BTW ... you can also simply construct a UsernameToken element and insert the username and password as required and add it to the SOAP header with the security header, by just using axiom :-)
-Ruchith On Thu, Apr 23, 2009 at 4:23 AM, Ruchith Fernando <[email protected]> wrote: > Hi Sanjay, > > I'm trying to find a place that could throw the NPE in the > xmlsec-1.4.1 code. I still can't find a problem > JCEMapper.loadAlgorithms() method is called with an element picked out > of the config file and it should simply be able to process the rest of > it without an issue. If we had line numbers it would have been very > easy to spot the issue. > > Can you please try using this jar [1] and see whether you can > reproduce this error with it? ( hopefully this is compiled with debug > info). > > Thanks, > Ruchith > > 1. > http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar > > On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta > <[email protected]> wrote: >> Hi Ruchith, >> I am using verison 1.4.1. >> xmlsec-1.4.1.jar >> >> Thanks >> Sanjay >> >> -----Original Message----- >> From: Ruchith Fernando [mailto:[email protected]] >> Sent: Wednesday, April 22, 2009 7:24 PM >> To: [email protected] >> Subject: Re: Securing Axis2 REST Style Services >> >> Hi Sanjay, >> >> Which version of Apache xmlsec are you using? >> >> Thanks, >> Ruchith >> >> On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta >> <[email protected]> wrote: >>> Hi Ruchith, >>> Finally I got authentication working on rest call. I had to comment the db >>> calls in the class that you provided to get past the db connection issue. >>> Thank you so much for helping me out. Even though the authentication is >>> working I get an error. See the stacktrace below. I see a jira for the same >>> issue. Are there any side effect of this error? >>> Thanks >>> Sanjay >>> >>> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html >>> >>> >>> [FATAL] Bad: >>> java.lang.NullPointerException >>> at >>> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) >>> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) >>> at org.apache.xml.security.Init.init(Unknown Source) >>> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) >>> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256) >>> at >>> org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) >>> at >>> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) >>> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52) >>> at >>> org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62) >>> at >>> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) >>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >>> at >>> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) >>> at >>> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) >>> at >>> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) >>> at >>> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>> at >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>> at >>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>> at >>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>> at >>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>> at java.lang.Thread.run(Thread.java:619) >>> java.lang.NullPointerException >>> at >>> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) >>> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) >>> at org.apache.xml.security.Init.init(Unknown Source) >>> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) >>> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256) >>> at >>> org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) >>> at >>> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) >>> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52) >>> at >>> org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62) >>> at >>> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) >>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >>> at >>> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) >>> at >>> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) >>> at >>> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) >>> at >>> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>> at >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>> at >>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>> at >>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>> at >>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>> at java.lang.Thread.run(Thread.java:619) >>> -----Original Message----- >>> From: Sanjay Gupta [mailto:[email protected]] >>> Sent: Sunday, April 19, 2009 10:36 PM >>> To: [email protected] >>> Subject: RE: Securing Axis2 REST Style Services >>> >>> Hi Ruchitch, >>> Please ignore my previous message. The POXSecurityHandler class was not >>> compiled correctly. I had to figure out all the dependencies and copy them >>> to the axis2 lib dir one by one. Painful but I think I have them all now. >>> Now I am stuck on this error. How can I avoid connection the database >>> wso2wsas_db. I think I don't need to this for what I am trying to >>> accomplish. I really appreciate your help. >>> Thanks >>> Sanjay >>> >>> Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve >>> invoke >>> SEVERE: Servlet.service() for servlet AxisServlet threw exception >>> org.hibernate.exception.GenericJDBCException: Cannot open connection >>> at >>> org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103) >>> at >>> org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91) >>> at >>> org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43) >>> at >>> org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29) >>> at >>> org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426) >>> at >>> org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144) >>> at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119) >>> at >>> org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57) >>> at >>> org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>> at java.lang.reflect.Method.invoke(Method.java:597) >>> at >>> org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301) >>> at $Proxy4.beginTransaction(Unknown Source) >>> at >>> org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77) >>> at >>> org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300) >>> at >>> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93) >>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >>> at >>> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) >>> at >>> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) >>> at >>> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) >>> at >>> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>> at >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >>> at >>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >>> at >>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>> at >>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >>> at java.lang.Thread.run(Thread.java:619) >>> Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found. >>> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown >>> Source) >>> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown >>> Source) >>> at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown >>> Source) >>> at >>> org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source) >>> at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source) >>> at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown >>> Source) >>> at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown >>> Source) >>> at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source) >>> at java.sql.DriverManager.getConnection(DriverManager.java:582) >>> at java.sql.DriverManager.getConnection(DriverManager.java:154) >>> at >>> org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110) >>> at >>> org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423) >>> ... 35 more >>> >>> -----Original Message----- >>> From: Sanjay Gupta [mailto:[email protected]] >>> Sent: Sunday, April 19, 2009 8:44 PM >>> To: [email protected] >>> Subject: RE: Securing Axis2 REST Style Services >>> >>> Hi Ruchith, >>> Thanks for proving the class. I am assuming that I needed to add this >>> handler to the transport phase after SOAPActionBasedDispatcher. I was able >>> to find the wso2 dependencies from wso2wsas version 2.3. and able to >>> compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar >>> files. But I am having trouble when I run it. The program depends >>> javax.servlet.http.HttpServletRequest and >>> javax.servlet.http.HttpServletResponse classes and they are available in >>> servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this >>> error. >>> >>> SEVERE: StandardWrapper.Throwable >>> java.lang.Error: Unresolved compilation problems: >>> The import javax.servlet.http cannot be resolved >>> The import javax.servlet.http cannot be resolved >>> HttpServletRequest cannot be resolved to a type >>> HttpServletRequest cannot be resolved to a type >>> HttpServletResponse cannot be resolved to a type >>> HttpServletResponse cannot be resolved to a type >>> HttpServletResponse cannot be resolved >>> >>> at >>> org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44) >>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native >>> Method) >>> >>> I tried unzipping the servlet-api.jar in classes dir and got this error. >>> SEVERE: Servlet /axis2 threw load() exception >>> java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet >>> cannot be cast to javax.servlet.Servlet >>> at >>> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104) >>> at >>> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981) >>> at >>> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058) >>> at >>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4364) >>> at >>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) >>> at >>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) >>> at >>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) >>> at >>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924) >>> at >>> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887) >>> at >>> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) >>> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147) >>> at >>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) >>> at >>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) >>> at >>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) >>> at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) >>> at >>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) >>> at >>> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) >>> at >>> org.apache.catalina.core.StandardService.start(StandardService.java:516) >>> at >>> org.apache.catalina.core.StandardServer.start(StandardServer.java:710) >>> at org.apache.catalina.startup.Catalina.start(Catalina.java:578) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>> at java.lang.reflect.Method.invoke(Method.java:597) >>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) >>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) >>> >>> >>> I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4. >>> Thanks >>> Sanjay >>> >>> -----Original Message----- >>> From: Ruchith Fernando [mailto:[email protected]] >>> Sent: Thursday, April 16, 2009 5:52 PM >>> To: [email protected] >>> Subject: Re: Securing Axis2 REST Style Services >>> >>> Oops :-) >>> >>> Here you go : >>> >>> https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java >>> >>> On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta >>> <[email protected]> wrote: >>>> Hi Ruchith, >>>> Thanks for the quick reply. Could you please point me to the link that >>>> talks about this solutions. >>>> Thanks >>>> Sanjay >>>> >>>> -----Original Message----- >>>> From: Ruchith Fernando [mailto:[email protected]] >>>> Sent: Thursday, April 16, 2009 4:31 PM >>>> To: [email protected] >>>> Subject: Re: Securing Axis2 REST Style Services >>>> >>>> Hi, >>>> >>>> For the REST style calls you can use HTTPS + Basic Auth >>>> >>>> Have a look at this [1] handler from WSO2 WSAS. This will simply add >>>> the UsernameToken into the SOAP representation of the incoming REST >>>> request, which will be processed by Rampart (which you have already >>>> configured). >>>> >>>> Thanks, >>>> Ruchith >>>> >>>> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta >>>> <[email protected]> wrote: >>>>> HI, >>>>> >>>>> I have a POJO based services deployed in axis2 and it's working well. I >>>>> have >>>>> implememted the basic user/password security using rampart and it's >>>>> working >>>>> fine for SOAP calls. I generated the client using wsdl2java.My question is >>>>> how do I secure the REST style calls. Do I need to do anything special. I >>>>> need to deploy these services into production soon and any help or >>>>> pointers >>>>> would be greatly appreciated. >>>>> >>>>> Thanks >>>>> >>>>> Sanjay >>>> >>>> >>>> >>>> -- >>>> http://blog.ruchith.org >>>> >>> >>> >>> >>> -- >>> http://blog.ruchith.org >>> >> >> >> >> -- >> http://blog.ruchith.org >> > > > > -- > http://blog.ruchith.org > -- http://blog.ruchith.org
