voting on the release, please try this with Axis2 1.3 http://people.apache.org/~ruchithf/rampart/1_3/ -- dims On 8/22/07, Skinner, Gregory W. [EMAIL PROTECTED] wrote: I have been trying to get Axis 1.2 or 1.3 working with a version of Rampart. When I try to use Axis 1.3 with Rampart 1.2, the module does not deploy and I get [ERROR] The rampart-1.2.mar module, which is not valid, caused org/apache/axis2/modules/ModulePolicyExtension java.lang.NoClassDefFoundError: org/apache/axis2/modules/ModulePolicyExtension at java.lang.ClassLoader.defineClass1(Native Method) When I try to use Axis2 1.2 with Rampart 1.2 (deployed in Tomcat), I end up getting a NullPointerException after I get : Unknown top level PED found: org.apache.neethi.builders.xml.XmlPrimtiveAssertion Can anyone suggest which versions of Axis / Rampart are compatible and where I might find them? Thanks, Greg -- Davanum Srinivas :: http://davanum.wordpress.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [RAMPART] Which is the official rampart home page?
Hi, I did send a mail to the rampart-dev list [1] about the RC release :-) and apologies about not updating the Rampart site[2]. We should move the axis2 rampart page into the rampart site and link to the official site from the axis modules page. Thanks, Ruchith 1. http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200708.mbox/raw/[EMAIL PROTECTED]/ 2. http://ws.apache.org/rampart/ On 8/15/07, Alberto Patino [EMAIL PROTECTED] wrote: Hi guys! I'm trying to download RAMPART module 1.3 RC1 to run samples with Axis2-1.3 as suggested by Ruchith , but I'm stuck trying to find the RC1 version I think the page: http://ws.apache.org/rampart/ is the official one, but I don't see the link in the main page of apache, On the other hand I found the RC1 version in the Ruchith blog: http://ruchith.blogspot.com/2007/08/apache-rampart-13-rc1-is-available.html And lastly, rampart info is found under the modules section from the axis2 page: http://ws.apache.org/axis2/modules/rampart/1_3/security-module.html Could it be possible to gather all the Rampart related information into the http://ws.apache.org/rampart page? Thanks a lot -- Don't be evil!!! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [RAMPART] Unable to load rampart-1.2-mar in Axis2-1.3
Please try the rampart-1.29.mar available in Rampart-1.3-RC1 ... IMPORTANT - rampart-1.29.mar is not an official release! Thanks, Ruchith On 8/14/07, Alberto Patino [EMAIL PROTECTED] wrote: Hello! I'm trying to run the Rampart 1.2 samples with Axis3 but I got a service deployment error, if I run the samples with Axis 1.2 there is no problem. Also, I tried to download rampart-1.3 module but the link is broken INFO: Deploying web application archive axis2.war [INFO] Deploying module: addressing-1.3 [INFO] Deploying module: script-1.3 [INFO] Deploying module: ping-1.3 [INFO] Deploying module: soapmonitor-1.3 [INFO] Deploying module: metadataExchange-1.3 [INFO] script module activated [INFO] Deploying Web service: version-1.3.aar Aug 13, 2007 4:46:59 PM org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Aug 13, 2007 4:46:59 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Aug 13, 2007 4:46:59 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/234 config=null Aug 13, 2007 4:46:59 PM org.apache.catalina.storeconfig.StoreLoader load INFO: Find registry server-registry.xml at classpath resource Aug 13, 2007 4:46:59 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 6984 ms org.apache.axis2.deployment.DeploymentException: The rampart module is not valid or has not been deployed. at org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:144) at org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:78) at org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:137) at org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:571) at org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:141) at org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:318) at org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:220) at org.apache.axis2.deployment.RepositoryListener.startListener(RepositoryListener.java:312) at org.apache.axis2.deployment.scheduler.SchedulerTask.checkRepository(SchedulerTask.java:64) at org.apache.axis2.deployment.scheduler.SchedulerTask.run(SchedulerTask.java:71) at org.apache.axis2.deployment.scheduler.Scheduler$SchedulerTimerTask.run(Scheduler.java:83) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Do I need to wait for the rampart 1.3 release? Thanks -- Don't be evil!!! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2] SAML security tokens generation
Hi Christina, Rampart supports adding SAML Tokens to the security header in the policy based implementation. You can see an example here : http://marc.info/?l=axis-userm=118665642802630w=2 By the way note that this requires the service to express it requirements in policy and this sample uses the token acquired from the Security Token Service to encrypt and sign the message. I'm not sure what you mean by ...SAML tokens with encryption of the user name and signature will be used Please check whether the above sample fits your requirement. Thanks, Ruchith On 8/14/07, Christina Larocca [EMAIL PROTECTED] wrote: Hi all Axis2 users: I have been managing some web services using UsernameTokens (without using rampart) to convey identities. I've a client that connects to a Token issuer service that provides it an EndpointReference and the Username token needed to authenticate. Now I must remodelate the security of the whole model and instead of that, SAML tokens with encryption of the user name and signature will be used. The last axis2 version I've been using was the 1.1 and now I'm thinking about updating to the newest one and start using rampart. I have read that, unfortunatelly, Rampart itself can't be configured to add the SAML token to the Security header and that it delegates those functions to a STS called Rahas. The documentation I found about Rahas is very weak and despite my experience I don't have a clue about where or how to start. Could anyone indicate me where to find a good tutorial or use examples? Or, even better, could anyone show me some code to generate the tokens? If it's possible, I would prefer to config rahas with code instead of creating text config files. Thanks in advance. Christina. -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2][VOTE]Axis2 1.3 release artifacts (#take3)
+1 Thanks, Ruchith On 8/10/07, Deepal jayasinghe [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I have uploaded Axis2 1.3 (take3) into my Apache home location [1] again . As a result of we found a few issues in 1.3 take2 I had to upload the artifacts again and call for a new vote. I will keep open the vote for 72 hrs from now and will do the Axis2 1.3 release on Monday 13th Aug 2007. You can find both IntelliJ idea and Eclipse plugin artifacts in the tools folder [2] Please try to cover the following areas when testing. - - Code generation - - Sessions - - Web application - - In different application servers - - Both JDK 1.5 and JDK 1.4 - - Java2WSDL - - POJOs - - And whatever the JIRA we have marked as fixed. You can find maven2 repository under my home directory as well [3]. I have host the web site for 1.3 in [4] please have a look at that as well I will do the final release on Friday (10th Aug 2007), here is my +1 for the release date as well as for release artifacts. [1] : http://people.apache.org/~deepal/axis2/1.3-take3/ [2] : http://www-lk.wso2.com/~deepal/1.3-tools/ [3] : http://people.apache.org/~deepal/axis2/1.3-take3/m2-repo/ [4] : http://www-lk.wso2.com/~deepal/axis2/ P.S : Please note that I need to have two more PMC vote to go ahead with the release, so please give us the support by voting for the release. Thanks Deepal -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGvFhvjOGcXNDx0CARAh+4AJ49M1d86/v39C6Z0WnMcxsK5RgF3QCdGD8d 43gXJ+tvuyHhc/nI1t1u1fw= =sqos -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: non-repudiation with signature using rampart 1.2
On 8/4/07, Pavan Madiraju [EMAIL PROTECTED] wrote: Thanks Dimuthu, Does anyone have example code for WS security using only digital signature ? Please see policy/sample02 in the Rampart distro. Thanks, Ruchith Tried to modify the simple example ( Sample4) to implement one way security. Client has only OutflowSecurity and service has only InflowSecurity. Can I do this using Rampart 1.2 ? Getting the following error on the client side \[java] Exception in thread main org.apache.axis2.AxisFault: WSDoAllReceiver: security processing fail and recieving the following error on the server faultstringWSDoAllReceiver: security processing failed/faultstring On 8/2/07, Dimuthu [EMAIL PROTECTED] wrote: Hi Pavan, I think this issue is related to https://issues.apache.org/jira/browse/RAMPART-10 Regards, Dimuthu On Thu, 2007-08-02 at 23:29 -0400, Pavan Madiraju wrote: Hi, I am trying to implement non-repudiation with signature with Axis2 1.2Rampart 1.2. Here is my service.xml enabling rampart module ref=rampart / parameter name=InflowSecurity action itemsSignature/items signaturePropFileservice.properties/signaturePropFile /action /parameter I have placed my service.properties file in \base_v61\profiles\AppSrv01\installedApps\NW815856Node02Cell\axis2_war.ear\axis2.war\WEB-INF\classes folder service.properties contents are org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=servertrust org.apache.ws.security.crypto.merlin.keystore.alias=wasclient org.apache.ws.security.crypto.merlin.alias.password=servertrust org.apache.ws.security.crypto.merlin.file=servertrust.jks I am getting the following error [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510) [8/2/07 8:28:10:326 EDT] 0027 SystemErr R Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [DerInputStream.getLength(): lengthTag=109, too big.] at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:141) at org.apache.ws.security.components.crypto.AbstractCrypto.init(AbstractCrypto.java:97) at org.apache.ws.security.components.crypto.Merlin.init(Merlin.java:65) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:67) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510) [8/2/07 8:28:10:346 EDT] 0027 SystemErr R at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:141) [8/2/07 8:28:10:346 EDT] 0027 SystemErr R at
Re: Rampart Sample 4 -
Can you please post your client and service configuration? Thanks, Ruchith p.s. Please *subscribe* by sending a mail to [EMAIL PROTECTED] and post rampart related issues in the rampart-dev@ list On 8/4/07, Pavan Madiraju [EMAIL PROTECTED] wrote: I am trying to execute sample 4 from Rampart samples. I am getting the following soap fault ?xml version=1.0 encoding=UTF-8? soapenv:Envelope xmlns:wsa=http://www.w3.org/2005/08/addressing; xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/; soapenv:Header wsa:Actionhttp://www.w3.org/2005/08/addressing/soap/fault/wsa:Action /soapenv:Header soapenv:Body soapenv:Fault faultcodesoapenv:Client/faultcode faultstringWSDoAllReceiver: security processing failed/faultstring detail/ /soapenv:Fault /soapenv:Body /soapenv:Envelope not sure what'z is the problem. Here is what I see while executing the client Buildfile: C:\Development\axis\rampart-1.2\samples\basic\build.xml check.dependency: client.04: [copy] Copying 1 file to C:\Development\axis\rampart-1.2\samples\basic\build\client_repositories\sample04\conf [copy] Copying 1 file to C:\Development\axis\rampart-1.2\samples\basic\build\client_repositories\sample04\modules [copy] Copying 1 file to C:\Development\axis\rampart-1.2\samples\basic\build\client_repositories\sample04\modules [copy] Copying 1 file to C:\Development\axis\rampart-1.2\samples\basic\build\temp_client [copy] Copying 1 file to C:\Development\axis\rampart-1.2\samples\basic\build\temp_client [java] Aug 4, 2007 12:25:02 AM org.apache.axis2.deployment.DeploymentEngine prepareRepository [java] INFO: No services directory was found under C:\Development\axis\rampart-1.2\samples\basic\build\client_repositories\sample04. [java] Aug 4, 2007 12:25:02 AM org.apache.axis2.deployment.ModuleDeployer deploy [java] INFO: Deploying module: addressing-1.2 [java] Aug 4, 2007 12:25:03 AM org.apache.axis2.deployment.ModuleDeployer deploy [java] INFO: Deploying module: rampart-1.2 [java] Exception in thread main org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed [java] at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:434) [java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:373) [java] at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294) [java] at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:520) [java] at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:500) [java] at org.apache.rampart.samples.sample04.Client.main(Unknown Source) [java] Java Result: 1 BUILD SUCCESSFUL Total time: 5 seconds I don't see anything in the console. Not sure why. I am running WAS 6.1 , Axis2 1.2 and Rampart 1.2 Attached are my request and response as well as the log property file. Please help. Regards, Pavam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [AXIS2] Problem with WS-Trust
