Hi ruchith,
Thank you very very much! Your mail is undoubtably helpful. I will try
both of your solutions.
I didn't know the Axis2 is so flexible. I will exploit more on it.
Regards,
Xinjun
On 4/8/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> Hi Xinjun,
>
> YES, You can use the same client repo to access different services. In
> that case you will have to have differnt axis2.xml file configured to
> access different services:
>
> For example,
> - you have two services that require different security configurations.
> - your repo directory is /usr/temp/client_repo
> - you have your configured client's axis2.xml files in
> /usr/temp/conig/s1.axis2.xml and
> /usr/temp/conig/s2.axis2.xml
>
> Now in your client application you can create two ServiceClients to
> access two services with different configuration contexts:
>
> //Create a ctxConfig with s1's config
> ConfigurationContext confCtx =
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("/usr/temp/client_repo
> ", "/usr/temp/conig/s1.axis2.xml");
> ServiceClient serviceClient = new ServiceClient(confCtx, null);
>
> //Make the call to service 1
> ....
> ....
>
> //Create a ctxConfig with s2's config
> ConfigurationContext confCtx =
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("/usr/temp/client_repo
> ", "/usr/temp/conig/s2.axis2.xml");
> ServiceClient serviceClient = new ServiceClient(confCtx, null);
>
> //Make the call to service 2
> ....
> ....
>
> NOW let me introduce another way of doing this :-) with the SAME
> client side axis2.xml where we only have to put <module ref="security"
> /> entry in the axis2.xml.
>
> If you include the axis2-security-0.95.jar into your classpath you
> will have the following two classes available:
> org.apache.axis2.security.handler.config.InflowConfiguration and
> org.apache.axis2.security.handler.config.OutflowConfiguration
>
> You can create instances of these two classes and provide the same
> information that you provide in the "InflowSecurity" and
> "OutflowSecurity" parameters using the settter methods available
> (Example: [2]).
>
> Once you have set the information properly in InflowConfiguration and
> OutflowConfiguration instances you can call the getProperty() method
> on each one of them and obtain two
> org.apache.axis2.description.Parameter instances.
>
> Now you can set these two Parameter objects in the
> org.apache.axis2.client.Options object that you set in the service
> client as shown below:
>
> Options op = new Options();
> op.setsetProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
> outflowConfig.getProperty());
> op.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
> inflowConfig.getProperty());
>
> ///configure the other parametes in op
> ...
> ...
>
> serviceClient.setOptions(op);
>
> Now when you want to invoke another service with a different security
> config you will only have create a provide new Parametes to options
> with new configurations. Please note that you will have to call
> getProperty again in OutflowConfiguration and InflowConfiguration
> objects once you have reconfigured them to get the updated parameter.
>
> Hope this helps :-)
>
> Thanks,
> Ruchith
>
> [1] http://svn.apache.org/repository/axis2/jars/axis2-security-0.95.jar
> [2]
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/Scenario4Test.java
>
> On 4/7/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:
> > Hi Ruchith,
> >
> > You are right! When I install my Tomcat, I used the JDK 1.5 though I
> > have set JAVA_HOME to JDK 1.4. Now I am using Tomcat 5.5 with JDK 1.4
> > (compatibility package installed). I have successfully tested the
> > security sample in Axis2 0.95.
> > But I have another question. I deployed another web service with
> > different InflowSecurity and OutflowSecurity parameters. I can either
> > use another client repository or modify the axis2.xml in the
> > repository. I am wondering whether it is possible for me to use the
> > same client repository for different services.
> >
> > Regards,
> > Xinjun
> >
> >
> > On 4/6/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > > Hi Xinjun,
> > >
> > > Unfortunately the security sample in 0.94 is broken :-(
> > >
> > > Please try the security sample provided in Axis2 0.95
> > > http://ws.apache.org/axis2/download.cgi
> > >
> > > AND please make sure you use the security sample provided separately
> > > in the distribution.
> > >
> > > BTW looking at your exception trace I think you are using JDK 1.5 and if
> > > so
> > > 1.) please follow the instructions in "General -> #3" in the Axis2 faq
> > > [1].
