We usually test all 16 security scenarios through the selenium test
framework and all were successful in WSAS-3.1.2 release. However we do not
use code generated client in there. We set the client side policy using
opts.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("client-policy-path"-policy.xml"));

Regards
Charitha

Charitha Kankanamge
WSO2 Inc.
http://wso2.org
email: [email protected]
cell: +94 718 359 265
blog: http://charithaka.blogspot.com


On Fri, Jan 15, 2010 at 4:41 PM, Amila Suriarachchi <[email protected]> wrote:

> hi,
>
> I tried to this in order to create a secure service.
>
> 1. Start the WSO2wsas 3.1.2 and goto HelloService.
> 2. Then enable security using Admin console and selet the 'Sign and encrypt
> - X509 Authentication' (5 th case)
> 3. Click on the Generate Client and generate the code with adb.
> 4. Geneate the maven project with the generated pom.xml
>
> Invoke the service with the following client code.
>
>         try {
>             HelloServiceStub stub = new HelloServiceStub("
> http://127.0.0.1:8088/services/HelloService.HelloServiceHttpSoap11Endpoint/
> ");
>             stub._getServiceClient().engageModule("rampart");
>             StAXOMBuilder builder = new StAXOMBuilder("conf/policy.xml");
>             Policy policy =
> PolicyEngine.getPolicy(builder.getDocumentElement());
>
> stub._getServiceClient().getAxisService().getPolicySubject().attachPolicy(policy);
>             stub.greet("hellow");
>         } catch (AxisFault axisFault) {
>             axisFault.printStackTrace();
>         } catch (java.rmi.RemoteException e) {
>             e.printStackTrace();
>         } catch (XMLStreamException e) {
>             e.printStackTrace();
>         } catch (FileNotFoundException e) {
>             e.printStackTrace();
>         }
>
> Policy.xml contains following. I added the rampart mar to classpath.
>
> <wsp:Policy wsu:Id="SigEncr"
>             xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>             xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>     <wsp:ExactlyOne>
>         <wsp:All>
>             <ramp:RampartConfig xmlns:ramp="
> http://ws.apache.org/rampart/policy";>
>                 <ramp:user>wso2carbon</ramp:user>
>                 <ramp:encryptionUser>wso2carbon</ramp:encryptionUser>
>
> <ramp:passwordCallbackClass>org.wso2.www.types.PWCallbackHandler</ramp:passwordCallbackClass>
>
>                 <ramp:signatureCrypto>
>                     <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
>                         <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>                         <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property>
>                         <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property>
>                     </ramp:crypto>
>                 </ramp:signatureCrypto>
>                 <ramp:encryptionCypto>
>                     <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
>                         <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>                         <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property>
>                         <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property>
>                     </ramp:crypto>
>                 </ramp:encryptionCypto>
>             </ramp:RampartConfig>
>         </wsp:All>
>     </wsp:ExactlyOne>
> </wsp:Policy>
>
> Callback handler class like this
>
> public class PWCallbackHandler implements CallbackHandler {
>
>     public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>         for (int i = 0; i < callbacks.length; i++) {
>             WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
>             String id = pwcb.getIdentifer();
>             if ("wso2carbon".equals(id)) {
>                 pwcb.setPassword("wso2carbon");
>             }
>         }
>     }
> }
>
> Then I am getting following error at the server side.
>
> aused by: org.apache.ws.security.WSSecurityException: An unsupported token
> was provided (Token type "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1
> ")
>     at
> org.apache.ws.security.processor.SignatureProcessor.createSecurityToken(SignatureProcessor.java:594)
>     at
> org.apache.ws.security.processor.SignatureProcessor.getCertificatesTokenReference(SignatureProcessor.java:558)
>     at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:274)
>     at
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:99)
>     at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329)
>     at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246)
>     at org.apache.rampart.RampartEngine.process(RampartEngine.java:154)
>     at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
>
> I think this senario should work out of the box. What could be the problem?
>
>
> thanks,
> Amila.
>
>
> _______________________________________________
> Carbon-dev mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
_______________________________________________
Carbon-dev mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Reply via email to