Hi Dobri, Are you using rampart-policy-<version>.jar to create and serialize this policy? We fixed a lot of policy serialization issues in rampart-policy after 1.3. Can you please try using the rampart-policy-SNAPSHOT.jar from the latest trunk?
Thanks, Ruchith p.s. Please subscribe ([EMAIL PROTECTED]) and post rampart related issues to [EMAIL PROTECTED] list. On 10/31/07, Dobri Kitipov <[EMAIL PROTECTED]> wrote: > Hi everybody, > I am using Axis2 1.3 and rampart2 1.2. > I observed something interesting. I am using a custom tool to generate a > services.xml. This tool is under development so it did not works perfect at > the moment. I am testing the symmetric binding and have the following > services.xml generated: > > <?xml version="1.0" encoding="UTF-8"?> > <serviceGroup> > <service name="HelloPojo"> > <description>Web Service HelloPojo</description> > <parameter > name="ServiceClass">com.mycompany.wsstack.pojo.HelloPojo</parameter> > <messageReceivers> > <messageReceiver > > class="org.apache.axis2.rpc.receivers.RPCMessageReceiver " > mep="http://www.w3.org/2004/08/wsdl/in-out"/> > </messageReceivers> > <operation name="sayHello"/> > <wsp:Policy wsu:Id="User defined" > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > <wsp:ExactlyOne> > <wsp:All> > <sp:SymmetricBinding xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:ProtectionToken> > <sp:ProtectionToken> > <sp:X509Token sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > <wsp:Policy> > <sp:WssX509V3Token10/> > <sp:RequireDerivedKeys/> > </wsp:Policy> > </sp:X509Token> > </sp:ProtectionToken> > </sp:ProtectionToken> > <sp:AlgorithmSuite xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:Basic128/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > <sp:ProtectionToken> > <sp:ProtectionToken> > <sp:X509Token sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > <wsp:Policy> > <sp:WssX509V3Token10/> > <sp:RequireDerivedKeys/> > </wsp:Policy> > </sp:X509Token> > </sp:ProtectionToken> > </sp:ProtectionToken> > </wsp:Policy> > </sp:SymmetricBinding> > <sp:Wss10 xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Policy> > <sp:MustSupportRefKeyIdentifier/> > <sp:MustSupportRefIssuerSerial/> > </sp:Policy> > </sp:Wss10> > <sp:SignedSupportingTokens > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy/> > </sp:SignedSupportingTokens> > <ramp:RampartConfig > xmlns:ramp="http://ws.apache.org/rampart/policy";> > <ramp:user>service</ramp:user> > > <ramp:encryptionUser>client</ramp:encryptionUser> > > <ramp:passwordCallbackClass>com.mycompany.wsstack.pwcb.PasswordCallbackHandler > </ramp:passwordCallbackClass> > <ramp:signatureCrypto> > <ramp:crypto > provider="org.apache.ws.security.components.crypto.Merlin"> > <ramp:property name=" > org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.password">openssl</ramp:property> > </ramp:crypto> > </ramp:signatureCrypto> > <ramp:encryptionCypto> > <ramp:crypto > provider="org.apache.ws.security.components.crypto.Merlin"> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.type > ">JKS</ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.password > ">openssl</ramp:property> > </ramp:crypto> > </ramp:encryptionCypto> > </ramp:RampartConfig> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <module ref="addressing"/> > <module ref="rampart"/> > </service> > </serviceGroup> > > You can see in bold that <sp:ProtectionToken> is not correctly formed. it > has two opening and closing <sp:ProtectionToken> tags. The second one > should be replaced by <sp:Policy> tag. Another problem is that > <sp:ProtectionToken> block is set twice into the file. > THE interesting thing is that when I deploy the AAR at Tomcat 5.5.20 and > query the ?wsdl the policy in the wsdl returned is correct and obviously > fixed at some stage. Here is an excerpt from the wsdl that contains the > policy: > > <wsp:Policy > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="User defined"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SymmetricBinding xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <sp:X509Token sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > <wsp:Policy> > > <sp:WssX509V3Token10/> > > <sp:RequireDerivedKeys/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:ProtectionToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic128/> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > </wsp:Policy> > </sp:SymmetricBinding> > <sp:Wss10 > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Policy> > <sp:MustSupportRefKeyIdentifier/> > <sp:MustSupportRefIssuerSerial/> > </sp:Policy> > </sp:Wss10> > <sp:SignedSupportingTokens xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy/> > </sp:SignedSupportingTokens> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > In bold you can see that the <sp:ProtectionToken> is somehow corrected and > normalized. Do you know where this happens? > > Thank you in advance! > Dobri > > > > > > -- http://blog.ruchith.org http://wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