Hi, You can use org.apache.rahas.client.STSClient to obtain a token from the service. Please have a look at this sample client code [1]. You can see this sample in action in WSO2 WSAS 2.0 [2] Thanks, Ruchith 1. http://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java 2. http://dist.wso2.org/products/wsas/java/2.0 On 7/31/07, Jochen Zink [EMAIL PROTECTED] wrote: Hello, I try to build a Client with Axis-1.2 for the WebService https://www.vdg-portal.de/VDGAuthPortal/services/STS. The client only calls the RequestSecurityToken Method. First, I generate the client with the following command: wsdl2java -uri https://www.vdg-portal.de/VDGAuthPortal/services/STS?wsdl -p de.awd.biproclient.prototype -o stubs/vdg/ticketService -u Now, I have the generated Stubs classes and everything else I need. My Sourcecode: ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repository, repository/conf/axis2.xml); VDGSecurTokenServiceStub stub = new VDGSecurTokenServiceStub(ctx, https://www.vdg-portal.de/VDGAuthPortal/services/STS;); RequestSecurityToken request = new RequestSecurityToken(); RequestSecurityTokenType type = new RequestSecurityTokenType(); request.setRequestSecurityToken(type); RequestSecurityTokenResponse response = stub.RequestSecurityToken(request); The Axis repository contains a modules folder with addressing and rampart module inside. The axis2.xml contains the rampart configuration for outflowsecurity: parameter name=OutflowSecurity action itemsUsernameToken/items userSomeUsername/user passwordCallbackClassde.awd.biproclient.prototype.VDGPasswordCallback/passwordCallbackClass passwordTypePasswordText/passwordType /action /parameter That is all I need, I guess. But I get an Exception (end of this email) and I don't know what does this mean, or what I do wrong. Has someone an idea? Thanks a lot! Exception in thread main org.apache.axis2.AxisFault: Error in extracting message properties at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:63) at org.apache.axis2.engine.Phase.invoke(Phase.java:383) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:433) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:330) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294) at de.awd.biproclient.prototype.VDGSecurTokenServiceStub.RequestSecurityToken(VDGSecurTokenServiceStub.java:157) at de.awd.biproclient.prototype.Prototypeclient.useCodeGenImplementation(Prototypeclient.java:74) at de.awd.biproclient.prototype.Prototypeclient.main(Prototypeclient.java:144) Caused by: org.apache.rampart.RampartException: Error in extracting message properties at org.apache.rampart.RampartMessageData.init(RampartMessageData.java:314) at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:57) at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:57) ... 8 more Caused by: org.apache.ws.security.WSSecurityException: Error in converting SOAP Envelope to Document; nested exception is: org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException at org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:129) at org.apache.rampart.RampartMessageData.init(RampartMessageData.java:148) ... 10 more Caused by: org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211) at org.apache.axiom.om.impl.dom.NodeImpl.build(NodeImpl.java:444) at org.apache.axiom.om.impl.dom.DocumentImpl.build(DocumentImpl.java:472) at org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:113) ... 11 more Caused by: javax.xml.stream.XMLStreamException at org.apache.axiom.om.impl.llom.OMStAXWrapper.updateLastNode(OMStAXWrapper.java:955) at org.apache.axiom.om.impl.llom.OMStAXWrapper.next(OMStAXWrapper.java:900) at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125) ___ Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 3 Monate kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=00 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org
Re: Axis2 and Rampart / Rahas Client
Please see this : http://marc.info/?l=axis-userm=118665642802630w=2 Thanks, Ruchith On 7/25/07, Chris82KS [EMAIL PROTECTED] wrote: Hello @all! I want to use a service as security token provider. For this task I've chosen Rahas 1.1 in Axis2 1.1. Now I want to write a client which shall call a normal web service in my axis2 service repository but before the client shall call the security token service to get a SAML token. Can anybody show me how to implement or configure the client? Greetrings Christian -- View this message in context: http://www.nabble.com/Axis2-and-Rampart---Rahas-Client-tf4141852.html#a11781509 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.23/Rampart 1.2 not working for digital signature validation (Policy example 2)
Please see here : http://marc.info/?l=axis-userm=118671612624113w=2 Thanks, Ruchith On 8/10/07, Ford, Jennifer M. [EMAIL PROTECTED] wrote: I've just discovered that digital signature validation appears to work with Tomcat 5.0.28, but not with Tomcat 5.5.23. Is this a known bug or should I enter a ticket? Jennifer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2: Rampart: Support for IssuedToken
Hi Nagi, Yes ... Rampart does support protecting messages with IssuedTokens. But this is not available with the parameter based configuration. Suport for issued tokens is available with the new policy based configuration which uses WS-SecurityPolicy. Right now we do not automatically obtain the token from the issuer and we expect the client developer to provide the issued token which we can use. One can use org.apache.rahas.client.STSClient to obtain a token from an STS (SecurityTokenService). This token should be made available to rampart in the options object. Please see this sample client [1] from WSO2 WSAS[2]. You can try out this sample in the latest 2.0 release of WSAS [3] Thanks, Ruchith p.s. Please subscribe and post rampart related questions to the [EMAIL PROTECTED] list [1] http://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java [2] http://wso2.org/projects/wsas/java [3] http://dist.wso2.org/products/wsas/java/2.0 On 8/1/07, Par Nagi [EMAIL PROTECTED] wrote: Hi, Does Axis2/Rampart support services that expect a SAML (or other issued token) at present? I.e., can I write a service.xml where I specify the InflowSecurity parameter as follows? parameter name=InflowSecurity action itemsIssuedToken/items /action /parameter I get an AxisFault - WSDoAllSender: Unknown action definedIssuedToken. Clearly the items being set to IssuedToken is not right in the above service.xml - what is the correct value for the items tag to notify Axis that the service expects an issued token such as SAML? Thanks for any info - Nagi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart configuration question
I agree we should not require the encryptionPropFileclient.properties/encryptionPropFile entry. Can you please try removing it? Thanks, Ruchith On 7/6/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I'm trying to use Rampart to encrypt my message body using a symetric secret key. Sample 9, included with the Rampart distibution, does just this. The actual key is hard-coded in a callback function both on the client and the server. My understanding is that the key is the only piece of data needed to encode the message. I was wondering why this part of the client config file: action itemsEncrypt/items userclient/user encryptionKeyIdentifierEmbeddedKeyName/encryptionKeyIdentifier EmbeddedKeyCallbackClassorg.apache.rampart.samples.sample09.PWCBHandler/EmbeddedKeyCallbackClass encryptionPropFileclient.properties/encryptionPropFile EmbeddedKeyNameSessionKey/EmbeddedKeyName /action contains the encryptionPropFile property. The said property file contains this: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=apache org.apache.ws.security.crypto.merlin.file=client.jks Now, I can see why we need to configure the provider class. But why does Rampart need the keystore? I'm not using public/private keys or certificates, just one secret key. The code works, but I'd like to simplify it as much as possible. The properties and keystore files shouldn't be necessary, unless I'm misunderstanding something. Many thanks Michael Davis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is wss4j still an active project? (was: Rampart configuration question)
Hi, On 7/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I didn't see any replies to the question below, so I started digging through the rampart/wss4j code. I found a workaround that will allow me to hard-code the private key into my client and server, and not have to have absolute paths to key files. This involves making a small change to one of the wss4j classes. I got the wss4j source code and tried to build it. Unfortunately it was build with axis version 1, and I'm using axis2. It's trying to import org.apache.axis packages whereas the new version's package names begin with org.apache.axis2. Moreover, some classes from the old version have moved since the new one. For example, wss4j tries to import org.apache.axix.Message, but there is no such class org.apache.axis2.Message, so I can't just change the package names. WSS4J project contains Axis 1.x handlers and we have the Axis jars in the lib dir [1]. You can include these in the classpath to fix compilation issues. WS-Sec* support for Axis2 is available in Apache Rampart[2] and Rampart depends on WSS4J. And yes WSS4J is still active! Thanks, Ruchith [1] https://svn.apache.org/repos/asf/webservices/wss4j/trunk/lib [2] https://svn.apache.org/repos/asf/webservices/rampart/trunk/java Anyway, is wss4j still in active development? It doesn't look like it. Has anyone moved the source to be compatible with axis2? cheers, md -Original Message- From: Davis, Michael Sent: Friday, July 06, 2007 2:28 PM To: 'axis-user@ws.apache.org' Subject: Rampart configuration question Hi, I'm trying to use Rampart to encrypt my message body using a symetric secret key. Sample 9, included with the Rampart distibution, does just this. The actual key is hard-coded in a callback function both on the client and the server. My understanding is that the key is the only piece of data needed to encode the message. I was wondering why this part of the client config file: action itemsEncrypt/items userclient/user encryptionKeyIdentifierEmbeddedKeyName/encryptionKeyIdentifier EmbeddedKeyCallbackClassorg.apache.rampart.samples.sample09. PWCBHandler/EmbeddedKeyCallbackClass encryptionPropFileclient.properties/encryptionPropFile EmbeddedKeyNameSessionKey/EmbeddedKeyName /action contains the encryptionPropFile property. The said property file contains this: org.apache.ws.security.crypto.provider=org.apache.ws.security. components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=apache org.apache.ws.security.crypto.merlin.file=client.jks Now, I can see why we need to configure the provider class. But why does Rampart need the keystore? I'm not using public/private keys or certificates, just one secret key. The code works, but I'd like to simplify it as much as possible. The properties and keystore files shouldn't be necessary, unless I'm misunderstanding something. Many thanks Michael Davis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Rampart] Ignore Timestamp and Addressing from client
The actions mismatch error occurs when you configure rampart to expect security actions different to what the incoming message contains. When you configure Rampart to process all security operations performed on the message you will able to get rid of this error. Thanks, Ruchith On 7/2/07, stlecho [EMAIL PROTECTED] wrote: All, Is there a solution or workaround for this issue ? Regards, Stefan Lecho. stlecho wrote: Hi, I have configured the InflowSecurity parameter (extracted included underneath) on the server side with the Signature item. One of our clients is using a C# client. The SOAP request that is received from this client contains Timestamp and Addressing related elements. This results in an WSDoAllReceiver: security processing failed (actions mismatch) AxisFault. Is there a way to ignore the Timestamp and Addressing related elements on the server ? Extract axis2.xml: parameter name=InflowSecurity action itemsSignature/items signaturePropFileinteropin.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier signatureParts{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body/signatureParts /action /parameter Regards, Stefan Lecho. -- View this message in context: http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-client-tf3882252.html#a11392800 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Rampart] Ignore Timestamp and Addressing from client
