On Fri, May 30, 2008 at 11:25 AM, Marina Deslaugiers < [EMAIL PROTECTED]> wrote:
> Hi, > > As planned this morning, we have made directly test with the person > responsible of web service "Nursery" support to users. > > We have detected various problems. > > I attach (I hope joined files will actually be sent otherwise please let me > know) two "sniff" files at the TCP level on communication with the web > server "Nursery": > - The first one (see Aspen.tcpdump) corresponds to TCP frames sent > by Tuscany that does not work > > - The second one (see Support.tcpdump) corresponds to TCP frames > sent by the Nursery support -after modification (correction) of the Tuscany > frames- that does work > > > > Following are the differences and explanations reported by the person > responsible for the Nursery WS support: > > 1) the namespaces used in SOAP BODY are not in conformity with the > WSDL. Indeed, one can find the value "http://translatewithsms"; as the > "pseudo" namespace _ns_. Replacing that value with the one defined in the > WSDL say "http://com.osa.mdsp.enabler.sei/SMSEnabler/V2_0/SMSSenderSEI";, > the SOAP frame works > > Note that I realized that "translatewithsms" is the package name of my > Eclipse project (containing in particular java client, interfaces etc. > files). > > 2) at HTTP level, the web service in the Nursery is protected by > "Basic Authentication" ; but the "Authorization" header is not sent by > Tuscany > > (NB: at the current state, we cannot know whether it is actually a > problem EXCEPT if Tuscany uses pre-emptive authentication mecanisms > > 3) Note that Tuscany sends the authentication > credentials(user/password) using WS-Security that is not taken into account > by the Nursery platform. This is not a problem however, credentials are not > operate. > > NB: tcpdump files can be opened with WireShark http:// > www.wireshark.org/download.html > > > > I might be responsible for these problems as I have probably made mistakes > in coding (at least regarding the policy expression). Please can you help me > in correcting. > > Thanks you very much. > > Regards, > Marina. > > > > > > > > > > Le 29 mai 08 à 18:30, Marina Deslaugiers a écrit : > > >> Hi, >> >> Thanks for the answer. >> >> Hi Marina >>> >>> ... We need to collect a bit more information before deciding what to >>> do. ... So >>> firstly do you know what the response SOAP message looks like on the >>> wire. >>> >> >> >> Well, at the moment, I do not know anything about that. So I have managed >> to directly test - tomorrow morning - with the person responsible of web >> service support to users (who uses sniffers). I hope we would be able to get >> and provide you with the information on the response SOAP message. >> >> >> In the meantime, below are the policy "definitions.xml" file and the >> ClientPWCBHandler.java file. >> >> Also can you show me what you security policy looks like (obviously be >>> careful not to disclose any confidential information such as real >>> usernames >>> or passwords on the mail list)? >>> >>> >> >> >> ========================================== >> definitions.xml file >> >> <?xml version="1.0" encoding="ASCII"?> >> <!-- >> * Licensed to the Apache Software Foundation (ASF) under one >> * .... >> * under the License. >> --> >> <sca:definitions xmlns="http://www.osoa.org/xmlns/sca/1.0"; >> targetNamespace="http://www.osoa.org/xmlns/sca/1.0 >> " >> xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"; >> xmlns:tuscany=" >> http://tuscany.apache.org/xmlns/sca/1.0"; >> xmlns:sms="http://sample";> >> >> >> <!