Hi everybody,
I am using Axis2 1.3 and rampart2 1.2.
I observed something interesting. I am using a custom tool to generate a
services.xml. This tool is under development so it did not works perfect at
the moment. I am testing the symmetric binding and have the following
services.xml generated:
<?xml version="1.0" encoding="UTF-8"?>
<serviceGroup>
<service name="HelloPojo">
<description>Web Service HelloPojo</description>
<parameter name="ServiceClass">com.mycompany.wsstack.pojo.HelloPojo
</parameter>
<messageReceivers>
<messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver" mep="
http://www.w3.org/2004/08/wsdl/in-out"/>
</messageReceivers>
<operation name="sayHello"/>
<wsp:Policy wsu:Id="User defined"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:ProtectionToken>
<sp:ProtectionToken>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
<sp:RequireDerivedKeys/>
</wsp:Policy>
</sp:X509Token>
</sp:ProtectionToken>
</sp:ProtectionToken>
<sp:AlgorithmSuite xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:ProtectionToken>
<sp:ProtectionToken>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
<sp:RequireDerivedKeys/>
</wsp:Policy>
</sp:X509Token>
</sp:ProtectionToken>
</sp:ProtectionToken>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</sp:Policy>
</sp:Wss10>
<sp:SignedSupportingTokens xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy/>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy";>
<ramp:user>service</ramp:user>
<ramp:encryptionUser>client</ramp:encryptionUser>
<ramp:passwordCallbackClass>
com.mycompany.wsstack.pwcb.PasswordCallbackHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="
org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.password
">openssl</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="
org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.password
">openssl</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<module ref="addressing"/>
<module ref="rampart"/>
</service>
</serviceGroup>
You can see in bold that <sp:ProtectionToken> is not correctly formed. it
has two opening and closing <sp:ProtectionToken> tags. The second one
should be replaced by <sp:Policy> tag. Another problem is that
<sp:ProtectionToken>
block is set twice into the file.
THE interesting thing is that when I deploy the AAR at Tomcat 5.5.20 and
query the ?wsdl the policy in the wsdl returned is correct and obviously
fixed at some stage. Here is an excerpt from the wsdl that contains the
policy:
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="User defined">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
<sp:RequireDerivedKeys/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</sp:Policy>
</sp:Wss10>
<sp:SignedSupportingTokens xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy/>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
In bold you can see that the <sp:ProtectionToken> is somehow corrected and
normalized. Do you know where this happens?
Thank you in advance!
Dobri
