On Sat, 2008-10-04 at 07:54 -0400, Raghu Udupa wrote: > Thanks Manjula. > > Does the policy.xml has to reside in AXIS2_HOME? Can I specify full pathname > (to point to the policy file located in some other directory) through neeti > APIs? No you can have it anywhere as you can pass it to neethi_util_create_policy_from_file() function. In the samples we have specified it to take from client home, because for a use runs Samples in Rampart/c can get it to be used out of the box.
Thanks, Majula. > > Regards, > Raghu > > ________________________________ > > From: Manjula Peiris [mailto:[EMAIL PROTECTED] > Sent: Fri 10/3/2008 11:11 PM > To: Apache AXIS C User List > Subject: RE: rampart_handler_util.c -- parameter not set > > > > > On Fri, 2008-10-03 at 22:43 -0400, Raghu Udupa wrote: > > Thanks, Shankar, for the explanation. I was trying to send a signed request > > and receive a clear (un-signed) response. > > > > Our web services client need to connect to different web services some of > > which may require signed messages. So, can we do either of the following: > > > > 1. > > Does the policy.xml has to be named as policy.xml on the client side? > > If I can specify policy_cust1.xml for customer 1 and policy_cust2.xml for > > customer 2, then, same client will be able to handle multiple customers. > > Basically, my question is there a restriction like axis2c config file name > > being axis2.xml > > No it does not need to be policy.xml. If you carefully look at the > rampart sample client you will understand. What you need to do is > calling the neethi_util_create_policy_from_file() function with the > policy file name. > > > 2. > > Can we specify receiver certificate, for each customer > > programmatically through an API > > Current API does not allow this. Even though there are some properties > like username can be passed through programmatically. > > > > > Regards, > > > > Raghu > > > > > > ________________________________ > > > > From: Uthaiyashankar [mailto:[EMAIL PROTECTED] > > Sent: Fri 10/3/2008 10:07 PM > > To: Apache AXIS C User List > > Subject: Re: rampart_handler_util.c -- parameter not set > > > > > > > > Hi Raghu, > > > > I think your configurations are wrong. First of all, I have to be clear > > that whether message sent from server to client is also signed? It has > > to be signed, otherwise rampart will not work. From client side, still > > we don't have support to have different security policy for outgoing > > message and incoming message. Hence my further explanations will assume > > even the message from server to client is signed. > > > > To sign from server to client, you have to give <rampc:Certificate> and > > <rampc:PrivateKey> in server side configuration. Also, you have to give > > <rampc:ReceiverCertificate> in client's configuration. > > > > Sample4 shipped with Rampart[1] is actually the usecase you are trying > > to achieve. You can have a look at that. > > > > Regards, > > Shankar > > > > [1] > > https://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario4 > > > > Raghu Udupa wrote: > > > Thanks Shankar. > > > > > > I am a bit confused about specifying security phase in axis2.xml for > > > client as well as for server. > > > > > > We need to sign the documents that are sent to the client which need to > > > be verified at the server. > > > > > > Could you tell me whether my settings of axis2.xml and policy.xml on the > > > client side and axis2.xml and service.xml on the server side are correct > > > for a correct implementation of signature verification > > > > > > CLIENT SIDE > > > > > > axis2.xml > > > ========= > > > > > > <phaseOrder type="outflow"> > > > <!-- User defined phases could be added here --> > > > <!--phase name="userphase1"/--> > > > <!--system predefined phase--> > > > <phase name="MessageOut"/> > > > <phase name="Security"/> > > > <!