Hmm ... this is not possible with Rampart-1.0 style configuration! (Using configuration parameters). IMHO we must validate all elements in the wsse:Security header of the incoming message and I don't think it is correct to let random unknown elements in. We express exactly what we expect in the security header in the security policy of the service and the client MUST send exactly as expected by the service. Otherwise it is the client's problem. Thanks, Ruchith On 7/10/07, stlecho [EMAIL PROTECTED] wrote: I completely agree with you Tony. If the client sends on top of the required UsernameToken some additional and unwanted information (timestamp, addressing, ...), Rampart should still be happy that it finds the UsernameToken information. Regards, Stefan. Tony Dean wrote: As an example suppose you want Rampart to expect and always process a UsernameToken. You would set actionitemsUsernameToken/items/action. However, by default .net clients always send a Timestamp. So even though the .net client sends a UsernameToken, a mismatch occurs because it sends a Timestamp as well. Is there a way to configure Rampart to just ignore a Timestamp since it is not expected? I think this is what Stefan is saying also. Maybe this is against ws-security guidelines. I don't know. Thanks. -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 10, 2007 5:37 AM To: axis-user@ws.apache.org Subject: Re: [Rampart] Ignore Timestamp and Addressing from client The actions mismatch error occurs when you configure rampart to expect security actions different to what the incoming message contains. When you configure Rampart to process all security operations performed on the message you will able to get rid of this error. Thanks, Ruchith On 7/2/07, stlecho [EMAIL PROTECTED] wrote: All, Is there a solution or workaround for this issue ? Regards, Stefan Lecho. stlecho wrote: Hi, I have configured the InflowSecurity parameter (extracted included underneath) on the server side with the Signature item. One of our clients is using a C# client. The SOAP request that is received from this client contains Timestamp and Addressing related elements. This results in an WSDoAllReceiver: security processing failed (actions mismatch) AxisFault. Is there a way to ignore the Timestamp and Addressing related elements on the server ? Extract axis2.xml: parameter name=InflowSecurity action itemsSignature/items signaturePropFileinteropin.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier signatureParts{Element}{http://schemas.xmlsoap.org/soap/enve lope/}Body/signatureParts /action /parameter Regards, Stefan Lecho. -- View this message in context: http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-c lient-tf3882252.html#a11392800 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-client-tf3882252.html#a11521124 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Rampart] Ignore Timestamp and Addressing from client
Rampart certainly does process timestamp at org.apache.rampart.PolicyBasedResultsValidator#verifyTimestamp() Also WSS4J org.apache.ws.security.processor.TimestampProcessor#handleTimestamp() verifies the timstamp before control reaches Rampart level validation. Thanks, Ruchith On 7/10/07, Tony Dean [EMAIL PROTECTED] wrote: Rampart does not do any processing with the Timestamp information, does it? However, you do make a valid point. The client should not send a Timestamp if service is not expecting it. Unfortunately, WSSE 3.0 sends one by default with a UsernameToken. ;-( -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 10, 2007 10:59 AM To: axis-user@ws.apache.org Subject: Re: [Rampart] Ignore Timestamp and Addressing from client Hmm ... this is not possible with Rampart-1.0 style configuration! (Using configuration parameters). IMHO we must validate all elements in the wsse:Security header of the incoming message and I don't think it is correct to let random unknown elements in. We express exactly what we expect in the security header in the security policy of the service and the client MUST send exactly as expected by the service. Otherwise it is the client's problem. Thanks, Ruchith On 7/10/07, stlecho [EMAIL PROTECTED] wrote: I completely agree with you Tony. If the client sends on top of the required UsernameToken some additional and unwanted information (timestamp, addressing, ...), Rampart should still be happy that it finds the UsernameToken information. Regards, Stefan. Tony Dean wrote: As an example suppose you want Rampart to expect and always process a UsernameToken. You would set actionitemsUsernameToken/items/action. However, by default .net clients always send a Timestamp. So even though the .net client sends a UsernameToken, a mismatch occurs because it sends a Timestamp as well. Is there a way to configure Rampart to just ignore a Timestamp since it is not expected? I think this is what Stefan is saying also. Maybe this is against ws-security guidelines. I don't know. Thanks. -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 10, 2007 5:37 AM To: axis-user@ws.apache.org Subject: Re: [Rampart] Ignore Timestamp and Addressing from client The actions mismatch error occurs when you configure rampart to expect security actions different to what the incoming message contains. When you configure Rampart to process all security operations performed on the message you will able to get rid of this error. Thanks, Ruchith On 7/2/07, stlecho [EMAIL PROTECTED] wrote: All, Is there a solution or workaround for this issue ? Regards, Stefan Lecho. stlecho wrote: Hi, I have configured the InflowSecurity parameter (extracted included underneath) on the server side with the Signature item. One of our clients is using a C# client. The SOAP request that is received from this client contains Timestamp and Addressing related elements. This results in an WSDoAllReceiver: security processing failed (actions mismatch) AxisFault. Is there a way to ignore the Timestamp and Addressing related elements on the server ? Extract axis2.xml: parameter name=InflowSecurity action itemsSignature/items signaturePropFileinteropin.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier signatureParts{Element}{http://schemas.xmlsoap.org/soap/enve lope/}Body/signatureParts /action /parameter Regards, Stefan Lecho. -- View this message in context: http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-fro m-c lient-tf3882252.html#a11392800 Sent from the Axis - User mailing list archive at Nabble.com. --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-c lient-tf3882252.html#a11521124 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL
Re: rampart causes problems with hierarchies
You can engage rampart per operation by adding the module ref=rampart/ in the operation element of the services.xml. If the operation dispatching happens before the message reaches the security in handler then it should work. Thanks, Ruchith On 7/6/07, Jorge Fernandez [EMAIL PROTECTED] wrote: While this issue is not fixed, Is there a way I can engage the rampart module per operation, so I can desactivate it for those operations having problems??? I tried in the services.xml but it's not possible. Thanks, Jorge Fernández Jorge Fernandez [EMAIL PROTECTED] escribió: https://issues.apache.org/jira/browse/RAMPART-53 created Davanum Srinivas [EMAIL PROTECTED] escribió: Jorge, Please log a new bug with your test case. thanks, dims On 7/4/07, Jorge Fernandez wrote: Hi, Some months ago, I had some problems with the use of hierarchies with adb and xmlbeans. Apparently they were resolved with adb but know, I'm getting the same error. For example: I have an array of an object called parent and I put into that array instances of child1 or child2 (those inherit from parent). In the xml generated from that array should appear the xsi:type attribute but when I engage rampart module, that attribute dissapears. So maybe that was the cause of the problems I had before. See https://issues.apache.org/jira/browse/XMLBEANS-329 and https://issues.apache.org/jira/browse/AXIS2-2578. ¡Descubre una nueva forma de obtener respuestas a tus preguntas! Entra en Yahoo! Respuestas. -- Davanum Srinivas :: http://davanum.wordpress.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ¡Descubre una nueva forma de obtener respuestas a tus preguntas! Entra en Yahoo! Respuestas. Sé un Mejor Amante del Cine ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! . -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2] Please VOTE for your favorite bug to be fixed.
Yes we will be releasing Rampart along with Axis2 as soon as 1.3 goes out! Thanks, Ruchith On 7/2/07, stlecho [EMAIL PROTECTED] wrote: Is this cleaning up phase also applicable for the Rampart module or only for the Axis2 framework ? In other words, can I vote for JIRA issues related to Rampart ? Regards, Stefan Lecho. dims wrote: Dear Axis2 Users, We are working hard on cleaning up the issues in JIRA. -- View this message in context: http://www.nabble.com/-Axis2--Please-VOTE-for-your-favorite-bug-to-be-fixed.-tf3996952.html#a11391423 Sent from the Axis - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart 1.2 Configuration
Hi Anthony, Rampart-1.2 uses the same WS-Policy and WS-SecurityPolicy based config that we introduced in RAmpart-1.1 Please look at the samples/policy dir in the rampart-bin distro. Thanks, Ruchith On 6/18/07, Anthony Bull [EMAIL PROTECTED] wrote: Hi, can anyone point me to some examples of the newer style Rampart configuration? The example links on the Rampart homepage are broken, and the Rampart 1.2 samples/examples in the distro are all for the former Rampart 1.0 configuration setup (which I already have working). cheers, Anthony. -- Anthony - Anthony Bull Senior Developer Black Coffee Software Ltd PO Box 10-192 The Terrace Wellington, New Zealand [EMAIL PROTECTED] Ph +64 4 472 8818 Fax +64 4 472 8811 Mobile 021 303 692 - www.bcsoft.co.nz --- This email may contain confidential or privileged information, and is intended for use only by the addressee, or addressees. If you are not the intended recipient please advise the sender immediately and do not copy, use or disclose the contents to any other person or organisation. Black Coffee Software Ltd accepts no responsibility for viruses received with this email, or to any changes made to the original content. Any views or opinions expressed in this email may be personal to the sender and are not necessarily those of Black Coffee Software Ltd. --- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: WS-Security - UsernameToken doesnt work, is this a Rampart BUG?
My guess is there's some missing config. Remember just engaging rampart is not sufficient! One MUST provide the policy/configuration for Rampart to enforce. Thanks, Ruchith On 6/16/07, Glen Mazza [EMAIL PROTECTED] wrote: That would appear, indeed, to be an alarmingly big security hole. We are most probably misunderstanding something though. But as for forgetting some configuration, one would guess what you have done should fail by default anyway (i.e., no special configuration should be necessary to *enable* security if the tags are missing, only perhaps to *disable*). Glen Am Freitag, den 15.06.2007, 17:45 -0300 schrieb Eduardo Muller: With this configuration (see http://www-usr.inf.ufsm.br/~muller/rampart.jpg ), where the tag UsernameToken is replaced with incorrectTagUsernameToken, the web service will be call without pass through the class ServerPWCBHandler. That means, authentication doesnt work. Is this a rampart BUG? I know how to fix this in the org.apache.rampart.handler.WSDoAllReceiver class. But i want to know if this is necessary (means there is a BUG) or i forgot some configuration?? Atenciosamente Eduardo!! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem deploying Rahas
Hi, Seems like you are missing the wss4j jar in the classpath. Please include all jars in the lib dir of the rampart-distro in the classpath in addition to the jars in the axis2 bin distro. Thanks, Ruchith On 6/12/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi all, I would like to use Rampart and Rahas in order to create a WS-Trust STS, that exchanges SAML2.0 tokens (using OpenSAML? I don't know, suggestions are welcome!). I use JBoss 4.0.5GA. I've unpacked the Axis2 .war file, I put the .mar in the WEB-INF/modules/ and I edited modules.list. I got this error, from JBoss: 16:00:50,087 INFO [TomcatDeployer] deploy, ctxPath=/axis2, warUrl=.../tmp/deploy/tmp46200axis2-exp.war/ 16:00:53,594 INFO [ModuleDeployer] Deploying module: addressing-1.2 16:00:54,511 INFO [ModuleDeployer] Deploying module: rahas-1.1 16:00:58,808 ERROR [STDERR] java.lang.ClassNotFoundException: No ClassLoaders found for: org.apache.ws.security.transform.STRTransform 16:00:58,813 ERROR [STDERR] at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:306) 16:00:58,814 ERROR [STDERR] at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:511) 16:00:58,814 ERROR [STDERR] at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:405) 16:00:58,815 ERROR [STDERR] at java.lang.ClassLoader.loadClass(ClassLoader.java:251) 16:00:58,816 ERROR [STDERR] at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) 16:00:58,817 ERROR [STDERR] at java.lang.Class.forName0(Native Method) 16:00:58,817 ERROR [STDERR] at java.lang.Class.forName(Class.java:164) 16:00:58,818 ERROR [STDERR] at org.apache.xml.security.transforms.Transform.register(Unknown Source) 16:00:58,818 ERROR [STDERR] at org.apache.ws.security.WSSConfig.init(WSSConfig.java:83) 16:00:58,819 ERROR [STDERR] at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:95) 16:00:58,820 ERROR [STDERR] at org.apache.ws.security.WSSConfig.clinit(WSSConfig.java:47) 16:00:58,821 ERROR [STDERR] at org.apache.ws.security.WSSecurityEngine.clinit(WSSecurityEngine.java:51) 16:00:58,822 ERROR [STDERR] at org.apache.ws.security.handler.WSHandler.clinit(WSHandler.java:62) 16:00:58,823 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) Have you any ideas? Thank you for your work, Massimiliano Masi This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: WS-Security - UsernameToken doesnt work, is this a Rampart BUG?
