Actually, all is going well.
However, the server that I'm sending requests to requires a From field
in the addressing headers.
I've been googling for about two hours, and can't seem to find a
solution for this.
Here is my current axis2.xml (well the important parts)
<axisconfig name="AxisJava2.0">
<parameter name="enableNamespacePrefixOptimization" value="false"/>
<parameter name="addressing.setMustUnderstand" value="false" />
<parameter name="axis.sendMinimizedElements" value="false" />
<parameter name="addressing.namespace.URI"
value="http://schemas.xmlsoap.org/ws/2004/03/addressing"/>
<parameter name="addressing.sendReplyTo" value="true"/>
<parameter name="addressing.sendFrom" value="true"/>
<parameter name="disablePrettyXML" value="true"/>
<!-- Engage the addressing module -->
<module ref="addressing"/>
<moduleConfig name="addressing">
<parameter name="addressing.sendFrom">true</parameter>
</moduleConfig>
<!-- Engage the security module -->
<module ref="rampart"/>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature</items>
<user>wow</user>
<passwordCallbackClass>nz.co.maxnet.oot.utils.PWCallback</passwordCallbackClass>
<signaturePropFile>wow.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<!-- <signatureParts>
{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
</signatureParts> -->
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<passwordCallbackClass>nz.co.maxnet.oot.utils.PWCallback</passwordCallbackClass>
<signaturePropFile>wow.properties</signaturePropFile>
</action>
</parameter>
<transportSender name="https"
class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
<parameter name="Transfer-Encoding" locked="false">chunked</parameter>
</transportSender>
<phaseOrder type="InFlow">
<!-- System pre defined phases -->
<phase name="Transport">
<handler name="RequestURIBasedDispatcher"
class="org.apache.axis2.engine.RequestURIBasedDispatcher">
<order phase="Transport"/>
</handler>
<handler name="SOAPActionBasedDispatcher"
class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
<order phase="Transport"/>
</handler>
</phase>
<phase name="Addressing">
<handler name="AddressingBasedDispatcher"
class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
<order phase="Addressing" />
</handler>
</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>
<phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
<handler name="SOAPMessageBodyBasedDispatcher"
class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="InstanceDispatcher"
class="org.apache.axis2.engine.InstanceDispatcher">
<order phase="Dispatch"/>
</handler>
</phase>
<!-- System pre defined phases -->
<!-- After Postdispatch phase module author or or service
author can add any phase he want -->
<phase name="OperationInPhase"/>
<phase name="soapmonitorPhase"/>
</phaseOrder>
<phaseOrder type="OutFlow">
<phase name="Addressing">
<handler name="AddressingBasedDispatcher"
class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
<order phase="Addressing" />
</handler>
</phase>
<phase name="soapmonitorPhase"/>
<phase name="OperationOutPhase"/>
<!--system predefined phase-->
<!--these phase will run irrespective of the service-->
<phase name="PolicyDetermination"/>
<phase name="MessageOut"/>
<phase name="Security"/>
</phaseOrder>
As always, any help is appreciated.
Thanks.
- Rachel
On Dec 6, 2007 1:45 PM, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> Interop problems ... You probably want to switch to using the
> WS-SecurityPolicy based configuration.
> I can assure you that Rampart + WS-SecurityPolicy interops with .NET
> (WCF) on WS-Security 1.0, WS-Security 1.1 and WS-SecureConversation
> scenarios.
>
> The test suite we used for the interop with WCF services is available
> here [1] where we have 66 successful scenarios on the above three
> specs.
>
> Thanks,
> Ruchith
>
> [1] https://wso2.org/repos/wso2/trunk/interop/test-suites/security
>
>
> On Dec 6, 2007 3:07 AM, Rachel Primrose <[EMAIL PROTECTED]> wrote:
> > Right on the button - eclipse + classpaths = pain.
> >
> > I renamed everything to wow.whatever and now I'm onto the .NET interop
> > problems, which I will probably be posting about when I get really
> > stuck.
> >
> > Thanks so much.
> >
> >
> > On Dec 5, 2007 7:46 PM, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > > Yep ... everything looks fine ... However I'm wondering whether you
> > > have any other client_crypto.properties file in your classpath that
> > > causes the wrong keystore to be picked where there's no key with alias
> > > test123.
> > >
> > > Therefore can you please rename the keystore file and the .properties
> > > file and check.
> > >
> > > Thanks,
> > > Ruchith
> > >
> > >
> > > On Dec 5, 2007 5:50 AM, Rachel Primrose <[EMAIL PROTECTED]> wrote:
> > > > Hello,
> > > >
> > > > I've been having trouble signing my messages as they go out, and the
> > > > usual "is the alias the right one" solution I've been reading about
> > > > does not work!
