Hello everyone,
I have a web service implementation which starts from a given WSDL - not
the service class. I have both server and client running ok - without
any security. Now I need to sign and encrypt the payload. I installed
rampart (seemingly ok) and ....
* Adjusted my WSDL to ad the policy (see below)
* adjusted the service.xml (see below) for the web service
* created a policy file for the client and adjusted the client code
as follows:
ConfigurationContext context =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
axis2xmlPath);
DataPartnerSearchServicesStub stub = new
DataPartnerSearchServicesStub(context, WS_ENDPOINT);
StAXOMBuilder builder = new StAXOMBuilder(repo +
"/conf/rampart-client-config.xml");
OMElement configElement = builder.getDocumentElement();
Policy rampartConfig = PolicyEngine.getPolicy(configElement);
Options options = new Options();
options.setTo(new EndpointReference(WS_ENDPOINT));
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, rampartConfig);
stub._getServiceClient().setOptions(options);
// THIS THROWS THE EXCEPTION BELOW
searchResult = stub.SyncSearch(searchRequest);
org.apache.axis2.AxisFault: Malformed uri: testpolicy
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at
ca.bc.absu.mels.webservice.client.search.DataPartnerSearchServicesStub.SyncSearch(DataPartnerSearchServicesStub.java:189)
at
ca.bc.absu.mels.testclient.console.InvokeSearchService.performSearch(InvokeSearchService.java:114)
at
ca.bc.absu.mels.testclient.console.InvokeSearchService.runTest(InvokeSearchService.java:36)
at
ca.bc.absu.mels.testclient.console.InvokeSearchService.main(InvokeSearchService.java:133)
The server logs are empty. I know the client tries to connect to the
server: WIthout a running server I get a "connection refused" excception
and if I rename the policy name in the WSDL the "malformed URI" in the
exception changes as well
I don't see how the URI would be "malformed" - it looks pretty much
exactly like in the examples available online. Would anyone have any
suggestions??? Am I doing something else wrong?
Thanks a LOT for ANY suggestion...
Maik
Details below:
=== WSDL ===
<definitions name="DPServices"
targetNamespace="http://ag.gov.bc.ca/FAMS2/V1Schema";
xmlns="http://schemas.xmlsoap.org/wsdl/";
xmlns:tns="http://ag.gov.bc.ca/FAMS2/V1Schema";
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/";
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd";>
<wsp:Policy wsu:Id="testpolicy">
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10>
<wsp:Policy>
<sp:MustSupportRefEmbeddedToken />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts>
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
</wsp:Policy>
[....]
<binding name="DPSearchSOAPBinding"
type="tns:DataPartnerSearchFacade">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<wsp:PolicyReference URI="#testpolicy" wsdl:required="true" />
<operation name="SyncSearch">
<soap:operation style="document"
soapAction="SyncSearch"/>
<input>
<soap:body use="literal"/>
</input>
<output>
<soap:body use="literal"/>
</output>
<fault name="DPSearchFault">
<soap:fault name="DPSearchFault" use="literal"/>
</fault>
</operation>
</binding>
<service name="DataPartnerSearchServices">
<port binding="tns:DPSearchSOAPBinding"
name="DataPartnerSearchFacade">
<soap:address
location="http://localhost:8085/axis2/services/DataPartnerSearchServices"/>
</port>
</service>
</definitions>
===== services.xml ===
<?xml version="1.0" encoding="UTF-8"?>
<serviceGroup>
<service name="DataPartnerSearchServices">
<messageReceivers>
<messageReceiver mep="http://www.w3.org/ns/wsdl/in-out";
class="ca.bc.absu.mels.webservice.server.search.DataPartnerSearchServicesMessageReceiverInOut"/>
</messageReceivers>
<parameter
name="ServiceClass">...DataPartnerSearchServiceImplementation</parameter>
<parameter name="useOriginalwsdl">true</parameter>
<parameter name="modifyUserWSDLPortAddress">true</parameter>
<operation name="SyncSearch"
mep="http://www.w3.org/ns/wsdl/in-out"; namespace="...">
[...]
</operation>
<module ref="rampart" />
<wsp:Policy
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="testpolicy">
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10>
<wsp:Policy>
<sp:MustSupportRefEmbeddedToken />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts>
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
<RampartConfig xmlns="http://ws.apache.org/rampart/policy";>
<user>s1</user>
<encryptionUser>c1</encryptionUser>
<passwordCallbackClass>server.search.PasswordCallbackHandler
</passwordCallbackClass>
<signatureCrypto>
<crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<property
name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS </property>
<property
name="org.apache.ws.security.crypto.merlin.file"> c:/keys/service.ks
</property>
<property
name="org.apache.ws.security.crypto.merlin.keystore.password">
service-ks-pass </property>
</crypto>
</signatureCrypto>
<encryptionCrypto>
<crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS </property>
<property
name="org.apache.ws.security.crypto.merlin.file">c:/keys/client.ks</property>
<property
name="org.apache.ws.security.crypto.merlin.keystore.password">service-ks-pass</property>
</crypto>
</encryptionCrypto>
</RampartConfig>
</wsp:Policy>
</service>
</serviceGroup>
===== THE CLIENT POLICY FILE ======
===== client policy ====
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns="http://ws.apache.org/rampart/policy";>
<RampartConfig>
<user>c1</user>
<encryptionUser>s1</encryptionUser>
<passwordCallbackClass>
client.search.PasswordCallbackHandler</passwordCallbackClass>
<signatureCrypto>
<crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<property
name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS </property>
<property
name="org.apache.ws.security.crypto.merlin.file"> c:/keys/client.ks
</property>
<property
name="org.apache.ws.security.crypto.merlin.keystore.password">client-ks-pass</property>
</crypto>
</signatureCrypto>
<encryptionCrypto>
<crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
<property
name="org.apache.ws.security.crypto.merlin.file">c:/keys/client.ks</property>
<property
name="org.apache.ws.security.crypto.merlin.keystore.password">client-ks-pass</property>
</crypto>
</encryptionCrypto>
</RampartConfig>
</wsp:Policy>