Hi, Can you please post the rampart configuration of the service? (policy and services.xml) Thanks, Ruchith On 6/16/07, Eduardo Muller [EMAIL PROTECTED] wrote: With this configuration (see http://www-usr.inf.ufsm.br/~muller/rampart.jpg ), where the tag UsernameToken is replaced with incorrectTagUsernameToken, the web service will be call without pass through the class ServerPWCBHandler. That means, authentication doesnt work. Is this a rampart BUG? I know how to fix this in the org.apache.rampart.handler.WSDoAllReceiver class. But i want to know if this is necessary (means there is a BUG) or i forgot some configuration?? Atenciosamente Eduardo!! -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2][Rampart]setOperationContext does not get a chance to run
The rampart inflow handlers are invoked way before the message receiver. And the MessageContext.getCurrentContext() will only work after the message receiver is invoked. Therefore calling MessageContext.getCurrentContext() will not yield anything. Also at the moment we cannot access the message context from the password callback handler. Thanks, Ruchith On 6/12/07, Chad DeBauch [EMAIL PROTECTED] wrote: Deepal...that is what I don't understand. The MessageContext is not passed to the PasswordCallback. Here is an example PasswordCallback: import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; public class PWCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i callbacks.length; i++) { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; // set the password given a username if (wss4j.equals(pc.getIdentifer())) { pc.setPassword(security); } } else { throw new UnsupportedCallbackException(callbacks[i], Unrecognized Callback); } } } } In Axis1 I could call MessageContext.getCurrentContext(); and get the MessageContext within the PasswordCallback class. But in Axis2 if I call MessageContext.getCurrentMessageContext(); it returns null. Any ideas? Thanks Chad On 6/11/07, Deepal Jayasinghe [EMAIL PROTECTED] wrote: Hi Chad , What I told was , Message context is available to security handler , and security handler is the one who call PasswordCallback , so that handler should pass the MC to the PasswordCallback. Thanks Deepal Thanks Deepal for your response. If I understand you correctly it is possible to get the MessageContext from within the PasswordCallback. Can you give an example? Thanks Chad On 6/11/07, *Deepal Jayasinghe* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Chad , With Axis1 this was possible by calling MessageContext.getCurrentContext(); This doesn't appear to be possible in Axis2, is that right? It does , but only for the service impl class, not for others. Since all the handlers have access to message context directly. Thanks Deepal - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Thanks, Deepal The highest tower is built one brick at a time - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2][Rampart]setOperationContext does not get a chance to run
IMHO it involves a bit of changes to WSS4J core. I'll try to get this fixed in the next release :-) Thanks, Ruchith On 6/12/07, Deepal Jayasinghe [EMAIL PROTECTED] wrote: Ruchith Fernando wrote: The rampart inflow handlers are invoked way before the message receiver. And the MessageContext.getCurrentContext() will only work after the message receiver is invoked. Therefore calling MessageContext.getCurrentContext() will not yield anything. Also at the moment we cannot access the message context from the password callback handler. Is that possible for you to make MC available to password callback handler ? Thanks Deepal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: No Password sent out by client
Hi Hailong, Please capture the req/response (using something like tcpmon[1]) and send! Thanks, Ruchith [1] http://ws.apache.org/commons/tcpmon/ On 6/8/07, Wang, Hailong (NIH/CIT) [C] [EMAIL PROTECTED] wrote: Hi Dims, It's very urgent and I need your help. When I try to use UsernameToken, Sign and Encrypt in policy file. Sign and Encrypt work fine and username was sent out by client. But the password was not sent out by the client. Is this a bug of Rampart? Below is my policy file. Thanks in advance. ?xml version=1.0 encoding=UTF-8? !-- ! ! Copyright 2006 The Apache Software Foundation. ! ! Licensed under the Apache License, Version 2.0 (the License); ! you may not use this file except in compliance with the License. ! You may obtain a copy of the License at ! ! http://www.apache.org/licenses/LICENSE-2.0 ! ! Unless required by applicable law or agreed to in writing, software ! distributed under the License is distributed on an AS IS BASIS, ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ! See the License for the specific language governing permissions and ! limitations under the License. !-- wsp:Policy wsu:Id=SigEncrUT xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy; xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:ExactlyOne wsp:All sp:AsymmetricBinding wsp:Policy sp:InitiatorToken wsp:Policy sp:X509Token sp:IncludeToken=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/AlwaysToRecipient wsp:Policy sp:WssX509V3Token10 / /wsp:Policy /sp:X509Token /wsp:Policy /sp:InitiatorToken sp:RecipientToken wsp:Policy sp:X509Token sp:IncludeToken=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/Never wsp:Policy sp:WssX509V3Token10 / /wsp:Policy /sp:X509Token /wsp:Policy /sp:RecipientToken sp:AlgorithmSuite wsp:Policy sp:TripleDesRsa15 / /wsp:Policy /sp:AlgorithmSuite sp:Layout wsp:Policy sp:Strict / /wsp:Policy /sp:Layout sp:IncludeTimestamp / sp:OnlySignEntireHeadersAndBody / /wsp:Policy /sp:AsymmetricBinding sp:SignedSupportingTokens wsp:Policy sp:UsernameToken sp:IncludeToken=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/AlwaysToRecipient / /wsp:Policy /sp:SignedSupportingTokens sp:Wss10 xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:MustSupportRefKeyIdentifier / sp:MustSupportRefIssuerSerial / /wsp:Policy /sp:Wss10 sp:SignedParts xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; sp:Body / /sp:SignedParts sp:EncryptedParts xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; sp:Body / /sp:EncryptedParts ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy; ramp:userclient/ramp:user ramp:encryptionUserservice/ramp:encryptionUser ramp:passwordCallbackClass gov.nih.ndar.webservices.security.PWCBHandler /ramp:passwordCallbackClass ramp:signatureCrypto
Re: Apache Rampart 1.2 Released
You can download the release artifacts from : http://www.apache.org/dyn/closer.cgi/ws/rampart/1_2 :-) Thanks, Ruchith On 6/2/07, Ruchith Fernando [EMAIL PROTECTED] wrote: This is the 1.2 release of Apache Rampart. Apache Rampart 1.2 is a toolkit that provides implementations of the WS-Sec* specifications for Apache Axis2 1.2, based on Apache WSS4J 1.5.2 and the Apache AXIOM-DOOM 1.2.4 implementations. There are two main Apache Axis2 modules provided with this release. * rampart-1.2.mar This provides support for WS-Security and WS-SecureConversation features. * rahas-1.2.mar This module provides the necessary components to enable SecurityTokenService functionality on a service. Apache Rampart 1.2 uses a configuration model based on WS-Policy and WS-Security Policy and it is important to note that Apache Rampart 1.0 style configuration is also available even though being marked as deprecated. Apache Rampart 1.2 can be successfully used with the next Apache Sandesha2 release targeted towards Apache Axis2 1.2 to configure WS-SecureConversation + WS-ReliableMessaging scenarios. The rampart module was successfully tested for interoperability with other WS-Security implementations. WS - Sec* specifications supported by Apache Rampart are as follows: * WS - Security 1.0 * WS - Secure Conversation - February 2005 * WS - Security Policy - 1.1 - July 2005 * WS - Trust - February 2005 * WS - Trust - WS-SX spec - EXPERIMENTAL Thank you for using Apache Rampart. Apache Rampart team -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Axis2: Retrieving particular tags from SOAP message headers
Hi Inder, Axis2 uses AXIOM[1] as the object model and you can use the AXIOM API [2] to navigate the XML nodes of a SOAP envelope. Also AXIOM has XPath support [3]. Thanks, Ruchith [1] http://ws.apache.org/commons/axiom/ [2] http://ws.apache.org/commons/axiom/OMTutorial.html [3] http://wso2.org/library/265 On 5/31/07, Inder Dhillon [EMAIL PROTECTED] wrote: Hello I wanted to find some specific XML tags in the headers of the SOAP message and retrieve the corresponding content. Can someone please suggest me how to do it. Thanks Inder -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Axis1.2 with Rampart-SNAPSHOT
Hi Snehil, Please try the proposed Rampart-1.2 artifacts available here : http://people.apache.org/~ruchithf/rampart/1_2/ Thanks, Ruchith On 5/30/07, snehil Brajpuriya [EMAIL PROTECTED] wrote: Hi, Referring to issue - http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200705.mbox/[EMAIL PROTECTED] Should I still be getting same error if I take and build latest Rampart source. I did same and still getting error while trying to run that client of Sample02 that comes with Ramprt (sending username token). Error is - client.run: [java] May 30, 2007 6:01:22 PM org.apache.axis2.deployment.DeploymentEngine prepareRepository [java] INFO: No services directory was found under C:\axis2\samples\sample0 2\axis-repo. [java] May 30, 2007 6:01:34 PM org.apache.axis2.deployment.ModuleDeployer d eploy [java] INFO: Deploying module: rampart-1.99 [java] java.lang.NoSuchMethodError: org.apache.axis2.context.MessageContext.isEngaged (Ljavax/xml/namespace/QName;)Z [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava --- Its very critical for me to be able to complete use Rampart with axis2 1.2 . Any help here is immensly appreciated. Thanks Snehil -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MessageContext.getCurrentMessageContext() returns null.
