BTW ... you can also simply construct a UsernameToken element and
insert the username and password as required and add it to the SOAP
header with the security header, by just using axiom :-)

-Ruchith


On Thu, Apr 23, 2009 at 4:23 AM, Ruchith Fernando
<[email protected]> wrote:
> Hi Sanjay,
>
> I'm trying to find a place that could throw the NPE in the
> xmlsec-1.4.1 code. I still can't find a problem
> JCEMapper.loadAlgorithms() method is called with an element picked out
> of the config file and it should simply be able to process the rest of
> it without an issue. If we had line numbers it would have been very
> easy to spot the issue.
>
> Can you please try using this jar [1] and see whether you can
> reproduce this error with it? ( hopefully this is compiled with debug
> info).
>
> Thanks,
> Ruchith
>
> 1. 
> http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar
>
> On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta
> <[email protected]> wrote:
>> Hi Ruchith,
>> I am using verison 1.4.1.
>> xmlsec-1.4.1.jar
>>
>> Thanks
>> Sanjay
>>
>> -----Original Message-----
>> From: Ruchith Fernando [mailto:[email protected]]
>> Sent: Wednesday, April 22, 2009 7:24 PM
>> To: [email protected]
>> Subject: Re: Securing Axis2 REST Style Services
>>
>> Hi Sanjay,
>>
>> Which version of Apache xmlsec are you using?
>>
>> Thanks,
>> Ruchith
>>
>> On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta
>> <[email protected]> wrote:
>>> Hi Ruchith,
>>> Finally I got authentication working on rest call. I had to comment the db 
>>> calls in the class that you provided to get past the db connection issue.  
>>> Thank you so much for helping me out. Even though the authentication is 
>>> working I get an error. See the stacktrace below. I see a jira for the same 
>>> issue. Are there any side effect of this error?
>>> Thanks
>>> Sanjay
>>>
>>> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html
>>>
>>>
>>> [FATAL] Bad:
>>> java.lang.NullPointerException
>>>        at 
>>> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
>>>        at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
>>>        at org.apache.xml.security.Init.init(Unknown Source)
>>>        at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
>>>        at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
>>>        at 
>>> org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
>>>        at 
>>> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
>>>        at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
>>>        at 
>>> org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
>>>        at 
>>> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
>>>        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>>>        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>>>        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>>>        at 
>>> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>>>        at 
>>> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>>>        at 
>>> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>>>        at 
>>> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>        at 
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>        at 
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>        at 
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>        at 
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>        at 
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>>>        at 
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>        at 
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>        at 
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>        at 
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>        at 
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>        at 
>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>        at 
>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>        at java.lang.Thread.run(Thread.java:619)
>>> java.lang.NullPointerException
>>>        at 
>>> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
>>>        at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
>>>        at org.apache.xml.security.Init.init(Unknown Source)
>>>        at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
>>>        at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
>>>        at 
>>> org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
>>>        at 
>>> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
>>>        at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
>>>        at 
>>> org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
>>>        at 
>>> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
>>>        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>>>        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>>>        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>>>        at 
>>> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>>>        at 
>>> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>>>        at 
>>> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>>>        at 
>>> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>        at 
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>        at 
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>        at 
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>        at 
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>        at 
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>>>        at 
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>        at 
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>        at 
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>        at 
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>        at 
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>        at 
>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>        at 
>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>        at java.lang.Thread.run(Thread.java:619)
>>> -----Original Message-----
>>> From: Sanjay Gupta [mailto:[email protected]]
>>> Sent: Sunday, April 19, 2009 10:36 PM
>>> To: [email protected]
>>> Subject: RE: Securing Axis2 REST Style Services
>>>
>>> Hi Ruchitch,
>>> Please ignore my previous message. The POXSecurityHandler class was not 
>>> compiled correctly. I had to figure out all the dependencies and copy them 
>>> to the axis2 lib dir one by one. Painful but I think I have them all now. 
>>> Now I am stuck on this error. How can I avoid connection the database 
>>> wso2wsas_db. I think I don't need to this for what I am trying to 
>>> accomplish. I really appreciate your help.
>>> Thanks
>>> Sanjay
>>>
>>> Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve 
>>> invoke
>>> SEVERE: Servlet.service() for servlet AxisServlet threw exception
>>> org.hibernate.exception.GenericJDBCException: Cannot open connection
>>>        at 
>>> org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
>>>        at 
>>> org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
>>>        at 
>>> org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
>>>        at 
>>> org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
>>>        at 
>>> org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426)
>>>        at 
>>> org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144)
>>>        at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119)
>>>        at 
>>> org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57)
>>>        at 
>>> org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326)
>>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>        at 
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>        at 
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>        at java.lang.reflect.Method.invoke(Method.java:597)
>>>        at 
>>> org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301)
>>>        at $Proxy4.beginTransaction(Unknown Source)
>>>        at 
>>> org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77)
