Hi Ruchith,
I am really very very grateful to your enlighting explanation and
clarification.
I will go ahead with it. I just tried the security sample with the
attached error message. I have already followed the steps in the
ReadMe file in security sample folder. The following is the snippet of
the error message. The full error message is attached.
I will try Axis2 0.95 security at meanwhile.
The original exception is BadPaddingException. Did i missed something?
As mentioned, I have followed the instruction in the read me file.
F:\download\axis2\axis2-std-0.94-bin\samples\security\src>java sample.security.C
lient ..\client_repo 8080
org.apache.axis2.AxisFault: org.apache.axis2.AxisFault: WSDoAllReceiver: securit
y processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: pad block cor
rupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
:165)
at org.apache.axis2.engine.Phase.invoke(Phase.java:376)
Regards,
Xinjun
On 4/6/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> Hi Xinjun,
>
> Please see my inline comments:
>
> On 4/6/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:
> > When testing the Axis2 0.94 security module, I have some questions
> > regarding client side configuration. I raised the following question
> > after reading the webpage
> > http://ws.apache.org/axis2/0_94/security-module.html.
>
> I recommend you to use the 0.95 security.mar and please note that the
> Axis2 repository structure is different in 0.95.
>
> >
> > 1. The page mentions that client side configuration parameters can be
> > set in the axis2.xml of the client's Axis2 repository.
> > My question is is this referring to the directory
> > \axis2-std-0.94-bin\repository\services ?
> > It is initially empty. What will be the root element in the client
> > respository axis2.xml? Could you help me to get some sample client
> > side configuration?
>
> When you have to engage a client side module you will have to use an
> Axis2 repository.
> This repository just have to be a specific directory structure. Following is
> the
> Axis2 repository structure for a client if you are using 0.95 or the
> current SVN snapshot.
>
> repo_dir <- This is the repo directory name and can be anything and can be
> | anywhere in your dick where you have permission :-).
> |
> +--conf
> | |
> | +-- axis2.xml
> |
> +--modules <- This directory contains .mar files
> |
> +-- security.mar
>
>
> Now when you create a ServiceClient you can supply the configuration
> context created using the configured using the repo dir.
>
> If you have a look at the souce of the security sample's client [1]
> you can see how this is done. (lines: 48, 49)
>
> Now the you will have to have following XML entries in the axis2.xml
> that is in the client's repo's conf dir
>
> <!--Enagege the security module -->
>
> <module ref="security" />
>
> <!-- Configure the security module to include a username token in the msg -->
>
> <parameter name="OutflowSecurity">
> <action>
> <items>UsernameToken</items>
> <user>your_user_name</user>
> <passwordCallbackClass>callback.hancler.Class</passwordCallbackClass>
> <passwordType>PasswordText</passwordType>
> </action>
> </parameter>
>
> The above parameter will include a username token in the security
> header in the request message. The username will be "your_user_name"
> and the password will be picked up using the callback.hancler.Class.
> You will have to write this class which is an impl of the
> java.auth.Callback interface. And you will have to set the password
> into the WSPasswordCallback objects that is given into the handle()
> method. Example: [2]
>
> Now you have your client side configured properly :-)
>
> >
> > 2. If a developer only downloaded WAR distribution and put the war
> > inside the Tomcat webapps folder. Can he/she still configure the
> > client side? How?
>
> YES
> The client side it independent from the services and there's no need
> for anyone to use the same repository that is available inside tomcat
> when the war is expanded.
>
> One can configure the services' security by configuring the axis2.xml
> available in the WEB-INF/con dir in the war to include the
> <module ref="security" /> entry AND by including the configuration
> parameters in each service's services.xml file.
>
> >
> > 3. The page mentioned per service level security configuration. Could
> > you also provided some details? My understanding is that the security
> > configuration (security policy and security information) will be read
> > by the WSDoAllHandler inside the security.module. I checked both
> > WSDoAllSender and WSDoAllReceiver, but could not figure out where how
> > can WSDoAllHandler find out the security configuration file.
>
> We do not processes WS-securityPolicy yet. And we use two parameters to
> configure the security module as explained here [3].
> When configuring security for services you can include these elements in
> in the services.xml of each of those services as children of the document
> element ("service" element). Then each request directed at any of the
> operations of the service are expected to be secured as configured.
>
> HandlerParameterDecoder.processParameters() method is used to extract
> information from these parameters. This is used in both WSDoAll* handlers.
>
> >
> > 4. As for the PasswordCallbackClass, is it possible to use the same
> > PasswordCallbackClass for both client and server if I combine the
> > client and server into the Axis2 installation in Tomcat?