Hi, MessageContext.getCurrentMessageContext() will return the message context only after the message reaches the message receiver. The callback handler is called way before this and at this point this will be null. Thanks, Ruchith On 5/29/07, Wang, Hailong (NIH/CIT) [C] [EMAIL PROTECTED] wrote: Hi, I happened a problem. After I used Rampart in the axis2, from the CallbackHandler in the server side I can not get MessageContext Instance throught MessageContext.getCurrentMessageContext(). Is there anyone has any clue on this problem? Thanks in advance. Hailong Wang National Database for Autism Research(NDAR) NIH/CIT/DECA (MOM CONTRACTOR) 9000 Rockville Pike, Bld 12A/Room 2027 Bethesda, MD 20892 Phone: 301-402-3045 Fax: 301-480-0028 Email: [EMAIL PROTECTED] URL: http://ndar.nih.gov -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2]: Rampart and Axis2
Hi, Rampart depends on WSS4J and we are working to get WSS4J 1.5.2 out as ASAP. Also I'm working on the Rampart release build to package the rampart release. Will make the Rampart SNAPSHOTs available (hopefully today) and we can have 1.2 right after WSS4J release. Thanks, Ruchith On 5/18/07, Darshan Karandikar [EMAIL PROTECTED] wrote: Hi, Does anyone have any idea about when is the Axis2 compatible version of Apache Rampart is going to be released? I am eagerly waiting for it as I am not able to move on with my Axis2 PoC due to rampart incompatibility. Regards, Darshan. http://www.patni.com World-Wide Partnerships. World-Class Solutions. _ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at [EMAIL PROTECTED] and delete this mail. _ -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Axis2 + rampart + other web service platform
Hi Mikhail, Rampart only supports WS-SecurityPolicy 1.1 (July 2005) specification. The policy you are using seems to be from an older version. Thanks, Ruchith On 5/17/07, Paul Fremantle [EMAIL PROTECTED] wrote: Mikhail I've seen this error before and in my experience its because the rampart policy isn't quite right. When I get a chance I'll take a look. Ruchith - any ideas? Paul On 5/17/07, Mikhail Maroukhine [EMAIL PROTECTED] wrote: Paul Yes I'm trying to create proper rampart policy file for the .net service client but I always get the next error : Exception in thread main java.lang.NullPointerException at org.apache.rampart.util.RampartUtil.addWsuIdToElement(RampartUtil.java:463) at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:277) at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:85) at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:129) at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:59) at org.apache.axis2.engine.Phase.invoke(Phase.java:381) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:518) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:651) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:365) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:295) at org.tempuri.JobStub.ListJobAreas(JobStub.java:185) at org.tempuri.Client.main(Client.java:42) For example I just copy policy file from policy sample01 and run client with it (without .net policy). I expected that server rejects such message but rampart fails before that with error above. I even tried empty policy file: wsp:Policy xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy; /wsp:Policy But result is same. Mikhail Paul Fremantle wrote: Mikhail My rampart.xml example was just that. A *cut-down* example! I think you need more in there. Have you looked at the samples that come with Rampart? Paul -- WBR, Mikhail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Paul Fremantle VP/Technology, WSO2 and OASIS WS-RX TC Co-chair http://bloglines.com/blog/paulfremantle [EMAIL PROTECTED] Oxygenating the Web Service Platform, www.wso2.com -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: REST and Rampart
It should throw a fault! provided that axis2 dispatched up to the point where policy is applied. Thanks, Ruchith On 5/1/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Hi The same service can be accessed by SOAP as well as REST interface. In case i have enabled rampart secuirty on my service and try to invoke that service throug a GET / POST mechanism would the Soap Engine throw an error saying that it could not find the appropriate headers or it will let the request go through. Vibhor -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [axis2]WS Security Policy includeToken option problem
IncludeToken/Once is not handled properly in Rampart. Please file a bug [1] Thanks, Ruchith [1] https://issues.apache.org/jira/browse/RAMPART On 5/2/07, Nencho Lupanov [EMAIL PROTECTED] wrote: Hi All , I am trying the rampart sample that comes with the distro. I am going with sample01, only that i wanted it to be slightly different: I change the sp:IncludeToken attribute, so instead of: sp:SignedSupportingTokens xmlns:sp= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:UsernameToken sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/ AlwaysToRecipient / /wsp:Policy /sp:SignedSupportingTokens I have: sp:SignedSupportingTokens xmlns:sp= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:UsernameToken sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once; / /wsp:Policy /sp:SignedSupportingTokens I am saying that in both requests i can found the following soap with tcpmon: wsse:UsernameToken xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsu:Id=UsernameToken-1673653wsse:Usernamemy_username/wsse:Usernamewsse:Password Type= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText my_password/wsse:Password/wsse:UsernameToken Does this means that the username and password will be sent only the first time?I tryed this but I still get the whole Usernametoken trasffered every time?Is this supposed to work like this or is there a bug in the rampart handling of the security policy? Thanks, Nencho -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis] Rampart examples - Username token password verification
Hi, On 5/8/07, Stefan Magnus Landrø [EMAIL PROTECTED] wrote: Thanks for your reply. I believe I got a bit confused by a callbackhandler that performs two totally different tasks. I believe it would be a good idea to restructure some of the examples in rampart to clarify this. In my opinion it would also be smart to use maven2 for building the examples instead of ant. Using maven would make it easier to understand the difference between client and server. Would you be interested in a contribution of examples ported to maven2? Sure ! please create a JIRA [1] issue and send in the patches! Thanks, Ruchith [1] https://issues.apache.org/jira/browse/RAMPART - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security using rampart
Hi Vibhor, On 4/28/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Hi Ruchith We are deploying the web services solution created by Axis2 1.1.1 and security using rampart1.1. The deployment comprises of the Apache Web server which receives the HTTP requests and then routes the requests to the Jboss Application server, where axis2 web application along with the services are deployed. I want to have encryption and digital signature in place using rampart. I have tested the application with the sample certifcates in the development environment and it works fine. The questions are pertaining to the production deployment. a) Do i need to have the certifcates key store(signed server certificate, CA self signed certifcate) maintained at the Apache web server? I guess this would be required in case i want to have transport layer security enabled right. Yes, you will only need to have the keystore in the Apache web server only if you use transport layer security : HTTPS b) Since rampart would reside at the Jboss server i would need the keystore at Jboss server also right? this will be required for handling the encrypted and digitaly signed SOAP messages. This keystore would have the private keys of the server, CA self signed certificate, and the signed certificate of the server by the CA. For rampart's configuration it doesn't matter where you store the keystore! You simply have to provide the path (relative or absolute) to the keystore in rampart configuration. c) I hope the Apache web server does not create issues with the encrypted soap request coming in when the transport layer security is also enabled. It must let it pass through to Jboss as is. Yes d) If rampart is enabled for the web services and the axis2 engine is enabled/configured for REST based services too, would Axis2 engine expect encrypted and digitally signed messages when the consumer sends a POST request? Yes! Therefore when you enable rampart on a service that service will not be accessible via REST/POST. HTH and apologies about the late response! Thanks, Ruchith It is a long mail but will help us in the deployment of the web services in the production environment. Thanks Vibhor -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis] Rampart examples - Username token password verification
On 5/3/07, Stefan Magnus Landrø [EMAIL PROTECTED] wrote: Hi, I've been looking at the rampart examples recently, but there are a couple things that I don't understand: How do the sample services in the rampart distribution verify the password? Why do the services.xml include a reference to a password callback handler? The password callback handler carries out the authentication. Please see : https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java To understand this a bit more you can also read: http://www.wso2.org/library/240 Thanks, Ruchith p.s. Please subscribe to [EMAIL PROTECTED] (send a mail to [EMAIL PROTECTED]) and post rampart related questions there. Cheers, Stefan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Axis2] [ANN] Training courses on Apache Axis2 and Apache Rampart
Hi All, I will be in Maryland, US in the second week of May. Is anybody interested in attending tutorials on Apache Axis2 and Apache Rampart? Both are 1/2 day programs. This would be on Thursday the 10th of May. Please drop me a note at [EMAIL PROTECTED] and let me know. Thanks, Ruchith -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AXIS2 and LoginModule
Apologies for the delay in my response ! According to the scenario explained in the original post ... a web service calls secured methods on the EJB. When the subject is authenticated into the web service by Rampart using the callback handler provided by the user ... a java.security.Principal instance will be available in the rampart processing results [1]. IMHO at this point if we want to call the secured method on the EJB, the web service developer will have to set the Principal instance in a context that the J2EE container uses to extract the authenticated Principal. Thanks, Ruchith [1] http://www.wso2.org/library/169 On 4/18/07, Tony Dean [EMAIL PROTECTED] wrote: right, you can configure basic auth security constraints in web.xml... but, as for web services clients send credentials in security header, not http header. as such, container needs to be aware of this... native web service engines like websphere, weblogic have integrated this type of security into their container by letting you configure security constraints on individual web services... eg., webservice A must supply UsernameToken. the container will then parse the UsernameToken and perform the necessary authentication as configured with these credentials... my question to Ruchith would be how can Axis2/rampart integrate in this way with the container since its only a another servlet to the native container... thanks. -Original Message- From: Davanum Srinivas [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 18, 2007 10:12 AM To: Tony Dean Cc: axis-user@ws.apache.org Subject: Re: AXIS2 and LoginModule Tony, you can configure the security constraints in web.xml since Axis2 is just another servlet. What's missing is we don't do any authorization checks from inside Axis2. Above info is w/o rampart. I'll let Ruchith chime in regarding that. thanks, -- dims On 4/18/07, Tony Dean [EMAIL PROTECTED] wrote: hi dims, so today, if you wanted to configure a JAAS security domain for your Jboss axis2 servlet as follows: jboss-web.xml - jboss-web security-domainjava:/jaas/some_JAAS_context/security-domain /jboss-web how can I put security constraints on the axis2 servlet such that the security header for all incoming web service requests is parsed, and the realized credentials are then used to perform JAAS authentication as configured by the container. for webApps this is done by configuring secuirty constraints in web.xml (eg., basic auth). then the container requires basic authentication for the configured URLS and the realized credentials are used to perform JAAS authentication as configured by the container. if authentication is successful, the impl class can acquire the authenticated Subject for further authorization checks. I do not know how Axis2 would integrate this behavior into the container. You would have to configure rampart to require UsernameToken. Once rampart obtained credentials, it would somehow have to pass them unto the container for JAAS authentication. How this would be done is unknown to me. --Tony -Original Message- From: Davanum Srinivas [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 18, 2007 9:21 AM To: axis-user@ws.apache.org Subject: Re: AXIS2 and LoginModule we do have an issue in jira - https://issues.apache.org/jira/browse/AXIS2-164 -- dims On 4/18/07, Tony Dean [EMAIL PROTECTED] wrote: I wasn't aware that Axis2 could hook into JAAS... when you develop a J2EE web service, the container takes care of parsing the security header for credentials and using those credentials to authenticate against a defined login context (ie., loginModules defined for that login context). If authentication is successful, a Subject is available for this current call thread. This Subject is used for determining webApp and EJB authorization. Axis2 does not provide such integration to my knowledge. It would be great if it did. Anyone, please correct me if I am wrong. --Tony From: Joseph L Shimkus [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 18, 2007 8:16 AM To: axis-user@ws.apache.org Subject: AXIS2 and LoginModule I have implemented the Rampart module in my AXIS2 webservice with my own CallbackHandler. However, once authenticated my webservice calls secured methods on an EJB session bean which fail. It appears that the LoginModule which normal stores the authenticated principals in context is not doing so, or not doing so in a way which the EJBs can understand. Since the Rampart configuration only exposed the CallbackHandler class, I'm unsure what class it is using or if I'm able to change it. Does anyone know what the behavior of the Rampart LoginModule is? Or how I can achieve a
Re: Axis2 Client Stub not Generating WS-Security Headers
Hi Ted, On 3/28/07, Ted Jones [EMAIL PROTECTED] wrote: Thank you for the reply Ruchith. I am following these instructions with the exception of the service invocation since I am using my generated client stub. Does the client repository location need to be included in order to generate the proper stub logic for inserting the WS-Security headers? When you codegen the stub will *not* contain any logic related to rampart. Also, the code sample links are broken on the link you gave me. The link is now fixed. Thanks, Ruchith Thanks, Ted -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 27, 2007 11:04 PM To: axis-user@ws.apache.org Subject: Re: Axis2 Client Stub not Generating WS-Security Headers Hi Ted, Please see this : http://www.wso2.org/library/240 Thanks, Ruchith On 3/28/07, Ted Jones [EMAIL PROTECTED] wrote: I have an Axis2 1.1.1 ADB generated client stub that is instantiated using a client axis2.xml config and pointing to a client repository that has the rampart and addressing mar files. The config file and repository location are loaded via URL. In debug, I can see the rampart and addressing modules are engaged. In my client code, I have added the following properties to the serviceclient's options instance: options.setProperty(WSConstants.WSSE_NS , WSConstants.USERNAME_TOKEN_LN); options.setProperty(WSConstants.USERNAME_LN,getConnectionProperties(). getUserid()); options.setProperty(WSConstants.PASSWORD_LN,getConnectionProperties(). getPassword()); options.setProperty(WSConstants.PASSWORD_TYPE_ATTR, WSConstants.PASSWORD_TEXT); The WS-Security headers are never inserted into the soap request and I receive the ever-popular org.apache.axis2.AxisFault: WSDoAllReceiver: Incoming message does not contain required Security header. This web service and the ws-security logic works using soapUI (a great *free* tool by the way). Is there some other property I need to set in the options or something else I need to be doing? Thanks Ted -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2][Rampart] How to extract User Information?
