Re: Problem with enabling WS-Security in Axis

[Sergei Fedulov]

Hi!

Thanks for your help, Alik!
However, I managed to find out the reason of the problem by myself. The 
problem was, that I was using "XML-security 1.4.0" library, which 
incorrectly encodes the unicode characters. So the russian text was 
incoded incorrectly, and caused this error. When I tried with the last 
version 1.4.1, it was working correctly.


Alick Buckley wrote:
Hi,

I have used WS-Security with Apache Axis 1.4 client.

I hope this helps.

=========================================================================================================================

Your deployment

<deployment xmlns="http://xml.apache.org/axis/wsdd/"; 
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
  <transport name="http" 
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
   <globalConfiguration >
    <requestFlow >
     <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
      <parameter name="action" value="UsernameToken"/>
      <parameter name="passwordType" value="PasswordDigest"/>
     </handler>
    </requestFlow >
   </globalConfiguration >
</deployment>

=========================================================================================================================

My deployment.

I also set the client configuration file via the 
org.apache.axis.AxisProperties class

org.apache.axis.AxisProperties.setProperty ( "axis.ClientConfigFile", 
"axis-client-config.xml" ) ;

The file axis-client-config.xml contains the following:

<deployment name="defaultClientConfig" 
xmlns="http://xml.apache.org/axis/wsdd/"; 
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>

 <globalConfiguration>

   <parameter name="disablePrettyXML" value="true"/>

   <parameter name="addressing.sendReplyTo" value="true"/>

   <parameter name="enableNamespacePrefixOptimization" value="false"/>

 </globalConfiguration>

 <service name="XYZPort">

   <requestFlow>

     <handler 
type="java:org.apache.axis.message.addressing.handler.AddressingHandler">

       <!-- Reference elements are added in the same order -->

       <parameter name="referencePropertyNames"

                  
value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;

                         
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;

                         
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;

                         
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;

                         
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From"/>

     </handler>

     <handler type="java:org.apache.ws.axis.security.WSDoAllSender">

       <!-- action order is important, do Timestamp then Signature if 
signing Timestamp -->

       <parameter name="action" value="Timestamp Signature"/>

       <parameter name="user" value="XYZLabel"/>

       <parameter name="passwordCallbackClass" 
value="com.acme.security.PasswordCallback"/>

       <parameter name="signatureKeyIdentifier" value="DirectReference"/>

       <parameter name="signaturePropFile" 
value="pki/security.properties"/>

       <parameter name="timeToLive" value="300"/>

       <parameter name="precisionInMilliseconds" value="false" />

       <!-- Reference elements are added in the same order -->

       <parameter name="signatureParts"

                  
value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;

                         
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;

                         
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;

                         
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;

                         
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;

                         
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp; 


                         
{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>

     </handler>

   </requestFlow>

 </service>

 <transport name="http" 
pivot="java:org.apache.axis.transport.http.HTTPSender"/>

 <transport name="java" 
pivot="java:org.apache.axis.transport.java.JavaSender"/>

 <transport name="local" 
pivot="java:org.apache.axis.transport.local.LocalSender"/>

</deployment>

=========================================================================================================================

-----Original Message-----
From: Sergei Fedulov [mailto:[EMAIL PROTECTED]
Sent: Monday, 1 October 2007 6:53 PM
To: axis-user@ws.apache.org
Subject: Problem with enabling WS-Security in Axis


Hi all!

I have a problem with enabling WS-security on Axis client. I am using
Axis, not Axis2. The problem is, that when the security is enabled, Axis
doesn't encode special characters (like "<") in XML-elements, and I am
getting an error from server:
----------------------------------------------------
org.xml.sax.SAXParseException: The content of elements must consist of
well-formed character data or markup.
----------------------------------------------------

When the security is not enabled, characters encoded just fine.

The name of my service is "SendSms". I am configuring the service using
following construction:
----------------------------------------------------
EngineConfiguration config = new FileProvider("conf/client_deploy.wsdd");
SendSmsServiceLocator serviceLocator = new SendSmsServiceLocator(config);

SendSms_PortType serviceStub = serviceLocator.getSendSms();

Stub stub = (Stub) serviceStub;
stub._setProperty(UsernameToken.PASSWORD_TYPE, 
WSConstants.PASSWORD_DIGEST);
stub._setProperty(WSHandlerConstants.USER, userName);
stub._setProperty(WSHandlerConstants.PW_CALLBACK_REF, callbackHandler);
----------------------------------------------------

The content of the "conf/client_deploy.wsdd" is the following:
----------------------------------------------------
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
  <transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
   <globalConfiguration >
    <requestFlow >
     <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
      <parameter name="action" value="UsernameToken"/>
      <parameter name="passwordType" value="PasswordDigest"/>
     </handler>
    </requestFlow >
   </globalConfiguration >
</deployment>
----------------------------------------------------

Thanks for your help in advance!

--
Sergei Fedulov
Euro-Baltic Software Alliance

Mobile:  +372 56 984026
ICQ#:     257838427
MSN:      [EMAIL PROTECTED]
Skype:    fedulows
Y!ID:     fedulows

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



--
Sergei Fedulov
Euro-Baltic Software Alliance

Mobile:  +372 56 984026
ICQ#:     257838427
MSN:      [EMAIL PROTECTED]
Skype:    fedulows
Y!ID:     fedulows

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]