Hi, You have a slight typo in the rampart configuration parameter.
<parameter name="InFlowSecurity">
The above should change to <parameter name="InflowSecurity"> Note that the third letter of the parameter name is lower case 'f'. Also since you only expect Timestamp and Signature (and no encryption) the action/items should not have 'Encrypt' in it. Therefore it should change to: <items>Timestamp Signature</items> Thanks, Ruchith ---------- Forwarded message ---------- From: Johan Roch <[EMAIL PROTECTED]> Date: Jun 13, 2006 9:17 PM Subject: Axis2: Checking signed SOAP requests with Rampart... To: [email protected] Hello, I would like to check security for incoming soap requests at server side using the Rampart module(Axis 2). I have an existing client that sends signed SOAP requests(no encryption). The problem is that the signature is never checked. I can see this in the log(debug level): DEBUG - Phase.invoke(372) | Invoking phase "Security" DEBUG - Phase.invoke(379) | Invoking Handler 'SecurityInHandler' in Phase 'Security' DEBUG - WSDoAllReceiver.processMessage(92) | WSDoAllReceiver: enter invoke() DEBUG - Phase.invoke(392) | Checking post-conditions for phase "Security" DEBUG - Phase.invoke(362) | Checking pre-condition for Phase "PreDispatch" DEBUG - Phase.invoke(372) | Invoking phase "PreDispatch" DEBUG - Phase.invoke(379) | Invoking Handler 'AddressingFinalInHandler' in Phase 'PreDispatch' DEBUG - AddressingInHandler.invoke(71) | Starting WS-Addressing Final IN handler ... DEBUG - AddressingInHandler.invoke(87) | No Headers present corresponding to WS-Addressing Final DEBUG - Phase.invoke(379) | Invoking Handler 'AddressingSubmissionInHandler' in Phase 'PreDispatch' DEBUG - AddressingInHandler.invoke(71) | Starting WS-Addressing Submission IN handler ... DEBUG - AddressingInHandler.invoke(87) | No Headers present corresponding to WS-Addressing Submission It seems that the handler is invoked but the security headers are not found. Is there something wrong with my request below? Thx in advance. Johan. <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="http://www.w3.org/2001/XMLSchema";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; mustUnderstand="1" soapenv:actor=""> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="Id-ref2VerifySignature" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>MIIDjjCCAnagAwIBAgILAQAAAAABAxNSI6QwDQYJKoZIhvcNAQEFBQAwJTELMAkGA1UEBhMCQkUx FjAUBgNVBAMTDUdvdmVybm1lbnQgQ0EwHhcNMDUwNDA1MTcwNDM5WhcNMDYwNDA1MTcwNDM5WjBE MQswCQYDVQQGEwJCRTEQMA4GA1UEAxMHRlJOQi5CRTEUMBIGA1UEChMLNDA5LjM1Ny4zMjExDTAL BgNVBAsTBEZSTkIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp1VEDpvYhctJp+agiQdpzsWsC6zI nIUo7EkrIGQEbrI1COcvLIsQp3CN10sHAhOkFIu0A+H+onJ2XgTEt2FAhwIDAQABo4IBZjCCAWIw RAYDVR0gBD0wOzA5BgdgOAEBAQMDMC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LmVp ZC5iZWxnaXVtLmJlMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBT1Qdziis6XVgXoU2dG1/RP Z7J2DzAdBgNVHQ4EFgQUXiuc2/NDXnAqbnoTGE1JHzTX0VAwPQYDVR0fBDYwNDAyoDCgLoYsaHR0 cDovL2NybC5laWQuYmVsZ2l1bS5iZS9nb3Zlcm5tZW50MjAwNS5jcmwwCQYDVR0TBAIwADARBglg hkgBhvhCAQEEBAMCBLAwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY2VydHMu ZWlkLmJlbGdpdW0uYmUvYmVsZ2l1bXJzLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AuZWlk LmJlbGdpdW0uYmUwDQYJKoZIhvcNAQEFBQADggEBABOqebsV63FaY1Ekf5TS9WufW4+zJRe3BOZs ZUGPMFUJs65nWsjlzMtOHS3wfyReq01uIG2HQkZ0XK+/NJ56Xh+xJNywgbo9mxRhCBgTUqSM/feT uYPrZAB1O7QHEH4PLoDNtJtZ8+Zz+GXfARLS5AMSfjqtxwvj4+Pgt6HAuxHb/4mDS1C4xFQNZhZR +XkFtFku1AjN9cXQMFN6vtmYKhwduPj6yxtE4wmnZ559V9DyFLi/feonoA1/H1vIwAGWbhYIjEDG yApoBEBoGkpHvoWeoQRWwiRf9WGIbLZ5Mcq1SFGPF06+4kkYmJUnPNtXT3yO2hHBP8c4ftXsrgHu iBo=</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#id-21826773"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>iLwjzNrDGK562cdtEMfDi0mALgM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> gLziQrLd7oAAxd67IChIDKgImRuPbKrLe0ZuyIa+fFesfrZFuCc643Q6lfTMs0rXXYEU3btQdEpQ CQObiTCH1A== </ds:SignatureValue> <ds:KeyInfo Id="KeyId-1899108"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-8047015"><wsse:Reference URI="#Id-ref2VerifySignature" /></wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsu:Created>2006-06-13T15:31:03Z</wsu:Created><wsu:Expires>2006-06-13T15:31:03Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-21826773"><fphp100 xmlns="http://fsb.belgium.be/prove";><ns1:fphp100 xmlns:ns1="http://fsb.belgium.be/prove/fphp100";><ns2:notary xmlns:ns2="http://fsb.belgium.be/prove/notary";><ns2:office_id>217063</ns2:office_id><ns2:lang>fr</ns2:lang><ns2:nrn>60052301706</ns2:nrn><ns2:num_kbo_not>0477430931</ns2:num_kbo_not><ns2:num_kbo_fed>0409357321</ns2:num_kbo_fed></ns2:notary><ns1:person><ns1:last_name>r</ns1:last_name><ns1:birth_date_year>1977</ns1:birth_date_year></ns1:person></ns1:fphp100></fphp100></soapenv:Body></soapenv:Envelope> Services.xml: <serviceGroup> <service name="findPerson"> <messageReceivers> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"; class="com.notary.fphp.FindPersonMessageReceiverInOut"/> </messageReceivers> <parameter name="ServiceClass" locked="false"> com.notary.fphp.FindPersonSkeleton </parameter> <parameter name="InFlowSecurity"> <action> <items>Timestamp Signature Encrypt</items> <signaturePropFile>interop.properties</signaturePropFile> </action> </parameter> <operation name="fphp100" mep="http://www.w3.org/2004/08/wsdl/in-out";> <actionMapping>http://fsb.belgium.be/prove/fphp100</actionMapping> </operation> <operation name="testSOAPFault" mep="http://www.w3.org/2004/08/wsdl/in-out";> <actionMapping>http://fsb.belgium.be/prove/testSOAPFault</actionMapping> </operation> <operation name="ping" mep="http://www.w3.org/2004/08/wsdl/in-out";> <actionMapping>http://fsb.belgium.be/prove/ping</actionMapping> </operation> </service> </serviceGroup> interop.properties: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=changeit org.apache.ws.security.crypto.merlin.file=D:/WebServices/keystore/testKeystore --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