At each operation invocation we can figure out the user that invoked that operation [1] Use MessageContext.getCurrentMessageContext() to obtain the message context at the service. Thanks, Ruchith [1] http://wso2.org/library/169 On 3/29/07, Jochen Zink [EMAIL PROTECTED] wrote: Hi at all, I have a state full webservice and use rampart authentication with usernametoken. It works, but is there any possibility to extract the user information? With the PaswordCallback class I can authenticate the user. But in the ServiceMethod I want to know, which user has called the method. Is this possible? I tried to put the user manually in the MessageContext inside the PasswordCallbackClass. But the MessageContext is not available inside this class. Is there another possibility as parsing the soap envelope by hand? Thanks for your help! ___ SMS schreiben mit WEB.DE FreeMail - einfach, schnell und kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: I have fixed the some bugs in axis2 and attaching updates
Hi Donald, Please attach the patches to the JIRA issues and make sure you grant license to ASF for inclusion in ASF works. Thanks, Ruchith On 3/29/07, donald yang [EMAIL PROTECTED] wrote: Hi, I have fixed some bugs in axis2, but I don't know how to update the source code repositry. Could you check it and put the update into AXIS2-1.2 final release? 1. Hot update web services that load native library. When you develop web services as a wrapper of native library(e.g., .dll or .so library), you can NOT hot update the web service as JVM will tell you that the dll has been loaded. The simple solution is to force JVM run garbage collector. So I updated DeploymentEngine.java and what I have changed is to add System.gc() twice at end of the method unDeploy()(Line number 681 and 682). 2. Bug AXIS2-2253 Currently AXIS2 can not map java data types(BigDecimal, BigInteger, Day, Duration, Month, MonthDay, Time, Year, YearMonth) to corresponding XML data type and deserialize them. I have fixed the bug and test it. It is fine. To solve mapping from these data types to XML data type, I updated TypeTable.java and added these mapping into the method populateSimpleTypes() (from Line number 82 - 103) To solve the deserialized problem, I updated SimpleTypeMapper.java. 1) First I defined String variables for these data types (Line number 56 - 68) 2) I added some codes to return these type objects into the method getSimpleTypeObject (from Line number 117 - 146) 3) I added some codes to indicate these type objects are simpleTypeObject into the method isSimpleType. (from Line number 246 -261) Could you please update the source tree? best regards donald - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Axis2 Client Stub not Generating WS-Security Headers
Hi Ted, Please see this : http://www.wso2.org/library/240 Thanks, Ruchith On 3/28/07, Ted Jones [EMAIL PROTECTED] wrote: I have an Axis2 1.1.1 ADB generated client stub that is instantiated using a client axis2.xml config and pointing to a client repository that has the rampart and addressing mar files. The config file and repository location are loaded via URL. In debug, I can see the rampart and addressing modules are engaged. In my client code, I have added the following properties to the serviceclient's options instance: options.setProperty(WSConstants.WSSE_NS , WSConstants.USERNAME_TOKEN_LN); options.setProperty(WSConstants.USERNAME_LN,getConnectionProperties().getUserid()); options.setProperty(WSConstants.PASSWORD_LN,getConnectionProperties().getPassword()); options.setProperty(WSConstants.PASSWORD_TYPE_ATTR, WSConstants.PASSWORD_TEXT); The WS-Security headers are never inserted into the soap request and I receive the ever-popular org.apache.axis2.AxisFault: WSDoAllReceiver: Incoming message does not contain required Security header. This web service and the ws-security logic works using soapUI (a great *free* tool by the way). Is there some other property I need to set in the options or something else I need to be doing? Thanks Ted -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2] Axis2 1.2 RC1 Released
Hi, There were changes to the Module/Handler interfaces in Axis2. Therefore Rampart-1.1 will not work with Axis2-1.2-*. The latest rampart trunk is available here : https://svn.apache.org/repos/asf/webservices/rampart/trunk/java Thanks, Ruchith On 3/27/07, Jorge Fernandez [EMAIL PROTECTED] wrote: Hi, I get the following Exception when executing my client with the new release. i'm using Rampart 1.1 module but it's only engaged, not used, actually: Exception in thread main java.lang.NoSuchMethodError: org.apache.axis2.context.MessageContext.isEngaged(Ljavax/xml/namespace/QName;)Z at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:53) at org.apache.axis2.engine.Phase.invoke(Phase.java:383) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:433) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:330) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294) at client.Medici_LinkStub.validateSystem(Medici_LinkStub.java:2234) at client.ClientUtilities.validateSystemTest(ClientUtilities.java:62) at client.Client.main(Client.java:33) And this one when I use axis2 1.1.1 in my client and the new release at the service: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta'; nested exception is: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta'; nested exception is: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta'; nested exception is: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta' at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:227) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:674) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202) at client.Medici_LinkStub.validateSystem(Medici_LinkStub.java:2234) at client.ClientUtilities.validateSystemTest(ClientUtilities.java:62) at client.Client.main(Client.java:33) Caused by: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta'; nested exception is: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta' at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:344) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:204) ... 6 more Caused by: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta' at org.apache.axis2.transport.http.SOAPOverHTTPSender.send(SOAPOverHTTPSender.java:144) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:335) ... 7 more If I use axis2 1.1.1 in both service and client it works perfectly. I don't know if with the new release I need to do any aditional configuration. Regards, Jorge Fernández Charitha Kankanamge [EMAIL PROTECTED] escribió: I also observed the same and added a JIRA https://issues.apache.org/jira/browse/AXIS2-2393 regards Charitha Hi, I've just deployed the war file on tomcat 6.0.10 (NIO connector), but when I hit http://localhost:8080/axis2/axis2-admin/listService I get a HTTP error 500. The server logs reports 26-Mar-2007 13:29:40 org.apache.axis2.transport.http.AbstractAgent handle WARNING: Error dispatching request /axis2/axis2-admin/listService java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.axis2.transport.http.AbstractAgent.handle(AbstractAgent.java:77) at org.apache.axis2.transport.http.AdminAgent.handle(AdminAgent.java:113) at org.apache.axis2.transport.http.AxisAdminServlet.doGet(AxisAdminServlet.java:44) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at
Re: [Axis2] Axis2 1.2 RC1 Released
Hi Dennis, We certainly will have to do a Rampart-1.2 release for the Axis2-1.2 release and an RC to go with the axis2-1.2-RC would be great! Right now we have some pending issues and improvements to be resolved [1]. Also I need some help with the rampart release build as I'm not a maven2 expert :-( [1] https://issues.apache.org/jira/browse/RAMPART On 3/27/07, Dennis Sosnoski [EMAIL PROTECTED] wrote: Hi Ruchith, It'd be best to have a Rampart RC to go along with the Axis2 RC, since it's crucial to many users that this works properly. What are the plans for a new Rampart release? Thanks, - Dennis Ruchith Fernando wrote: Hi, There were changes to the Module/Handler interfaces in Axis2. Therefore Rampart-1.1 will not work with Axis2-1.2-*. The latest rampart trunk is available here : https://svn.apache.org/repos/asf/webservices/rampart/trunk/java Thanks, Ruchith On 3/27/07, Jorge Fernandez [EMAIL PROTECTED] wrote: Hi, I get the following Exception when executing my client with the new release. i'm using Rampart 1.1 module but it's only engaged, not used, actually: Exception in thread main java.lang.NoSuchMethodError: org.apache.axis2.context.MessageContext.isEngaged(Ljavax/xml/namespace/QName;)Z at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:53) at org.apache.axis2.engine.Phase.invoke(Phase.java:383) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:433) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:330) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294) at client.Medici_LinkStub.validateSystem(Medici_LinkStub.java:2234) at client.ClientUtilities.validateSystemTest(ClientUtilities.java:62) at client.Client.main(Client.java:33) And this one when I use axis2 1.1.1 in my client and the new release at the service: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta'; nested exception is: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta'; nested exception is: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta'; nested exception is: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta' at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:227) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:674) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237) at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202) at client.Medici_LinkStub.validateSystem(Medici_LinkStub.java:2234) at client.ClientUtilities.validateSystemTest(ClientUtilities.java:62) at client.Client.main(Client.java:33) Caused by: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta'; nested exception is: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta' at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:344) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:204) ... 6 more Caused by: org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n incorrecta' at org.apache.axis2.transport.http.SOAPOverHTTPSender.send(SOAPOverHTTPSender.java:144) at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:335) ... 7 more If I use axis2 1.1.1 in both service and client it works perfectly. I don't know if with the new release I need to do any aditional configuration. Regards, Jorge Fernández Charitha Kankanamge [EMAIL PROTECTED] escribió: I also observed the same and added a JIRA https://issues.apache.org/jira/browse/AXIS2-2393 regards Charitha Hi, I've just deployed the war file on tomcat 6.0.10 (NIO connector), but when I hit http://localhost:8080/axis2/axis2-admin/listService I get a HTTP error 500. The server logs reports 26-Mar-2007 13:29:40 org.apache.axis2.transport.http.AbstractAgent handle WARNING: Error dispatching request /axis2/axis2-admin/listService java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.axis2.transport.http.AbstractAgent.handle(AbstractAgent.java:77) at org.apache.axis2.transport.http.AdminAgent.handle(AdminAgent.java:113
Re: org.apache.rampart.RampartException: Error in extracting message properties
Hi, Can you please send the message that caused this error? Thanks, Ruchith On 3/24/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Any reason why this is coming? [java] org.apache.rampart.RampartException: Error in extracting message properties [java] at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:382) [java] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522) [java] at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655) [java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.jav ) [java] at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation. 202) [java] at com.gryphonnetworks.ws.certify.stub.CertifyChannelStub.certifyContact(Unknown Sou [java] at com.gryphonnetworks.ws.certify.client.CertifyClient.main(Unknown Source) [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java [java] at java.lang.reflect.Method.invoke(Method.java:585) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134) [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:710) [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178) [java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84) [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) [java] at org.apache.tools.ant.Task.perform(Task.java:364) [java] at org.apache.tools.ant.Target.execute(Target.java:341) [java] at org.apache.tools.ant.Target.performTasks(Target.java:369) [java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) [java] at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecuto a:37) [java] at org.apache.tools.ant.Project.executeTargets(Project.java:1068) [java] at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:382) [java] at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:107) [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) [java] at org.apache.tools.ant.Task.perform(Task.java:364) [java] at org.apache.tools.ant.Target.execute(Target.java:341) [java] at org.apache.tools.ant.Target.performTasks(Target.java:369) [java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) [java] at org.apache.tools.ant.Project.executeTarget(Project.java:1185) [java] at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:4 [java] at org.apache.tools.ant.Project.executeTargets(Project.java:1068) [java] at org.apache.tools.ant.Main.runBuild(Main.java:668) [java] at org.apache.tools.ant.Main.startAnt(Main.java:187) [java] at org.apache.tools.ant.launch.Launcher.run(Launcher.java:246) [java] at org.apache.tools.ant.launch.Launcher.main(Launcher.java:67) [java] Caused by: org.apache.rampart.RampartException: Error in extracting message properties [java] at org.apache.rampart.RampartMessageData.init(RampartMessageData.java:294) [java] at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:56) [java] at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:59) [java] ... 37 more [java] Caused by: org.apache.ws.security.WSSecurityException: Error in converting SOAP Envelope ocument; nested exception is: [java] org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException [java] at org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:121) [java] at org.apache.rampart.RampartMessageData.init(RampartMessageData.java:146) [java] ... 39 more -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2][Rampart] Different soap data with Ramaprt