> > > 2.) you will need to have xalan-2.6.jar in the client's classpath
> > > and in the axis2/WEB-INF/li dir as well.
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > [1] http://ws.apache.org/axis2/download.cgi
> > >
> > > On 4/6/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:
> > > > Hi Ruchith,
> > > >
> > > > I am really very very grateful to your enlighting explanation and
> > > > clarification.
> > > > I will go ahead with it. I just tried the security sample with the
> > > > attached error message. I have already followed the steps in the
> > > > ReadMe file in security sample folder. The following is the snippet of
> > > > the error message. The full error message is attached.
> > > > I will try Axis2 0.95 security at meanwhile.
> > > > The original exception is BadPaddingException. Did i missed something?
> > > > As mentioned, I have followed the instruction in the read me file.
> > > >
> > > >
> > > > F:\download\axis2\axis2-std-0.94-bin\samples\security\src>java
> > > > sample.security.C
> > > > lient ..\client_repo 8080
> > > > org.apache.axis2.AxisFault: org.apache.axis2.AxisFault:
> > > > WSDoAllReceiver: securit
> > > > y processing failed; nested exception is:
> > > > org.apache.ws.security.WSSecurityException: Cannot
> > > > encrypt/decrypt data;
> > > > nested exception is:
> > > > org.apache.xml.security.encryption.XMLEncryptionException: pad
> > > > block cor
> > > > rupted
> > > > Original Exception was javax.crypto.BadPaddingException: pad block
> > > > corrupted
> > > > at
> > > > org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
> > > > :165)
> > > > at org.apache.axis2.engine.Phase.invoke(Phase.java:376)
> > > >
> > > >
> > > > Regards,
> > > > Xinjun
> > > >
> > > >
> > > > On 4/6/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > > > > Hi Xinjun,
> > > > >
> > > > > Please see my inline comments:
> > > > >
> > > > > On 4/6/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:
> > > > > > When testing the Axis2 0.94 security module, I have some questions
> > > > > > regarding client side configuration. I raised the following question
> > > > > > after reading the webpage
> > > > > > http://ws.apache.org/axis2/0_94/security-module.html.
> > > > >
> > > > > I recommend you to use the 0.95 security.mar and please note that the
> > > > > Axis2 repository structure is different in 0.95.
> > > > >
> > > > > >
> > > > > > 1. The page mentions that client side configuration parameters can
> > > > > > be
> > > > > > set in the axis2.xml of the client's Axis2 repository.
> > > > > > My question is is this referring to the directory
> > > > > > \axis2-std-0.94-bin\repository\services ?
> > > > > > It is initially empty. What will be the root element in the client
> > > > > > respository axis2.xml? Could you help me to get some sample client
> > > > > > side configuration?
> > > > >
> > > > > When you have to engage a client side module you will have to use an
> > > > > Axis2 repository.
> > > > > This repository just have to be a specific directory structure.
> > > > > Following is the
> > > > > Axis2 repository structure for a client if you are using 0.95 or the
> > > > > current SVN snapshot.
> > > > >
> > > > > repo_dir <- This is the repo directory name and can be anything and
> > > > > can be
> > > > > | anywhere in your dick where you have permission :-).
> > > > > |
> > > > > +--conf
> > > > > | |
> > > > > | +-- axis2.xml
> > > > > |
> > > > > +--modules <- This directory contains .mar files
> > > > > |
> > > > > +-- security.mar
> > > > >
> > > > >
> > > > > Now when you create a ServiceClient you can supply the configuration
> > > > > context created using the configured using the repo dir.
> > > > >
> > > > > If you have a look at the souce of the security sample's client [1]
> > > > > you can see how this is done. (lines: 48, 49)
> > > > >
> > > > > Now the you will have to have following XML entries in the axis2.xml
> > > > > that is in the client's repo's conf dir
> > > > >
> > > > > <!--Enagege the security module -->
> > > > >
> > > > > <module ref="security" />
> > > > >
> > > > > <!-- Configure the security module to include a username token in the
> > > > > msg -->
> > > > >
> > > > > <parameter name="OutflowSecurity">
> > > > > <action>
> > > > > <items>UsernameToken</items>
> > > > > <user>your_user_name</user>
> > > > >
> > > > > <passwordCallbackClass>callback.hancler.Class</passwordCallbackClass>
> > > > > <passwordType>PasswordText</passwordType>
> > > > > </action>
> > > > > </parameter>
> > > > >
> > > > > The above parameter will include a username token in the security
> > > > > header in the request message. The username will be "your_user_name"
> > > > > and the password will be picked up using the callback.hancler.Class.
