hi,

I tried to this in order to create a secure service.

1. Start the WSO2wsas 3.1.2 and goto HelloService.
2. Then enable security using Admin console and selet the 'Sign and encrypt
- X509 Authentication' (5 th case)
3. Click on the Generate Client and generate the code with adb.
4. Geneate the maven project with the generated pom.xml

Invoke the service with the following client code.

        try {
            HelloServiceStub stub = new HelloServiceStub("
http://127.0.0.1:8088/services/HelloService.HelloServiceHttpSoap11Endpoint/
");
            stub._getServiceClient().engageModule("rampart");
            StAXOMBuilder builder = new StAXOMBuilder("conf/policy.xml");
            Policy policy =
PolicyEngine.getPolicy(builder.getDocumentElement());

stub._getServiceClient().getAxisService().getPolicySubject().attachPolicy(policy);
            stub.greet("hellow");
        } catch (AxisFault axisFault) {
            axisFault.printStackTrace();
        } catch (java.rmi.RemoteException e) {
            e.printStackTrace();
        } catch (XMLStreamException e) {
            e.printStackTrace();
        } catch (FileNotFoundException e) {
            e.printStackTrace();
        }

Policy.xml contains following. I added the rampart mar to classpath.

<wsp:Policy wsu:Id="SigEncr"
            xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
            xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
    <wsp:ExactlyOne>
        <wsp:All>
            <ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy";>
                <ramp:user>wso2carbon</ramp:user>
                <ramp:encryptionUser>wso2carbon</ramp:encryptionUser>

<ramp:passwordCallbackClass>org.wso2.www.types.PWCallbackHandler</ramp:passwordCallbackClass>

                <ramp:signatureCrypto>
                    <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
                        <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        <ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property>
                        <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property>
                    </ramp:crypto>
                </ramp:signatureCrypto>
                <ramp:encryptionCypto>
                    <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
                        <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        <ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property>
                        <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property>
                    </ramp:crypto>
                </ramp:encryptionCypto>
            </ramp:RampartConfig>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

Callback handler class like this

public class PWCallbackHandler implements CallbackHandler {

    public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
            String id = pwcb.getIdentifer();
            if ("wso2carbon".equals(id)) {
                pwcb.setPassword("wso2carbon");
            }
        }
    }
}

Then I am getting following error at the server side.

aused by: org.apache.ws.security.WSSecurityException: An unsupported token
was provided (Token type "
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1
")
    at
org.apache.ws.security.processor.SignatureProcessor.createSecurityToken(SignatureProcessor.java:594)
    at
org.apache.ws.security.processor.SignatureProcessor.getCertificatesTokenReference(SignatureProcessor.java:558)
    at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:274)
    at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:99)
    at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329)
    at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246)
    at org.apache.rampart.RampartEngine.process(RampartEngine.java:154)
    at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)

I think this senario should work out of the box. What could be the problem?

thanks,
Amila.
_______________________________________________
Carbon-dev mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Reply via email to