>>>        at 
>>> org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300)
>>>        at 
>>> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93)
>>>        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>>>        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>>>        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>>>        at 
>>> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>>>        at 
>>> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>>>        at 
>>> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>>>        at 
>>> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>        at 
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>        at 
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>        at 
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>        at 
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>        at 
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>>>        at 
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>        at 
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>        at 
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>        at 
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>        at 
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>>        at 
>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>        at 
>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>        at java.lang.Thread.run(Thread.java:619)
>>> Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found.
>>>        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown 
>>> Source)
>>>        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown 
>>> Source)
>>>        at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown 
>>> Source)
>>>        at 
>>> org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source)
>>>        at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
>>>        at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown 
>>> Source)
>>>        at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown 
>>> Source)
>>>        at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
>>>        at java.sql.DriverManager.getConnection(DriverManager.java:582)
>>>        at java.sql.DriverManager.getConnection(DriverManager.java:154)
>>>        at 
>>> org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)
>>>        at 
>>> org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423)
>>>        ... 35 more
>>>
>>> -----Original Message-----
>>> From: Sanjay Gupta [mailto:[email protected]]
>>> Sent: Sunday, April 19, 2009 8:44 PM
>>> To: [email protected]
>>> Subject: RE: Securing Axis2 REST Style Services
>>>
>>> Hi Ruchith,
>>> Thanks for proving the class. I am assuming that I needed to add this 
>>> handler to the transport phase after SOAPActionBasedDispatcher. I was able 
>>> to find the wso2 dependencies from  wso2wsas version 2.3. and able to 
>>> compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar 
>>> files. But I am having trouble when I run it. The program depends 
>>> javax.servlet.http.HttpServletRequest and
>>> javax.servlet.http.HttpServletResponse classes and they are available in 
>>> servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this 
>>> error.
>>>
>>> SEVERE: StandardWrapper.Throwable
>>> java.lang.Error: Unresolved compilation problems:
>>>        The import javax.servlet.http cannot be resolved
>>>        The import javax.servlet.http cannot be resolved
>>>        HttpServletRequest cannot be resolved to a type
>>>        HttpServletRequest cannot be resolved to a type
>>>        HttpServletResponse cannot be resolved to a type
>>>        HttpServletResponse cannot be resolved to a type
>>>        HttpServletResponse cannot be resolved
>>>
>>>        at 
>>> org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44)
>>>        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
>>> Method)
>>>
>>> I tried unzipping the servlet-api.jar in classes dir and got this error.
>>> SEVERE: Servlet /axis2 threw load() exception
>>> java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet 
>>> cannot be cast to javax.servlet.Servlet
>>>        at 
>>> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104)
>>>        at 
>>> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
>>>        at 
>>> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058)
>>>        at 
>>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4364)
>>>        at 
>>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
>>>        at 
>>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
>>>        at 
>>> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
>>>        at 
>>> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
>>>        at 
>>> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
>>>        at 
>>> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>>>        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
>>>        at 
>>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>>>        at 
>>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
>>>        at 
>>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
>>>        at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
>>>        at 
>>> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
>>>        at 
>>> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>>>        at 
>>> org.apache.catalina.core.StandardService.start(StandardService.java:516)
>>>        at 
>>> org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
>>>        at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
>>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>        at 
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>        at 
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>        at java.lang.reflect.Method.invoke(Method.java:597)
>>>        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
>>>        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>>>
>>>
>>> I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
>>> Thanks
>>> Sanjay
>>>
>>> -----Original Message-----
>>> From: Ruchith Fernando [mailto:[email protected]]
>>> Sent: Thursday, April 16, 2009 5:52 PM
>>> To: [email protected]
>>> Subject: Re: Securing Axis2 REST Style Services
>>>
>>> Oops  :-)
>>>
>>> Here you go :
>>>
>>> https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
>>>
>>> On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
>>> <[email protected]> wrote:
>>>> Hi Ruchith,
>>>> Thanks for the quick reply. Could you please point me to the link that 
>>>> talks about this solutions.
>>>> Thanks
>>>> Sanjay
>>>>
>>>> -----Original Message-----
>>>> From: Ruchith Fernando [mailto:[email protected]]
>>>> Sent: Thursday, April 16, 2009 4:31 PM
>>>> To: [email protected]
>>>> Subject: Re: Securing Axis2 REST Style Services
>>>>
>>>> Hi,
>>>>
>>>> For the REST style calls you can use HTTPS + Basic Auth
>>>>
>>>> Have a look at this [1] handler from WSO2 WSAS. This will simply add
>>>> the UsernameToken into the SOAP representation of the incoming REST
>>>> request, which will be processed by Rampart (which you have already
>>>> configured).
>>>>
>>>> Thanks,
>>>> Ruchith
>>>>
>>>> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
>>>> <[email protected]> wrote:
>>>>> HI,
>>>>>
>>>>> I have a POJO based services deployed in axis2 and it's working well. I 
>>>>> have
>>>>> implememted the basic user/password security  using rampart and it's 
>>>>> working
>>>>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>>>>> how do I secure the REST style calls. Do I need to do anything special. I
>>>>> need to deploy these services into production soon and any help or 
>>>>> pointers
>>>>> would be greatly appreciated.
>>>>>
>>>>> Thanks
>>>>>
>>>>> Sanjay
>>>>
>>>>
>>>>
>>>> --
>>>> http://blog.ruchith.org
>>>>
>>>
>>>
>>>
>>> --
>>> http://blog.ruchith.org
>>>
>>
>>
>>
>> --
>> http://blog.ruchith.org
>>
>
>
>
> --
> http://blog.ruchith.org
>



-- 
http://blog.ruchith.org

Reply via email to