-- WS Security POLICY SETS --> >> <sca:policySet name="sms:wsClientAuthenticationPolicy" >> provides="sca:authentication" >> appliesTo="sca:reference/sca:binding.ws"> >> <tuscany:wsConfigParam> >> <parameter name="OutflowSecurity"> >> <action> >> <items>UsernameToken</items> >> <user>myUsername</user> >> >> >> <passwordCallbackClass>translatewithsms.ClientPWCBHandler</passwordCallbackClass>" >> + >> <passwordType>PasswordText</passwordType> >> </action> >> </parameter> >> </tuscany:wsConfigParam> >> </sca:policySet> >> >> </sca:definitions> >> ========================================== >> >> >> ========================================== >> ClientPWCBHandler.java file >> >> /* >> * Licensed to the Apache Software Foundation (ASF) under one >> * ... >> * under the License. >> */ >> package translatewithsms; >> >> import java.io.IOException; >> >> import javax.security.auth.callback.Callback; >> import javax.security.auth.callback.CallbackHandler; >> import javax.security.auth.callback.UnsupportedCallbackException; >> >> import org.apache.ws.security.WSPasswordCallback; >> >> /** >> * Sample userid passwd generation class >> */ >> public class ClientPWCBHandler implements CallbackHandler { >> >> public void handle(Callback[] callbacks) throws IOException, >> UnsupportedCallbackException { >> System.out.println("*** PASSAGE DANS HANDLE de ClientPWCBHandler"); >> for (int i = 0; i < callbacks.length; i++) { >> System.out.println("*** Calling Client UserId/Password Handler .... >> "); >> WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; >> pwcb.getIdentifer(); >> pwcb.setPassword(""myPassword"); >> } >> } >> >> } >> ========================================== >> >> Regards, >> Marina. >> >> >> Le 29 mai 08 à 14:42, Simon Laws a écrit : >> >> On Thu, May 29, 2008 at 1:19 PM, Marina Deslaugiers < >>> [EMAIL PROTECTED]> wrote: >>> >>> Hi, >>>> >>>> Please can someone URGENTLY help me on my coding (at least provide me >>>> with >>>> an analogous example) ? >>>> >>>> I provide you with the WSDL file I forgot to send >>>> >>>> Thanks >>>> *Regards,* >>>> ** >>>> *Marina.* >>>> * >>>> * >>>> ** >>>> >>>> ** >>>> * >>>> * >>>> * >>>> * >>>> >>>> Le 26 mai 08 à 17:15, Marina Deslaugiers a écrit : >>>> >>>> Hi, >>>> >>>> I am currently trying to connect to the external web service with >>>> user/password authentication (without HTTPS) I mentioned in my previous >>>> e-mails. >>>> >>>> But I cannot succeed. Can you help me, please. I join composite and >>>> definitions.xml files. >>>> >>>> Following is the error message I get: >>>> >>>> ============================================================== >>>> Warning: Running an XSLT 1.0 stylesheet with an XSLT 2.0 processor >>>> >>>> ** Entrez le mode de traduction : fr_en, fr_es, fr_it... >>>> ** Entrez le texte a traduire >>>> bonjour Monsieur >>>> lang= text= bonjour Monsieur >>>> lang= >>>> langue non indiquee par console >>>> positionnement langue par Property Tuscany= fr_en >>>> le texte= bonjour Monsieur >>>> texte traduit= traduction impossible probleme serveur Web >>>> messagingWS injecte >>>> CONTENU DU SMSETO CREE = traduction impossible probleme serveur Web >>>> WS messaging appele >>>> *** PASSAGE DANS HANDLE de ClientPWCBHandler >>>> *** Calling Client UserId/Password Handler .... >>>> org.apache.axis2.AxisFault: Policy Falsified >>>> at >>>> >>>> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486) >>>> at >>>> >>>> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343) >>>> at >>>> >>>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) >>>> at >>>> >>>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211) >>>> at >>>> >>>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) >>>> at >>>> >>>> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invokeTarget(Axis2BindingInvoker.java:101) >>>> at >>>> >>>> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invoke(Axis2BindingInvoker.java:76) >>>> at >>>> >>>> org.apache.tuscany.sca.core.databinding.wire.DataTransformationInterceptor.invoke(DataTransformationInterceptor.java:74) >>>> at >>>> >>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:249) >>>> at >>>> >>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:146) >>>> at $Proxy11.sendSMS(Unknown Source) >>>> at translatewithsms.MessagingImpl.sendSMS(MessagingImpl.java:45) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) >>>> at java.lang.reflect.Method.invoke(Unknown Source) >>>> at >>>> >>>> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementationInvoker.invoke(JavaImplementationInvoker.java:105) >>>> at >>>> >>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:249) >>>> at >>>> >>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:146) >>>> at $Proxy9.sendSMS(Unknown Source) >>>> at >>>> >>>> translatewithsms.TranslatorwithsmsImpl.translateAndSendSMS(TranslatorwithsmsImpl.java:39) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) >>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) >>>> at java.lang.reflect.Method.invoke(Unknown Source) >>>> at >>>> >>>> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementationInvoker.invoke(JavaImplementationInvoker.java:105) >>>> at >>>> >>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:249) >>>> at >>>> >>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:146) >>>> at $Proxy7.translateAndSendSMS(Unknown Source) >>>> at >>>> >>>> translatewithsms.TranslatorwithsmsClient.main(TranslatorwithsmsClient.java:28) >>>> Retour d'envoi du SMS : null >>>> ============================================================== >>>> >>>> Regards, >>>> Marina. >>>> >>>> <WSmediawebtranslatorwebsms.composite> >>>> >>>> <definitions.xml> >>>> >>>> >>>> >>>> Le 7 mai 08 à 14:54, Simon Laws a écrit : >>>> >>>> On Wed, May 7, 2008 at 1:49 PM, Marina Deslaugiers < >>>> [EMAIL PROTECTED]> wrote: >>>> >>>> Hi Simon, >>>> >>>> Thanks for the explanations. I will download and have a look to the >>>> calculator example you mention. >>>> >>>> However, I already have seen the >>>> sample/helloworld-ws-reference(service)-secure and I do not know >>>> whether >>>> and how I can use the policies they define ; indeed, as I said, I use to >>>> bind to a non-SCA web service - say the web service is not encapsulated >>>> in >>>> a >>>> SCA component. >>>> >>>> So, in this case, can I use the manner you indicate to me ? if yes, what >>>> are the changes to introduce in the policy description (definitions.xml >>>> and/or other files)? >>>> >>>> >>>> Regards, >>>> Marina. >>>> >>>> samples/helloworld-ws-reference-secure and >>>> >>>> samples/helloworld-ws-service-secure >>>> >>>> >>>> >>>> >>>> Le 7 mai 08 à 12:13, Simon Laws a écrit : >>>> >>>> >>>> On Mon, May 5, 2008 at 4:11 PM, Marina Deslaugiers < >>>> >>>> [EMAIL PROTECTED]> wrote: >>>> >>>> Hi, >>>> >>>> Hello, >>>> >>>> I am coming back to you as I now have to connect to an external web >>>> service with user/password authentication and I do not know how this >>>> can be >>>> done (using policies I guess) in tuscany. >>>> >>>> I use a coding analogue to the one in the simple HelloWorld Web >>>> service >>>> example provided (and corrected by you) in >>>> >>>> * [jira] Commented: (TUSCANY-2268) Exceptions errors on binding >>>> toexternal web services* >>>> >>>> The WSDL of the web service seems to be in "document literal" >>>> encoding. >>>> However, the web service (accessible at the following URL ttp:// >>>> 161.105.181.118/xml/SMSEnabler/V2.0/SMSSenderSEI which is different of >>>> the >>>> one mentioned in the WSDL file) is private to our company so it is not >>>> publicly available. >>>> >>>> Attached to this e-mail is the WSDL file. >>>> >>>> Can you help me again, please ? >>>> >>>> thanks. >>>> >>>> *Regards,* >>>> ** >>>> *Marina.