Thanks Manjula. Does the policy.xml has to reside in AXIS2_HOME? Can I specify full pathname (to point to the policy file located in some other directory) through neeti APIs? Regards, Raghu
________________________________ From: Manjula Peiris [mailto:[EMAIL PROTECTED] Sent: Fri 10/3/2008 11:11 PM To: Apache AXIS C User List Subject: RE: rampart_handler_util.c -- parameter not set On Fri, 2008-10-03 at 22:43 -0400, Raghu Udupa wrote: > Thanks, Shankar, for the explanation. I was trying to send a signed request > and receive a clear (un-signed) response. > > Our web services client need to connect to different web services some of > which may require signed messages. So, can we do either of the following: > > 1. > Does the policy.xml has to be named as policy.xml on the client side? > If I can specify policy_cust1.xml for customer 1 and policy_cust2.xml for > customer 2, then, same client will be able to handle multiple customers. > Basically, my question is there a restriction like axis2c config file name > being axis2.xml No it does not need to be policy.xml. If you carefully look at the rampart sample client you will understand. What you need to do is calling the neethi_util_create_policy_from_file() function with the policy file name. > 2. > Can we specify receiver certificate, for each customer programmatically > through an API Current API does not allow this. Even though there are some properties like username can be passed through programmatically. > > Regards, > > Raghu > > > ________________________________ > > From: Uthaiyashankar [mailto:[EMAIL PROTECTED] > Sent: Fri 10/3/2008 10:07 PM > To: Apache AXIS C User List > Subject: Re: rampart_handler_util.c -- parameter not set > > > > Hi Raghu, > > I think your configurations are wrong. First of all, I have to be clear > that whether message sent from server to client is also signed? It has > to be signed, otherwise rampart will not work. From client side, still > we don't have support to have different security policy for outgoing > message and incoming message. Hence my further explanations will assume > even the message from server to client is signed. > > To sign from server to client, you have to give <rampc:Certificate> and > <rampc:PrivateKey> in server side configuration. Also, you have to give > <rampc:ReceiverCertificate> in client's configuration. > > Sample4 shipped with Rampart[1] is actually the usecase you are trying > to achieve. You can have a look at that. > > Regards, > Shankar > > [1] > https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4 > > Raghu Udupa wrote: > > Thanks Shankar. > > > > I am a bit confused about specifying security phase in axis2.xml for > > client as well as for server. > > > > We need to sign the documents that are sent to the client which need to > > be verified at the server. > > > > Could you tell me whether my settings of axis2.xml and policy.xml on the > > client side and axis2.xml and service.xml on the server side are correct > > for a correct implementation of signature verification > > > > CLIENT SIDE > > > > axis2.xml > > ========= > > > > <phaseOrder type="outflow"> > > <!-- User defined phases could be added here --> > > <!--phase name="userphase1"/--> > > <!--system predefined phase--> > > <phase name="MessageOut"/> > > <phase name="Security"/> > > <!--phase name="Security"/--> > > </phaseOrder> > > > > policy.xml > > ========== > > > > <rampc:RampartConfig > > xmlns:rampc="http://ws.apache.org/rampart/c/policy";> > > <rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate> > > <rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey> > > </rampc:RampartConfig> > > > > > > SERVER SIDE > > > > axis2.xml > > ========= > > > > <phaseOrder type="inflow"> > > <!-- System pre defined phases --> > > <phase name="Transport"/> > > <phase name="PreDispatch"/> > > <phase name="Dispatch"/> > > <phase name="PostDispatch"/> > > <phase name="Security"/> > > </phaseOrder> > > > > service.xml > > =========== > > > > <service name="ReceiveEasyLinkFaxService"> > > <parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter> > > <description>ReceiveEasyLinkFaxService Service</description> > > <module ref="rampart"/> > > <operation name="ReceiveFax"> > > .... > > .... > > <rampc:RampartConfig > > xmlns:rampc="http://ws.apache.org/rampart/c/policy";> > > <rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC > > ertificate> > > </rampc:RampartConfig> > > > > Thanks, > > Raghu > > > > -----Original Message----- > > From: Uthaiyashankar [mailto:[EMAIL PROTECTED] > > Sent: Thursday, October 02, 2008 1:13 PM > > To: Apache AXIS C User List > > Subject: Re: rampart_handler_util.c -- parameter not set > > > > Raghu Udupa wrote: > > > >> Thanks Samisa. > >> > >> The first reported error is parameter 0 not being set in > >> rampart_handler_util.c. I wanted to know which configuration parameter > >> method rampart_get_rampart_configuration in rampart_handler_util.c is > >> looking for. > >> > >> > > > > That error message is misleading. It is actually not an error. :). We > > have to remove it. So, you can safely ignore it. > > > > Regards, > > Shankar. > > > > > >> Regards, > >> Raghu > >> > >> -----Original Message----- > >> From: Samisa Abeysinghe [mailto:[EMAIL PROTECTED] > >> Sent: Wednesday, October 01, 2008 9:32 PM > >> To: Apache AXIS C User List > >> Subject: Re: rampart_handler_util.c -- parameter not set > >> > >> > >> > >>> 2. Also, the webservices client is getting following error while > >>> attempting to engage rampart module. > >>> > >>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241) > >>> [rampart][rampart_handler_utils] 0 parameter is not set. > >>> > >>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381) > >>> RampartClientConfiguration not set in message context > >>> > >>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284 > >>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The > >>> extenension index of NID_subject_key_identifier is not valid > >>> > >>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred > >>> > > > > > >>> in transport > >>> > >>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122) > >>> [rampart][rampart_engine] Cannot get saved rampart_context > >>> > >>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114) > >>> [rampart][rampart_in_handler] rampart_context creation failed. > >>> > >>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler > >>> RampartInHandler invoke failed within phase PreDispatch > >>> > >>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase > >>> PreDispatch failed > >>> > >>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368) > >>> Unidentified character in SOAP 1.1 builder helper processing > >>> > >>> > >>> > >> As the error says, there is something wrong in your key. > >> > >> Samisa... > >> > >> > >>> 3. I am also including the server log. I am using a self signed > >>> certificate generated using openssl to sign the message. Digest > >>> verification is succeeding. But signature verification is > >>> > >>> > >> failing. > >> > >> > >>> > >>> > >>> Thanks, > >>> Raghu > >>> > >>> > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
<<winmail.dat>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