Hi, Can you please create a JIRA issue [1] on this and help us recreate the issue. Please attach your service/client info to the issue. Thanks, Ruchith [1] https://issues.apache.org/jira/browse/RAMPART On 3/22/07, Jochen Zink [EMAIL PROTECTED] wrote: Hello, I have a little Webservice, which receives a File with MTOM form a Client. The Service works fine. Now, I want to secure the soap messages with rampart. I got an Exception on Server side, while axis parses the soap message. This is the Exception: org.apache.axis2.AxisFault: java.lang.RuntimeException: Unexpected subelement data Therefore I debugged the parsing sequence. First without rampart, and second with rampart. Here is the relevant SOAP-Message Part WITHOUT Rampart ns1:transferDocument xmlns:ns1=http://comchannel.comserver.edocbox.nepatec.de/xsd; ns1:document ns1:type ns1:displayNamePortable Document Format/ns1:displayName ns1:type1/ns1:type ns1:fileExtensionpdf/ns1:fileExtension ns1:datatypeVersion3.0/ns1:datatypeVersion /ns1:type ns1:data !-- some base64 stuff-- Everything looks good, the service receives the file correctly. No exception is thrown. Now the relevant SOAP-Message Part WITH Rampart ns1:transferDocument xmlns:xenc=http://www.w3.org/2001/04/xmlenc#; xmlns:wsa=http://www.w3.org/2005/08/addressing; xmlns:ns1=http://comchannel.comserver.edocbox.nepatec.de/xsd; xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; xmlns:soapenv=http://www.w3.org/2003/05/soap-envelope; document xmlns=http://comchannel.comserver.edocbox.nepatec.de/xsd; type displayNamePortable Document Format/displayName type1/type fileExtensionpdf/fileExtension datatypeVersion3.0/datatypeVersion /type data base64Binary xmlns=http://www.w3.org/2001/XMLSchema;!--- same bas64 stuff as above -- As you can see, the messages are different. And the message with rampart is not correct and the service fails. Has someone any idea what I do wrong? Thanks for every reply! Here are the service.xml from the service: service name=DocumentTransferService scope=soapsession module ref=addressing / module ref=rampart / parameter name=enableMTOM locked=falsetrue/parameter parameter name=InflowSecurity action itemsTimestamp Signature Encrypt/items passwordCallbackClassde.nepatec.edocbox.comserver.comchannel.serviceimpl.PWCBHandler/passwordCallbackClass signaturePropFileservice.properties/signaturePropFile /action /parameter parameter name=OutflowSecurity action itemsTimestamp Signature Encrypt/items userservice/user passwordCallbackClassde.nepatec.edocbox.comserver.comchannel.serviceimpl.PWCBHandler/passwordCallbackClass signaturePropFileservice.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier encryptionKeyIdentifierSKIKeyIdentifier/encryptionKeyIdentifier encryptionUseruseReqSigCert/encryptionUser /action /parameter ... // MessageReceivers and so on And the axis2.xml from the clients context: !--Signature and Encryption : Using the request's certificate-- module ref=rampart / parameter name=OutflowSecurity action itemsTimestamp Signature Encrypt/items userclient/user passwordCallbackClassde.nepatec.edocbox.comserver.client.PWCBHandler/passwordCallbackClass signaturePropFileclient.properties/signaturePropFile signatureKeyIdentifierDirectReference/signatureKeyIdentifier encryptionKeyIdentifierSKIKeyIdentifier/encryptionKeyIdentifier encryptionUserservice/encryptionUser optimizeParts//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue/optimizeParts /action /parameter parameter name=InflowSecurity action itemsTimestamp Signature Encrypt/items passwordCallbackClassde.nepatec.edocbox.comserver.client.PWCBHandler/passwordCallbackClass signaturePropFileclient.properties/signaturePropFile /action /parameter !-- = -- !-- Parameters -- !-- = -- parameter name=enableMTOM locked=falsetrue/parameter ... // normal stuff ___ SMS schreiben mit WEB.DE FreeMail - einfach,
Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent)
Hi Vibhor, On 3/21/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Thanks Ruchith for your patience, it is just that i'm new to this stuff and need to clarify it. so it means that org.bouncycastle.jce.provider.BouncyCastleProvider is not the implementation of org.apache.ws.security.crypto.provider? Nope ... org.bouncycastle.jce.provider.BouncyCastleProvider is the JCE provider. My concern was since we pass the properties file name (service.properties, client.properties) in the service.xml and axis2.xml, these values are read by the wss4j to instantiate the provider right. If org.bouncycastle.jce.provider.BouncyCastleProvider is not the correct value then what is the provider name we should give in the properties file? Merling seems to fit the requirement but it confuses me :-) So if we are giving Merlin as the provider, it means that Merlin uses BouncyCastle internally right? Rampart needs to access the key information configured by the user to perform cryptographic operations. The implementation of the Crypto interface provides access to the users keys/certs. Merlin is one such implementation that extracts keys from keystore files. (These keystore files can be created and modified with the keytool available with the JDK). Bouncycastle is picked up as the JCE implementation when we do things such as Cipher.getInstance(). This provides implementation of cryptographic algorithms. Thanks, Ruchith It works for me now. Thanks Vibhor From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tue 3/20/2007 7:43 PM To: axis-user@ws.apache.org Subject: Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent) Hi Vibhor, The value of the org.apache.ws.security.crypto.provider property MUST be an implementation of org.apache.ws.security.components.crypto.Crypto interface. Can you please try moving the bouncycastle jar to the parent most classpath of JBOSS? Thanks, Ruchith On 3/21/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Hi Ruchith I tried one more thing I changed the name of the provider in the client.properties and service.properties file. I changed the name of the provider to BouncyCastle org.apache.ws.security.crypto.provider=org.bouncycastle.jce.provider.Bou ncyCastleProvider I get the following errors [java] java.lang.NoSuchMethodException: org.bouncycastle.jce.provider.BouncyCastleProvider.init(java.util.Prop erties, j [java] at java.lang.Class.getConstructor0(Class.java:1937) [java] at java.lang.Class.getConstructor(Class.java:1027) [java] at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoF actory.java:179) [java] at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(Crypt oFactory.java:153) [java] at org.apache.ws.security.handler.WSHandler.loadSignatureCrypto(WSHandler.j ava:347) [java] at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1 24) [java] at org.apache.rampart.handler.WSDoAllSender.processBasic(WSDoAllSender.java :254) [java] at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.ja va:86) [java] at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74) [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:382) [java] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522) [java] at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655) [java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOper ation.java:237) [java] at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisO peration.java:202) [java] at com.gryphonnetworks.ws.certify.stub.CertifyChannelStub.certifyContact(Un known Source) [java] at com.gryphonnetworks.ws.certify.client.CertifyClient.main(Unknown Source) [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) [java] at java.lang.reflect.Method.invoke(Method.java:324) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134) [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:710) [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178) [java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84) [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) [java] at org.apache.tools.ant.Task.perform(Task.java:364) [java] at org.apache.tools.ant.Target.execute(Target.java:341) [java] at org.apache.tools.ant.Target.performTasks(Target.java:369) [java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) [java
Re: x509 certificate usage in rampart
Hi Vibhor, Yes to all questions :-) Thanks, Ruchith On 3/21/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Hi We would be exposing our web services and utilize the methodology described in the article http://wso2.org/library/255 We want to distribute our certifcates having the public key to the clients who will be consuming our web services. Just wanted to confirm the approach a) We distribute our publc key in the certificate to the clients. b) We maintain our private key certificate in our key store protected by a password. c) The client stores our public key certificate in his key store protected by a passoword. d) Can we use Bouncy castle as the JCE provider fro the production system. Thanks Vibhor -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Axis 1.4 Security using UsernameToken
Rampart works with Axis2 not Axis 1.x. Thanks, Ruchith On 3/22/07, John Kristian [EMAIL PROTECTED] wrote: Rampart can do this, but not easily. Search this mailing list for 'Rampart' to find some problems. http://ws.apache.org/axis2/modules/rampart/1_0/security-module.html I sincerely hope someone knows a better way. - John Kristian -Original Message- From: herbison [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 21, 2007 12:46 PM To: axis-user@ws.apache.org Subject: Axis 1.4 Security using UsernameToken I'm tring to access a .NET service, using code generated by wsdl2java, where I have to set the UsernameToken fields Username and Password in the soap header. How is this done?!! I've been going around in circles all morning and nothing seems to get me any closer in setting the soap fields. This is what the client looks like now: String id=user; String key=password; PWCallback pwCallback = new PWCallback(); pwCallback.setUsername(id); pwCallback.setPassword(key); ClaimProcessorLocator loc = new ClaimProcessorLocator(); Remote remote = loc.getPort( Claim.class); Stub axisPort = (Stub)remote; axisPort._setProperty(UsernameToken.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST); axisPort._setProperty(WSHandlerConstants.USER, id); axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF, pwCallback); IClaim iclaim = (IClaim) loc.getBasicHttpBinding_IClaim(); Claim claim = iclaim.getClaim(); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart gets module.xml from Rahas
Hi, The jar file are not supposed to have the module.xml file. I'll remove them. Thanks, Ruchith On 3/20/07, John Kristian [EMAIL PROTECTED] wrote: The results aren't substantially different with the files below. Rampart doesn't add any headers, unless rampart-core-*.jar precedes rampart-trust-*.jar in the initial classpath. These two .jar files each contain META-INF/module.xml. I downloaded http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-core/SNAPSHOT/rampart-core-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-trust/SNAPSHOT/rampart-trust-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-policy/SNAPSHOT/rampart-policy-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart/SNAPSHOT/rampart-20070216.151012-1.mar I hope these are the files Ruchith meant. - John Kristian -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Sunday, March 18, 2007 7:15 PM To: axis-user@ws.apache.org Subject: Re: Rampart gets module.xml from Rahas Hi, On 3/17/07, John Kristian [EMAIL PROTECTED] wrote: Can you please help me configure Axis2 to send requests with a UsernameToken? I'm developing a SOAP client application, using Axis2 to generate Java from WSDL. Rampart doesn't add any headers to the request message. Part of the problem is that its META-INF/module.xml resource comes from lib/axis2-rahas-1.1.jar, not repository/modules/rampart-1.1.mar. Because it has the wrong module.xml, it doesn't add any flow handlers to the outFlow, and consequently no headers are added to outgoing messages. It seems the wrong module.xml is loaded because axis2-rahas-1.1.jar is in the program's initial classpath. It helps to re-order the classpath, so that lib/axis2-security-1.1.jar comes before lib/axis2-rahas-1.1.jar. But then I guess the META-INF/module.xml from axis2-security-1.1.jar is used for other modules, which seems likely to cause other problems. It's surprising that there are META-INF/module.xml files in lib/axis2-rahas-1.1.jar and lib/axis2-security-1.1.jar. Is this a mistake? Don't they belong in .mar files? Yes! they should not be in the .jar files. This is fixed in the new rampart artifacts. [1] I got Axis2 from http://download.nextag.com/apache/ws/axis2/1_1_1/axis2-1.1.1.zip and Rampart from http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/rampart-1.1 .zip Can you please try to pick up the rampart-core-LATEST-SNAPSHOT.jar rampart-trust-LATEST-SNAPSHOT.jar rampart-policy-LATEST-SNAPSHOT.jar and replace your axis2-security-1.1.jar axis2-rahas-1.1.jar axis2-secpolicy-1.1,jar from here [1]. Also replace replace your rampart-1.1mar with the latest snapshot available at http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart/SNAPSHOT/ (Make sure you name it rampart-SNAPSHOT.mar) Now try your scenario once again. Thanks, Ruchith [1] http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rampart gets module.xml from Rahas
Done ! This is fixed in the latest Rampart [1] Thanks, Ruchith [1] http://svn.apache.org/viewvc?view=revrev=520381 On 3/20/07, Ruchith Fernando [EMAIL PROTECTED] wrote: Hi, The jar file are not supposed to have the module.xml file. I'll remove them. Thanks, Ruchith On 3/20/07, John Kristian [EMAIL PROTECTED] wrote: The results aren't substantially different with the files below. Rampart doesn't add any headers, unless rampart-core-*.jar precedes rampart-trust-*.jar in the initial classpath. These two .jar files each contain META-INF/module.xml. I downloaded http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-core/SNAPSHOT/rampart-core-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-trust/SNAPSHOT/rampart-trust-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart-policy/SNAPSHOT/rampart-policy-20070309.130032-16.jar http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart/SNAPSHOT/rampart-20070216.151012-1.mar I hope these are the files Ruchith meant. - John Kristian -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Sunday, March 18, 2007 7:15 PM To: axis-user@ws.apache.org Subject: Re: Rampart gets module.xml from Rahas Hi, On 3/17/07, John Kristian [EMAIL PROTECTED] wrote: Can you please help me configure Axis2 to send requests with a UsernameToken? I'm developing a SOAP client application, using Axis2 to generate Java from WSDL. Rampart doesn't add any headers to the request message. Part of the problem is that its META-INF/module.xml resource comes from lib/axis2-rahas-1.1.jar, not repository/modules/rampart-1.1.mar. Because it has the wrong module.xml, it doesn't add any flow handlers to the outFlow, and consequently no headers are added to outgoing messages. It seems the wrong module.xml is loaded because axis2-rahas-1.1.jar is in the program's initial classpath. It helps to re-order the classpath, so that lib/axis2-security-1.1.jar comes before lib/axis2-rahas-1.1.jar. But then I guess the META-INF/module.xml from axis2-security-1.1.jar is used for other modules, which seems likely to cause other problems. It's surprising that there are META-INF/module.xml files in lib/axis2-rahas-1.1.jar and lib/axis2-security-1.1.jar. Is this a mistake? Don't they belong in .mar files? Yes! they should not be in the .jar files. This is fixed in the new rampart artifacts. [1] I got Axis2 from http://download.nextag.com/apache/ws/axis2/1_1_1/axis2-1.1.1.zip and Rampart from http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/rampart-1.1 .zip Can you please try to pick up the rampart-core-LATEST-SNAPSHOT.jar rampart-trust-LATEST-SNAPSHOT.jar rampart-policy-LATEST-SNAPSHOT.jar and replace your axis2-security-1.1.jar axis2-rahas-1.1.jar axis2-secpolicy-1.1,jar from here [1]. Also replace replace your rampart-1.1mar with the latest snapshot available at http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ rampart/SNAPSHOT/ (Make sure you name it rampart-SNAPSHOT.mar) Now try your scenario once again. Thanks, Ruchith [1] http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/ -- www.ruchith.org www.wso2.org -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent)