* >>>> ** >>>> >>>> ** >>>> * >>>> * >>>> >>>> >>>> >>>> Hi Marina >>>> >>>> >>>> The sample samples/calculator-ws-secure-webapp shows some username and >>>> password based authentication. For example, you will note that some of >>>> the >>>> references/service require authentication.. >>>> >>>> >>>> <component name="CalculatorServiceComponent"> >>>> <implementation.java class="calculator.CalculatorServiceImpl"/> >>>> <reference name="addService" > >>>> <interface.java interface="calculator.AddService" /> >>>> <binding.ws uri=" >>>> http://localhost:8080/sample-calculator-ws-secure-webapp/ >>>> AddServiceComponent >>>> " >>>> requires="authentication" /> >>>> </reference> >>>> >>>> .... >>>> >>>> <component name="AddServiceComponent"> >>>> <implementation.java class="calculator.AddServiceImpl"/> >>>> <service name="AddService"> >>>> <interface.java interface="calculator.AddService" /> >>>> <binding.ws requires="authentication"/> >>>> </service> >>>> >>>> >>>> In this case the definitions.xml file defines service and reference >>>> policy >>>> sets that implement this intent as follows >>>> >>>> <sca:policySet name="calc:wsAuthenticationPolicy" >>>> provides="sca:authentication" >>>> appliesTo="sca:service/sca:binding.ws" >>>> >>>> >>>> <tuscany:wsConfigParam> >>>> >>>> <parameter name="InflowSecurity"> >>>> <action> >>>> <items>UsernameToken</items> >>>> >>>> >>>> >>>> >>>> <passwordCallbackClass>calculator.security.ServerPWCBHandler</passwordCallbackClass> >>>> </action> >>>> </parameter> >>>> </tuscany:wsConfigParam> >>>> </sca:policySet> >>>> >>>> <sca:policySet name="calc:wsClientAuthenticationPolicy" >>>> provides="sca:authentication" >>>> appliesTo="sca:reference/sca:binding.ws"> >>>> <tuscany:wsConfigParam> >>>> <parameter name="OutflowSecurity"> >>>> <action> >>>> <items>UsernameToken</items> >>>> <user>CalculatorUser</user> >>>> >>>> >>>> >>>> >>>> <passwordCallbackClass>calculator.security.ClientPWCBHandler</passwordCallbackClass>" >>>> + >>>> <passwordType>PasswordText</passwordType> >>>> </action> >>>> </parameter> >>>> </tuscany:wsConfigParam> >>>> </sca:policySet> >>>> </component> >>>> >>>> These policy sets configure Axis2 to call out to the callback classes >>>> specified in order to get the username and password to be included in >>>> the >>>> soap envelope. There is another, non-webapp, example of this in >>>> samples/helloworld-ws-reference-secure and >>>> samples/helloworld-ws-service-secure >>>> >>>> Hope that helps >>>> >>>> Simon >>>> >>>> >>>> In theory you should be able to use the reference side policy to >>>> configure >>>> security in order to authenticate with the remove non-sca web service. >>>> However this depends a lot on how the remote service is expecting you >>>> to >>>> authenticate with it. Do you know the details in this case. I have to >>>> admit >>>> to not having tried this with an external service so we are both >>>> learning >>>> here:-) >>>> >>>> Simon >>>> >>>> >>>> >>>> >>>> >>>> Hi Marina >>> >>> The error is reporting that a fault is coming back in the response SOAP >>> message. We need to collect a bit more information before deciding what >>> to >>> do. I'm not sure if this is actually the "org.apache.axis2.AxisFault: >>> Policy >>> Falsified" error or not as I don't recognize this particular error. So >>> firstly do you know what the response SOAP message looks like on the >>> wire. >>> Also can you show me what you security policy looks like (obviously be >>> careful not to disclose any confidential information such as real >>> usernames >>> or passwords on the mail list)? >>> >>> Regards >>> >>> Simon >>> >> >> > > Hi Marina Thanks for doing this. The attachments didn't make it through the mail list unfortunately. Can you open a JIRA ( http://issues.apache.org/jira/browse/TUSCANY) for this problem and attach them there. We will then have a more precise way of tracking any changes we need to make to fix the problems you are seeing. I'm setting up a local test here so I'll take a look at your definitions.xml file you sent previously in the mean time. Regards Simon