>
> yes
>
> >
> > 5. Does Axis2 security module allow plain username and password for
> > authentication? Can I specify the username and password inside the
> > configuration?
> >
> yes it allows plain text password and the username is anyway plain text.
>
> You will have to specify the username in the configuration parameter
> but you cannot specify the password in the configuration. You will
> have to use the PasswordCallbackClass to provide the password for a
> given username.
>
> Thanks,
> Ruchith
>
> p.s.
> Once again ... I recommend you to use the 0.95 or the current SVN and
> please note that you will have to include the following jars in the
> client's classpath and if you are using secured services in Tomcat :
> in the axis2/WEB-INF/lib dir:
>
> bcprov-jdk13-131.jar
> commons-discovery-0.2.jar
> wss4j-SNAPSHOT.jar
> xmlsec-1.2.1.jar
>
> [1]
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java
> [2]
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/PWCallback.java
> [3] http://ws.apache.org/axis2/0_95/security-module.html
>
F:\download\axis2\axis2-std-0.94-bin\samples\security\src>java sample.security.C
lient ..\client_repo 8080
org.apache.axis2.AxisFault: org.apache.axis2.AxisFault: WSDoAllReceiver: securit
y processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: pad block cor
rupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
:165)
at org.apache.axis2.engine.Phase.invoke(Phase.java:376)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:351)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:322)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq
uest(HTTPTransportUtils.java:274)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1
50)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcesso
r.java:831)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.pr
ocess(Http11AprProtocol.java:639)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:12
03)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt da
ta; nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: pad block cor
rupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef
(EncryptedKeyProcessor.java:388)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
dKey(EncryptedKeyProcessor.java:313)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
dKey(EncryptedKeyProcessor.java:81)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En
cryptedKeyProcessor.java:75)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:252)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:179)
at org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
:161)
... 19 more
Caused by: org.apache.xml.security.encryption.XMLEncryptionException: pad block
corrupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unkno
wn Source)
at org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown S
ource)
at org.apache.xml.security.encryption.XMLCipher.decryptElementContent(Un
known Source)
at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown Source)
at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef
(EncryptedKeyProcessor.java:386)
... 25 more
; nested exception is:
java.lang.Exception: org.apache.axis2.AxisFault: WSDoAllReceiver: securi
ty processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: pad block cor
rupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
:165)
at org.apache.axis2.engine.Phase.invoke(Phase.java:376)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:351)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:322)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq
uest(HTTPTransportUtils.java:274)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1
50)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcesso
r.java:831)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.pr
ocess(Http11AprProtocol.java:639)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:12
03)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt da
ta; nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: pad block cor
rupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef
(EncryptedKeyProcessor.java:388)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
dKey(EncryptedKeyProcessor.java:313)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
dKey(EncryptedKeyProcessor.java:81)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En
cryptedKeyProcessor.java:75)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:252)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:179)
at org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
:161)
... 19 more
Caused by: org.apache.xml.security.encryption.XMLEncryptionException: pad block
corrupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unkno
wn Source)
at org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown S
ource)
at org.apache.xml.security.encryption.XMLCipher.decryptElementContent(Un
known Source)
at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown Source)
at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef
(EncryptedKeyProcessor.java:386)
... 25 more
at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
isOperation.java:278)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
393)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:
326)
at sample.security.Client.main(Client.java:59)
Caused by: java.lang.Exception: org.apache.axis2.AxisFault: WSDoAllReceiver: sec
urity processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: pad block cor
rupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
:165)
at org.apache.axis2.engine.Phase.invoke(Phase.java:376)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:351)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:322)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq
uest(HTTPTransportUtils.java:274)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1
50)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcesso
r.java:831)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.pr
ocess(Http11AprProtocol.java:639)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:12
03)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt da
ta; nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: pad block cor
rupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef
(EncryptedKeyProcessor.java:388)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
dKey(EncryptedKeyProcessor.java:313)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
dKey(EncryptedKeyProcessor.java:81)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En
cryptedKeyProcessor.java:75)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:252)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:179)
at org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
:161)
... 19 more
Caused by: org.apache.xml.security.encryption.XMLEncryptionException: pad block
corrupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unkno
wn Source)
at org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown S
ource)
at org.apache.xml.security.encryption.XMLCipher.decryptElementContent(Un
known Source)
at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown Source)
at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef
(EncryptedKeyProcessor.java:386)
... 25 more
at org.apache.axis2.soap.impl.llom.SOAPFaultImpl.getException(SOAPFaultI
mpl.java:148)
at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAx
isOperation.java:272)
... 3 more
