Hi Ruchith, Finally I got authentication working on rest call. I had to comment the db calls in the class that you provided to get past the db connection issue. Thank you so much for helping me out. Even though the authentication is working I get an error. See the stacktrace below. I see a jira for the same issue. Are there any side effect of this error? Thanks Sanjay
http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html [FATAL] Bad: java.lang.NullPointerException at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) at org.apache.xml.security.Init.init(Unknown Source) at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256) at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52) at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62) at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) java.lang.NullPointerException at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) at org.apache.xml.security.Init.init(Unknown Source) at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256) at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52) at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62) at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) -----Original Message----- From: Sanjay Gupta [mailto:[email protected]] Sent: Sunday, April 19, 2009 10:36 PM To: [email protected] Subject: RE: Securing Axis2 REST Style Services Hi Ruchitch, Please ignore my previous message. The POXSecurityHandler class was not compiled correctly. I had to figure out all the dependencies and copy them to the axis2 lib dir one by one. Painful but I think I have them all now. Now I am stuck on this error. How can I avoid connection the database wso2wsas_db. I think I don't need to this for what I am trying to accomplish. I really appreciate your help. Thanks Sanjay Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet AxisServlet threw exception org.hibernate.exception.GenericJDBCException: Cannot open connection at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103) at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91) at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43) at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29) at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426) at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144) at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119) at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57) at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301) at $Proxy4.beginTransaction(Unknown Source) at org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77) at org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300) at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found. at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source) at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source) at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source) at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source) at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source) at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source) at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown Source) at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source) at java.sql.DriverManager.getConnection(DriverManager.java:582) at java.sql.DriverManager.getConnection(DriverManager.java:154) at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110) at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423) ... 35 more -----Original Message----- From: Sanjay Gupta [mailto:[email protected]] Sent: Sunday, April 19, 2009 8:44 PM To: [email protected] Subject: RE: Securing Axis2 REST Style Services Hi Ruchith, Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error. SEVERE: StandardWrapper.Throwable java.lang.Error: Unresolved compilation problems: The import javax.servlet.http cannot be resolved The import javax.servlet.http cannot be resolved HttpServletRequest cannot be resolved to a type HttpServletRequest cannot be resolved to a type HttpServletResponse cannot be resolved to a type HttpServletResponse cannot be resolved to a type HttpServletResponse cannot be resolved at org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) I tried unzipping the servlet-api.jar in classes dir and got this error. SEVERE: Servlet /axis2 threw load() exception java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4. Thanks Sanjay -----Original Message----- From: Ruchith Fernando [mailto:[email protected]] Sent: Thursday, April 16, 2009 5:52 PM To: [email protected] Subject: Re: Securing Axis2 REST Style Services Oops :-) Here you go : https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta <[email protected]> wrote: > Hi Ruchith, > Thanks for the quick reply. Could you please point me to the link that talks > about this solutions. > Thanks > Sanjay > > -----Original Message----- > From: Ruchith Fernando [mailto:[email protected]] > Sent: Thursday, April 16, 2009 4:31 PM > To: [email protected] > Subject: Re: Securing Axis2 REST Style Services > > Hi, > > For the REST style calls you can use HTTPS + Basic Auth > > Have a look at this [1] handler from WSO2 WSAS. This will simply add > the UsernameToken into the SOAP representation of the incoming REST > request, which will be processed by Rampart (which you have already > configured). > > Thanks, > Ruchith > > On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta > <[email protected]> wrote: >> HI, >> >> I have a POJO based services deployed in axis2 and it's working well. I have >> implememted the basic user/password security using rampart and it's working >> fine for SOAP calls. I generated the client using wsdl2java.My question is >> how do I secure the REST style calls. Do I need to do anything special. I >> need to deploy these services into production soon and any help or pointers >> would be greatly appreciated. >> >> Thanks >> >> Sanjay > > > > -- > http://blog.ruchith.org > -- http://blog.ruchith.org