--phase name="Security"/--> > > > </phaseOrder> > > > > > > policy.xml > > > ========== > > > > > > <rampc:RampartConfig > > > xmlns:rampc="http://ws.apache.org/rampart/c/policy";> > > > <rampc:Certificate>/usr/certdir/openssl_crt.pem</rampc:Certificate> > > > <rampc:PrivateKey>/usr/certdir/sign.key</rampc:PrivateKey> > > > </rampc:RampartConfig> > > > > > > > > > SERVER SIDE > > > > > > axis2.xml > > > ========= > > > > > > <phaseOrder type="inflow"> > > > <!-- System pre defined phases --> > > > <phase name="Transport"/> > > > <phase name="PreDispatch"/> > > > <phase name="Dispatch"/> > > > <phase name="PostDispatch"/> > > > <phase name="Security"/> > > > </phaseOrder> > > > > > > service.xml > > > =========== > > > > > > <service name="ReceiveEasyLinkFaxService"> > > > <parameter name="ServiceClass">ReceiveEasyLinkFaxService</parameter> > > > <description>ReceiveEasyLinkFaxService Service</description> > > > <module ref="rampart"/> > > > <operation name="ReceiveFax"> > > > .... > > > .... > > > <rampc:RampartConfig > > > xmlns:rampc="http://ws.apache.org/rampart/c/policy";> > > > <rampc:ReceiverCertificate>/usr/certdir/openssl_crt.pem</rampc:ReceiverC > > > ertificate> > > > </rampc:RampartConfig> > > > > > > Thanks, > > > Raghu > > > > > > -----Original Message----- > > > From: Uthaiyashankar [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, October 02, 2008 1:13 PM > > > To: Apache AXIS C User List > > > Subject: Re: rampart_handler_util.c -- parameter not set > > > > > > Raghu Udupa wrote: > > > > > >> Thanks Samisa. > > >> > > >> The first reported error is parameter 0 not being set in > > >> rampart_handler_util.c. I wanted to know which configuration parameter > > >> method rampart_get_rampart_configuration in rampart_handler_util.c is > > >> looking for. > > >> > > >> > > > > > > That error message is misleading. It is actually not an error. :). We > > > have to remove it. So, you can safely ignore it. > > > > > > Regards, > > > Shankar. > > > > > > > > >> Regards, > > >> Raghu > > >> > > >> -----Original Message----- > > >> From: Samisa Abeysinghe [mailto:[EMAIL PROTECTED] > > >> Sent: Wednesday, October 01, 2008 9:32 PM > > >> To: Apache AXIS C User List > > >> Subject: Re: rampart_handler_util.c -- parameter not set > > >> > > >> > > >> > > >>> 2. Also, the webservices client is getting following error while > > >>> attempting to engage rampart module. > > >>> > > >>> [Wed Oct 1 11:36:33 2008] [error] rampart_handler_util.c(241) > > >>> [rampart][rampart_handler_utils] 0 parameter is not set. > > >>> > > >>> [Wed Oct 1 11:36:33 2008] [warning] msg_ctx.c(1381) > > >>> RampartClientConfiguration not set in message context > > >>> > > >>> [Wed Oct 1 11:36:33 2008] [error] error.c(94) OXS ERROR [x509.c:284 > > >>> in openssl_x509_get_subject_key_identifier] oxs defualt error , The > > >>> extenension index of NID_subject_key_identifier is not valid > > >>> > > >>> [Wed Oct 1 11:36:33 2008] [error] http_sender.c(1374) Error occurred > > >>> > > > > > > > > >>> in transport > > >>> > > >>> [Wed Oct 1 11:36:33 2008] [error] rampart_engine.c(122) > > >>> [rampart][rampart_engine] Cannot get saved rampart_context > > >>> > > >>> [Wed Oct 1 11:36:33 2008] [error] rampart_in_handler.c(114) > > >>> [rampart][rampart_in_handler] rampart_context creation failed. > > >>> > > >>> [Wed Oct 1 11:36:33 2008] [error] phase.c(216) Handler > > >>> RampartInHandler invoke failed within phase PreDispatch > > >>> > > >>> [Wed Oct 1 11:36:33 2008] [error] engine.c(696) Invoking phase > > >>> PreDispatch failed > > >>> > > >>> [Wed Oct 1 11:36:33 2008] [error] soap11_builder_helper.c(368) > > >>> Unidentified character in SOAP 1.1 builder helper processing > > >>> > > >>> > > >>> > > >> As the error says, there is something wrong in your key. > > >> > > >> Samisa... > > >> > > >> > > >>> 3. I am also including the server log. I am using a self signed > > >>> certificate generated using openssl to sign the message. Digest > > >>> verification is succeeding. But signature verification is > > >>> > > >>> > > >> failing. > > >> > > >> > > >>> > > >>> > > >>> Thanks, > > >>> Raghu > > >>> > > >>> > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > >> > > >> > > >> > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
