Re: Axis2 with rampart sample, username hardcoded

Mon, 31 Mar 2008 21:53:14 -0700 

Hi, Nandana
I am using rampart 1.3 and axis 1.3. Is this a bug or is there any error with my code? 

thanks

-jason

jason zhang wrote:

Hi, Nandana

I used this poicy in my service.xml, deployed the service. I then 
generated stub using wsdl which contains the policy element.


My client code is like this

ConfigurationContext ctx = 
ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo_dir, 
null);

       stub = new net.sf.webcommand.ws.client.ProgramwsStub(ctx,
               "http://localhost:9090/cmdportal1/services/programws";);

       ServiceClient sc=stub._getServiceClient();             
sc.engageModule("rampart");

       Options options = sc.getOptions();
       options.setUserName("apache");
       options.setPassword("password");

     But the client does not send the username and password. It just 
sends an empty security header.  This header is like this

<soapenv:Header>

<wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; 
soapenv:mustUnderstand="true" /></soapenv:Header>


any suggestion?

thanks

-jason


Nandana Mihindukulasooriya wrote:

Hi Jason,
       You need to have that Username Token assertion inside a
supporting token assertion.

<wsp:Policy wsu:Id="UToverHTTP"

        
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; 


        xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
        xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
    <wsp:ExactlyOne>
        <wsp:All>
              <sp:SupportingTokens>
                <wsp:Policy>

                      <sp:UsernameToken/>           
                </wsp:Policy>

              </sp:SupportingTokens>

              <ramp:RampartConfig 
xmlns:ramp="http://ws.apache.org/rampart/policy";>
                <ramp:user>Alice</ramp:user>   
                
<ramp:passwordCallbackClass>org.apache.testing.clients.WSS11Client</ramp:passwordCallbackClass> 


            </ramp:RampartConfig>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

But here the password is in clear text. If you are using Rampart
SNAPSHOT , you can use WS Security Policy 1.2 to send the hashed
password. The policy for that is given below.

<wsp:Policy wsu:Id="HashedPasswordoverHTTP"

        
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; 


        xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";

        
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>

    <wsp:ExactlyOne>
        <wsp:All>
              <sp:SupportingTokens>
                <wsp:Policy>

                      <sp:UsernameToken>           
                          <wsp:Policy>

                              <sp:HashPassword/>
                          </wsp:Policy>
                      </sp:UsernameToken>
                </wsp:Policy>
              </sp:SupportingTokens>

              <ramp:RampartConfig 
xmlns:ramp="http://ws.apache.org/rampart/policy";>
                <ramp:user>Alice</ramp:user>   
                
<ramp:passwordCallbackClass>org.apache.testing.clients.WSS11Client</ramp:passwordCallbackClass> 


            </ramp:RampartConfig>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

thanks,
/nandana


  






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to