Hi, Are you on JDK 1.5? If so please follow the steps here : http://ws.apache.org/axis2/faq.html#a3 axis2 faq - General #2 Thanks, Ruchith On 3/20/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: I downloaded the bcprov-jdk14-136 which is compatible with the jdk1.4 version and it still gives me the same error. The one packaged in rampart1.1 is for jdk1.3 I guess. Do I need to generate the certificates with some other algorithm (in case http://www.w3.org/2001/04/xmlenc#rsa-1_5 is not acceptable to the provider) so that I can make it work? Just wondering if this algorithm is not supported then how come the sample certificates have been shipped with rampart1.1? or is my understanding wrong. How do I know whether the particular algorithm is supported? Thanks Vibhor From: Vibhor_Sharma [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 20, 2007 6:52 AM To: axis-user@ws.apache.org; axis-user@ws.apache.org Subject: RE: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent) Hi Ruchith Thanks for the response yes i have copied all the jar files that come along with Rampart/lib folder to the Axi21.1.1 lib folder and that is a part of my classpath. bcprov-jdk13-133.jar to be more precise. Is there any other file that has to be added? Regards Vibhor From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tue 3/20/2007 12:41 AM To: axis-user@ws.apache.org Subject: Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent) Hi Vibhor, Do you have the bouncycastle jar (bcprov-*.jar) in the classpath? Thanks, Ruchith On 3/20/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Hi I have the following configuration JDK1.4.2.13 JBOSS 4.0.5 (axis21.1.1 war deployed on it) Axis2 1.1.1 Rampart 1.1 Used the same certificate store and properties file that are shipped with Rampart binary distribution I'm trying to send and receive a message that is digitally sign and encrypted. I'm have used the same guidelines as mentioned in the sample6 of Rampart1.1 binary distribution. When I try to access the service I get the following error. Any help would really be appreciated. If I'm missing something please let me know. [java] org.apache.axis2.AxisFault: WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: An unsupported signatu re or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5); nested except ion is: [java] org.apache.ws.security.WSSecurityException: WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa -1_5) [java] at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:92) [java] at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74) [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:382) [java] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522 ) [java] at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655) [java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237) [java] at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202) [java] at com.gryphonnetworks.ws.certify.stub.CertifyChannelStub.certifyContact(Unknown Source) [java] at com.gryphonnetworks.ws.certify.client.CertifyClient.main(Unknown Source) [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [java] at java.lang.reflect.Method.invoke(Method.java:324) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134) [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:710) [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178) [java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84) [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) [java] at org.apache.tools.ant.Task.perform(Task.java:364) [java] at org.apache.tools.ant.Target.execute(Target.java:341
Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent)
] at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.ja va:86) Thanks Vibhor -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 20, 2007 12:28 PM To: axis-user@ws.apache.org Subject: Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent) Hi, Are you on JDK 1.5? If so please follow the steps here : http://ws.apache.org/axis2/faq.html#a3 axis2 faq - General #2 Thanks, Ruchith On 3/20/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: I downloaded the bcprov-jdk14-136 which is compatible with the jdk1.4 version and it still gives me the same error. The one packaged in rampart1.1 is for jdk1.3 I guess. Do I need to generate the certificates with some other algorithm (in case http://www.w3.org/2001/04/xmlenc#rsa-1_5 is not acceptable to the provider) so that I can make it work? Just wondering if this algorithm is not supported then how come the sample certificates have been shipped with rampart1.1? or is my understanding wrong. How do I know whether the particular algorithm is supported? Thanks Vibhor From: Vibhor_Sharma [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 20, 2007 6:52 AM To: axis-user@ws.apache.org; axis-user@ws.apache.org Subject: RE: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent) Hi Ruchith Thanks for the response yes i have copied all the jar files that come along with Rampart/lib folder to the Axi21.1.1 lib folder and that is a part of my classpath. bcprov-jdk13-133.jar to be more precise. Is there any other file that has to be added? Regards Vibhor From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Tue 3/20/2007 12:41 AM To: axis-user@ws.apache.org Subject: Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent) Hi Vibhor, Do you have the bouncycastle jar (bcprov-*.jar) in the classpath? Thanks, Ruchith On 3/20/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Hi I have the following configuration JDK1.4.2.13 JBOSS 4.0.5 (axis21.1.1 war deployed on it) Axis2 1.1.1 Rampart 1.1 Used the same certificate store and properties file that are shipped with Rampart binary distribution I'm trying to send and receive a message that is digitally sign and encrypted. I'm have used the same guidelines as mentioned in the sample6 of Rampart1.1 binary distribution. When I try to access the service I get the following error. Any help would really be appreciated. If I'm missing something please let me know. [java] org.apache.axis2.AxisFault: WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: An unsupported signatu re or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5); nested except ion is: [java] org.apache.ws.security.WSSecurityException: WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa -1_5) [java] at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.ja va:92) [java] at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74) [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:382) [java] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522 ) [java] at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655) [java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOper ation.java:237) [java] at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisO peration.java:202) [java] at com.gryphonnetworks.ws.certify.stub.CertifyChannelStub.certifyContact(Un known Source) [java] at com.gryphonnetworks.ws.certify.client.CertifyClient.main(Unknown Source) [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) [java] at java.lang.reflect.Method.invoke(Method.java:324) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134) [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:710
Re: QUESTION PERTAINING TO JCE PROVIDER FOR RAMPART AND AXIS2
Hi, On 3/21/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Hi Few questions about rampart a) Is it mandatory to use BouncyCastle as the JCE provider for Rampart to work? or we can plug in any provider with Rampart? I have not tried any other JCE implementation that with Rampart/WSS4J (Core of Rampart is WSS4J) that supports the required algorithms. (The default Sun impl does not seem to provide some of the implementations such as http://www.w3.org/2001/04/xmlenc#rsa-1_5). However I believe Rampart will work with some other JCE impl that provides required support. I think Werner tried out some stuff with WSS4J. Maybe he can give you a better answer :-) Even plugging BouncyCastle is giving errors as WSS4J is not able to instantiate the Provider. So what is the guarantee that it will plug seamlessly with other providers? If you are referring to setting the rg.apache.ws.security.crypto.provider property in the .properties file this is incorrect. We have been using bouncycastle without any issues. b) If we have to use any other provider what are the configurations needed (apart from jre/lib/security --à jar files, java.security, client.properties and service.properties file). You should not change the .properties files. Changes to java.security and having the JCE impl jar in the classpath should work. c) If we set the provider definition in the java.security file why do we require it again in the client.properties and service.properties file? No. These properties file configure the crypto impl for WSS4J which is a class that implements the org.apache.ws.security.components.crypto.Crypto interface. d) Which version of Java is recommended; with which Rampart will work seamlessly? Any special configuration for JDK version required? We have successfully tested Rampart with JDK 1.4 and JDK 1.5. Please point me to a link which will help me to set up an framework which can sign and encrypt a soap request and response. Please have a look at this : http://wso2.org/library/255 Thanks, Ruchith Thanks Vibhor -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: .NET passwords
Normally we send UsernameTokens with plain text passwords using HTTPS Thanks, Ruchith On 3/19/07, Rich Adili [EMAIL PROTECTED] wrote: I'm new to Web services so I'm learning as I bumble along. The code below signs the document correctly so that part's working. It just seems to me that passwords should never be cleartext. What does one normally do in this case, use HTTPS? -Original Message- From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Sunday, March 18, 2007 11:58 PM To: axis-user@ws.apache.org Subject: Re: .NET passwords Hi, Can you please explain how the message should be secured? Do you want to sign the message with a key generated from the UsernameToken? Thanks, Ruchith On 3/14/07, Rich Adili [EMAIL PROTECTED] wrote: What is the proper way to get a client to hash a password so that a .NET server will accept it? The following produces cleartext (Axis2, v1.1.1): module ref=rampart-1.1/ parameter name=OutflowSecurity action itemsUsernameTokenSignature Timestamp/items passwordTypePasswordDigest/passwordType /action /parameter [Rich Adili] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- www.ruchith.org www.wso2.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent)
Hi Vibhor, Do you have the bouncycastle jar (bcprov-*.jar) in the classpath? Thanks, Ruchith On 3/20/07, Vibhor_Sharma [EMAIL PROTECTED] wrote: Hi I have the following configuration JDK1.4.2.13 JBOSS 4.0.5 (axis21.1.1 war deployed on it) Axis2 1.1.1 Rampart 1.1 Used the same certificate store and properties file that are shipped with Rampart binary distribution I'm trying to send and receive a message that is digitally sign and encrypted. I'm have used the same guidelines as mentioned in the sample6 of Rampart1.1 binary distribution. When I try to access the service I get the following error. Any help would really be appreciated. If I'm missing something please let me know. [java] org.apache.axis2.AxisFault: WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: An unsupported signatu re or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5); nested except ion is: [java] org.apache.ws.security.WSSecurityException: WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa -1_5) [java] at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:92) [java] at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74) [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:382) [java] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522 ) [java] at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655) [java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237) [java] at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202) [java] at com.gryphonnetworks.ws.certify.stub.CertifyChannelStub.certifyContact(Unknown Source) [java] at com.gryphonnetworks.ws.certify.client.CertifyClient.main(Unknown Source) [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [java] at java.lang.reflect.Method.invoke(Method.java:324) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202) [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134) [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:710) [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178) [java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84) [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) [java] at org.apache.tools.ant.Task.perform(Task.java:364) [java] at org.apache.tools.ant.Target.execute(Target.java:341) [java] at org.apache.tools.ant.Target.performTasks(Target.java:369) [java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) [java] at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecutor.java:37) [java] at org.apache.tools.ant.Project.executeTargets(Project.java:1068) [java] at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:382) [java] at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:107) [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275) [java] at org.apache.tools.ant.Task.perform(Task.java:364) [java] at org.apache.tools.ant.Target.execute(Target.java:341) [java] at org.apache.tools.ant.Target.performTasks(Target.java:369) [java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216) [java] at org.apache.tools.ant.Project.executeTarget(Project.java:1185) [java] at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:40) [java] at org.apache.tools.ant.Project.executeTargets(Project.java:1068) [java] at org.apache.tools.ant.Main.runBuild(Main.java:668) [java] at org.apache.tools.ant.Main.startAnt(Main.java:187) [java] at org.apache.tools.ant.launch.Launcher.run(Launcher.java:246) [java] at org.apache.tools.ant.launch.Launcher.main(Launcher.java:67) [java] Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityExcept ion: An unsupported signature or encryption algorithm was used (unsupported keytransport encryption algorithm: