Hi All,
I am really new to Axis and am using Axis2 1.2.
I have to use WS-Security on Axis2. I have deployed the service on server
and enabled the service's security but do not know the exact steps to
configure the client side for security. Am I supposed to configure a client
repository and configure axis2.xml for client too? If yes, then how exactly
is the security to be configured there?
Can someone please guide me on the same or refer a tutorial or link on
configuring the client of Axis2 or a sample web service with security
enabled and all the xml sect required.
Any help will be most appreciated.
------------------------------------------------
Code:
Services.xml
<service name="MyService" provider="java:RPC" style="document"
use="literal">
<description>
This is a sample Web Service with two operations, echo and
ping.
</description>
<parameter name="ServiceClass" locked="false">
userguide.example1.MyService
</parameter>
<parameter name="scope" value="application" />
<parameter name="allowedMethods" value="echo" />
<parameter name="allowedMethods" value="ping" />
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>serverKeystore</user>
<passwordCallbackClass>
userguide.example1.PWCallback
</passwordCallbackClass>
<signaturePropFile>
out-server-signature.properties
</signaturePropFile>
<signatureKeyIdentifier>
SKIKeyIdentifier
</signatureKeyIdentifier>
<encryptionKeyIdentifier>
SKIKeyIdentifier
</encryptionKeyIdentifier>
<encryptionUser>serverKeystore</encryptionUser>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Encrypt Signature Timestamp</items>
<passwordCallbackClass>
userguide.example1.PWCallback
</passwordCallbackClass>
<signaturePropFile>
in-server-signature.properties
</signaturePropFile>
</action>
</parameter>
<operation name="echo">
<messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
<actionMapping>urn:echo</actionMapping>
</operation>
<operation name="ping">
<messageReceiver
class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver" />
<actionMapping>urn:ping</actionMapping>
</operation>
</service>
------------------------------------------------
in-server-signature.properties
# Server trust store for checking/validating signatures of incoming messages
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=server
org.apache.ws.security.crypto.merlin.alias.password=server
org.apache.ws.security.crypto.merlin.keystore.alias=serverTrustStore
org.apache.ws.security.crypto.merlin.file=C:/Documents and
Settings/ssawhney/serverTrustStore.keystore
------------------------------------------------
Client code:
public class PingClient
{
private static EndpointReference targetEPR = new
EndpointReference("http://localhost:8090/axis2/services/MyService";);
public static void main(String[] args)
{
try
{
ServiceClient serviceClient = new ServiceClient();
Options options = new Options();
OMElement payload = ClientUtil.getEchoOMElement();
Properties props = new Properties();
//
//
props.put(UsernameToken.PASSWORD_TYPE,
WSConstants.PASSWORD_TEXT);
props.put(WSHandlerConstants.USER, "importedServerCert");
props.put(WSHandlerConstants.PW_CALLBACK_CLASS,
"userguide.example1.PWCallback");
props.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.TIMESTAMP);
props.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.SIGNATURE);
props.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.ENCRYPT);
props.setProperty(WSHandlerConstants.SIG_PROP_FILE,
"out-client-signature.properties");
props.setProperty(WSHandlerConstants.SIG_KEY_ID,
"SKIKeyIdentifier");
//
//
serviceClient.setOptions(options);
options.setTo(targetEPR);
options.setAction("urn:echo");
//
//
OMElement result = serviceClient.sendReceive(payload);
//
//
/**
* We have to bock this thread untill we send the request , the
* problem is if we go out of the main thread , then request
wont
* send ,so you have to wait some time :)
*/
Thread.sleep(500);
//
//
System.out.println(result.getQName());
System.out.println(result);
//
// Iterate over the child elements to print what server has sent
Iterator iterChildElements = result.getChildElements();
while (iterChildElements.hasNext())
{
OMElement aChild = (OMElement) iterChildElements.next();
System.out.println(aChild.getText());
}
} catch (AxisFault axisFault)
{
axisFault.printStackTrace();
} catch (InterruptedException e)
{
e.printStackTrace();
}
}
}
--------------------------------------
out-client-signature.properties
# Server key store for adding signatures to outgoing messages
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=client
org.apache.ws.security.crypto.merlin.alias.password=client
org.apache.ws.security.crypto.merlin.keystore.alias=importedServerCert
org.apache.ws.security.crypto.merlin.file=C:/Documents and
Settings/ssawhney/client.keystore
-------------------------------------
Regards,
Shivani Sawhney
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
