Hi Sanjay, Which version of Apache xmlsec are you using?
Thanks, Ruchith On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta <[email protected]> wrote: > Hi Ruchith, > Finally I got authentication working on rest call. I had to comment the db > calls in the class that you provided to get past the db connection issue. > Thank you so much for helping me out. Even though the authentication is > working I get an error. See the stacktrace below. I see a jira for the same > issue. Are there any side effect of this error? > Thanks > Sanjay > > http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html > > > [FATAL] Bad: > java.lang.NullPointerException > at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown > Source) > at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) > at org.apache.xml.security.Init.init(Unknown Source) > at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) > at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256) > at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) > at > org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) > at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52) > at > org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62) > at > org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) > at > org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) > at > org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) > at > org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) > at > org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > at java.lang.Thread.run(Thread.java:619) > java.lang.NullPointerException > at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown > Source) > at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) > at org.apache.xml.security.Init.init(Unknown Source) > at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) > at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256) > at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) > at > org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) > at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52) > at > org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62) > at > org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) > at > org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) > at > org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) > at > org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) > at > org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > at java.lang.Thread.run(Thread.java:619) > -----Original Message----- > From: Sanjay Gupta [mailto:[email protected]] > Sent: Sunday, April 19, 2009 10:36 PM > To: [email protected] > Subject: RE: Securing Axis2 REST Style Services > > Hi Ruchitch, > Please ignore my previous message. The POXSecurityHandler class was not > compiled correctly. I had to figure out all the dependencies and copy them to > the axis2 lib dir one by one. Painful but I think I have them all now. Now I > am stuck on this error. How can I avoid connection the database wso2wsas_db. > I think I don't need to this for what I am trying to accomplish. I really > appreciate your help. > Thanks > Sanjay > > Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke > SEVERE: Servlet.service() for servlet AxisServlet threw exception > org.hibernate.exception.GenericJDBCException: Cannot open connection > at > org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103) > at > org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91) > at > org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43) > at > org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29) > at > org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426) > at > org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144) > at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119) > at > org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57) > at > org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301) > at $Proxy4.beginTransaction(Unknown Source) > at > org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77) > at > org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300) > at > org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93) > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) > at > org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) > at > org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) > at > org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) > at > org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > at java.lang.Thread.run(Thread.java:619) > Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found. > at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source) > at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source) > at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown > Source) > at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown > Source) > at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source) > at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source) > at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown Source) > at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source) > at java.sql.DriverManager.getConnection(DriverManager.java:582) > at java.sql.DriverManager.getConnection(DriverManager.java:154) > at > org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110) > at > org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423) > ... 35 more > > -----Original Message----- > From: Sanjay Gupta [mailto:[email protected]] > Sent: Sunday, April 19, 2009 8:44 PM > To: [email protected] > Subject: RE: Securing Axis2 REST Style Services > > Hi Ruchith, > Thanks for proving the class. I am assuming that I needed to add this handler > to the transport phase after SOAPActionBasedDispatcher. I was able to find > the wso2 dependencies from wso2wsas version 2.3. and able to compile the > class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am > having trouble when I run it. The program depends > javax.servlet.http.HttpServletRequest and > javax.servlet.http.HttpServletResponse classes and they are available in > servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this > error. > > SEVERE: StandardWrapper.Throwable > java.lang.Error: Unresolved compilation problems: > The import javax.servlet.http cannot be resolved > The import javax.servlet.http cannot be resolved > HttpServletRequest cannot be resolved to a type > HttpServletRequest cannot be resolved to a type > HttpServletResponse cannot be resolved to a type > HttpServletResponse cannot be resolved to a type > HttpServletResponse cannot be resolved > > at > org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > > I tried unzipping the servlet-api.jar in classes dir and got this error. > SEVERE: Servlet /axis2 threw load() exception > java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet > cannot be cast to javax.servlet.Servlet > at > org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104) > at > org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981) > at > org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058) > at > org.apache.catalina.core.StandardContext.start(StandardContext.java:4364) > at > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) > at > org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) > at > org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) > at > org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924) > at > org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887) > at > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) > at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147) > at > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) > at > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) > at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) > at > org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) > at > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) > at > org.apache.catalina.core.StandardService.start(StandardService.java:516) > at > org.apache.catalina.core.StandardServer.start(StandardServer.java:710) > at org.apache.catalina.startup.Catalina.start(Catalina.java:578) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) > > > I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4. > Thanks > Sanjay > > -----Original Message----- > From: Ruchith Fernando [mailto:[email protected]] > Sent: Thursday, April 16, 2009 5:52 PM > To: [email protected] > Subject: Re: Securing Axis2 REST Style Services > > Oops :-) > > Here you go : > > https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java > > On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta > <[email protected]> wrote: >> Hi Ruchith, >> Thanks for the quick reply. Could you please point me to the link that talks >> about this solutions. >> Thanks >> Sanjay >> >> -----Original Message----- >> From: Ruchith Fernando [mailto:[email protected]] >> Sent: Thursday, April 16, 2009 4:31 PM >> To: [email protected] >> Subject: Re: Securing Axis2 REST Style Services >> >> Hi, >> >> For the REST style calls you can use HTTPS + Basic Auth >> >> Have a look at this [1] handler from WSO2 WSAS. This will simply add >> the UsernameToken into the SOAP representation of the incoming REST >> request, which will be processed by Rampart (which you have already >> configured). >> >> Thanks, >> Ruchith >> >> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta >> <[email protected]> wrote: >>> HI, >>> >>> I have a POJO based services deployed in axis2 and it's working well. I have >>> implememted the basic user/password security using rampart and it's working >>> fine for SOAP calls. I generated the client using wsdl2java.My question is >>> how do I secure the REST style calls. Do I need to do anything special. I >>> need to deploy these services into production soon and any help or pointers >>> would be greatly appreciated. >>> >>> Thanks >>> >>> Sanjay >> >> >> >> -- >> http://blog.ruchith.org >> > > > > -- > http://blog.ruchith.org > -- http://blog.ruchith.org