> > > >
> > > > Here is my keystore:
> > > >
> > > > Keystore type: PKCS12
> > > > Keystore provider: SunJSSE
> > > >
> > > > Your keystore contains 1 entry
> > > >
> > > > Alias name: test123
> > > > Creation date: 5/12/2007
> > > > Entry type: PrivateKeyEntry
> > > > Certificate chain length: 3
> > > > Certificate[1]:
> > > >
> > > > Here is my axis2.xml security outflow:
> > > >
> > > > <parameter name="OutflowSecurity">
> > > > <action>
> > > > <items>Timestamp Signature</items>
> > > > <user>test123</user>
> > > >
> > > > <passwordCallbackClass>test.oot.PWCallback</passwordCallbackClass>
> > > > <signaturePropFile>client_crypto.properties</signaturePropFile>
> > > > <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> > > > <parameter name="referencePropertyNames"
> > > > value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To";
> > > > />
> > > > <parameter name="signatureParts" value="
> > > >
> > > > {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
> > > >
> > > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
> > > >
> > > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
> > > >
> > > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;
> > > >
> > > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
> > > >
> > > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;
> > > >
> > > > {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
> > > > />
> > > > </action>
> > > > </parameter>
> > > >
> > > > Here is my client_crypto.properties file:
> > > >
> > > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > > org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> > > > org.apache.ws.security.crypto.merlin.keystore.password=test
> > > > org.apache.ws.security.crypto.merlin.keystore.alias=test123
> > > > org.apache.ws.security.crypto.merlin.file=oot-stage.p12
> > > >
> > > > And my pwcallback class:
> > > >
> > > > pc.setPassword("test");
> > > >
> > > > The error I get is:
> > > >
> > > > org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> > > > procesingorg.apache.ws.security.WSSecurityException: General security
> > > > error (Unexpected number of X509Data: for Signature); nested exception
> > > > is:
> > > > org.apache.ws.security.WSSecurityException: WSHandler:
> > > > Signature:
> > > > error during message
> > > > procesingorg.apache.ws.security.WSSecurityException: General security
> > > > error (Unexpected number of X509Data: for Signature)
> > > > at
> > > > org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:92)
> > > > at
> > > > org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
> > > > at org.apache.axis2.engine.Phase.invoke(Phase.java:382)
> > > > at
> > > > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
> > > > at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655)
> > > > at
> > > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237)
> > > > at
> > > > org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
> > > > Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
> > > > Signature: error during message
> > > > procesingorg.apache.ws.security.WSSecurityException: General security
> > > > error (Unexpected number of X509Data: for Signature)
> > > > at
> > > > org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
> > > > at
> > > > org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
> > > > at
> > > > org.apache.rampart.handler.WSDoAllSender.processBasic(WSDoAllSender.java:254)
> > > > at
> > > > org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:86)
> > > > ... 8 more
> > > >
> > > > And when I set level=DEBUG in my log4j.properties:
> > > >
> > > > 985 [main] DEBUG org.apache.ws.security.util.Loader - Trying to find
> > > > [client_crypto.properties] using
> > > > [EMAIL PROTECTED] class loader.
> > > > 1000 [main] DEBUG
> > > > org.apache.ws.security.components.crypto.CryptoFactory - Using Crypto
> > > > Engine [org.apache.ws.security.components.crypto.Merlin]
> > > > 1000 [main] DEBUG org.apache.ws.security.util.Loader - Trying to find
> > > > [oot-stage.p12] using [EMAIL PROTECTED] class
> > > > loader.
> > > > 1000 [main] DEBUG org.apache.ws.security.util.Loader - Trying to find
> > > > [oot-stage.p12] using [EMAIL PROTECTED] class
> > > > loader.
> > > > 1000 [main] DEBUG org.apache.ws.security.util.Loader - Trying to find
> > > > [oot-stage.p12] using ClassLoader.getSystemResource().
> > > > 1563 [main] DEBUG org.apache.ws.security.handler.WSHandler -
> > > > Performing Action: 32
> > > > 1563 [main] DEBUG org.apache.ws.security.message.WSSecTimestamp -
> > > > Begin add timestamp...
> > > > 1578 [main] DEBUG org.apache.ws.security.handler.WSHandler -
> > > > Performing Action: 2
> > > > 1578 [main] DEBUG org.apache.ws.security.message.WSSecSignature -
> > > > Beginning signing...
> > > >
> > > >
> > > > As you can see, all matches up, but the actual signing fails!
> > > >
> > > > Any help would be greatly appreciated.
> > > >
> > > > Thanks.
> > > >
> > > >
> > > > Kind regards,
> > > >
> > > > Rachel Primrose
> > > > E: [EMAIL PROTECTED]
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > http://blog.ruchith.org
> > > http://wso2.org
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
> >
> > --
> > Kind regards,
> >
> > Rachel Primrose
> > E: [EMAIL PROTECTED]
> > M: 021 969 728
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
>
> --
> http://blog.ruchith.org
> http://wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