> > > > > You will have to write this class which is an impl of the
> > > > > java.auth.Callback interface. And you will have to set the password
> > > > > into the WSPasswordCallback objects that is given into the handle()
> > > > > method. Example: [2]
> > > > >
> > > > > Now you have your client side configured properly :-)
> > > > >
> > > > > >
> > > > > > 2. If a developer only downloaded WAR distribution and put the war
> > > > > > inside the Tomcat webapps folder. Can he/she still configure the
> > > > > > client side? How?
> > > > >
> > > > > YES
> > > > > The client side it independent from the services and there's no need
> > > > > for anyone to use the same repository that is available inside tomcat
> > > > > when the war is expanded.
> > > > >
> > > > > One can configure the services' security by configuring the axis2.xml
> > > > > available in the WEB-INF/con dir in the war to include the
> > > > > <module ref="security" /> entry AND by including the configuration
> > > > > parameters in each service's services.xml file.
> > > > >
> > > > > >
> > > > > > 3. The page mentioned per service level security configuration.
> > > > > > Could
> > > > > > you also provided some details? My understanding is that the
> > > > > > security
> > > > > > configuration (security policy and security information) will be
> > > > > > read
> > > > > > by the WSDoAllHandler inside the security.module. I checked both
> > > > > > WSDoAllSender and WSDoAllReceiver, but could not figure out where
> > > > > > how
> > > > > > can WSDoAllHandler find out the security configuration file.
> > > > >
> > > > > We do not processes WS-securityPolicy yet. And we use two parameters
> > > > > to
> > > > > configure the security module as explained here [3].
> > > > > When configuring security for services you can include these elements
> > > > > in
> > > > > in the services.xml of each of those services as children of the
> > > > > document
> > > > > element ("service" element). Then each request directed at any of the
> > > > > operations of the service are expected to be secured as configured.
> > > > >
> > > > > HandlerParameterDecoder.processParameters() method is used to extract
> > > > > information from these parameters. This is used in both WSDoAll*
> > > > > handlers.
> > > > >
> > > > > >
> > > > > > 4. As for the PasswordCallbackClass, is it possible to use the same
> > > > > > PasswordCallbackClass for both client and server if I combine the
> > > > > > client and server into the Axis2 installation in Tomcat?
> > > > >
> > > > > yes
> > > > >
> > > > > >
> > > > > > 5. Does Axis2 security module allow plain username and password for
> > > > > > authentication? Can I specify the username and password inside the
> > > > > > configuration?
> > > > > >
> > > > > yes it allows plain text password and the username is anyway plain
> > > > > text.
> > > > >
> > > > > You will have to specify the username in the configuration parameter
> > > > > but you cannot specify the password in the configuration. You will
> > > > > have to use the PasswordCallbackClass to provide the password for a
> > > > > given username.
> > > > >
> > > > > Thanks,
> > > > > Ruchith
> > > > >
> > > > > p.s.
> > > > > Once again ... I recommend you to use the 0.95 or the current SVN and
> > > > > please note that you will have to include the following jars in the
> > > > > client's classpath and if you are using secured services in Tomcat :
> > > > > in the axis2/WEB-INF/lib dir:
> > > > >
> > > > > bcprov-jdk13-131.jar
> > > > > commons-discovery-0.2.jar
> > > > > wss4j-SNAPSHOT.jar
> > > > > xmlsec-1.2.1.jar
> > > > >
> > > > > [1]
> > > > > https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java
> > > > > [2]
> > > > > https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/PWCallback.java
> > > > > [3] http://ws.apache.org/axis2/0_95/security-module.html
> > > > >
> > > >
> > > >
> > > >
> > >
> >
>
