For the client trainings, we used dynamically generated clients without manually setting the policy, and everything worked fine.
Azeez On Fri, Jan 15, 2010 at 5:15 PM, Charitha Kankanamge <[email protected]>wrote: > We usually test all 16 security scenarios through the selenium test > framework and all were successful in WSAS-3.1.2 release. However we do not > use code generated client in there. We set the client side policy using > opts.setProperty(RampartMessageData.KEY_RAMPART_POLICY, > loadPolicy("client-policy-path"-policy.xml")); > > Regards > Charitha > > Charitha Kankanamge > WSO2 Inc. > http://wso2.org > email: [email protected] > cell: +94 718 359 265 > blog: http://charithaka.blogspot.com > > > On Fri, Jan 15, 2010 at 4:41 PM, Amila Suriarachchi <[email protected]>wrote: > >> hi, >> >> I tried to this in order to create a secure service. >> >> 1. Start the WSO2wsas 3.1.2 and goto HelloService. >> 2. Then enable security using Admin console and selet the 'Sign and >> encrypt - X509 Authentication' (5 th case) >> 3. Click on the Generate Client and generate the code with adb. >> 4. Geneate the maven project with the generated pom.xml >> >> Invoke the service with the following client code. >> >> try { >> HelloServiceStub stub = new HelloServiceStub(" >> http://127.0.0.1:8088/services/HelloService.HelloServiceHttpSoap11Endpoint/ >> "); >> stub._getServiceClient().engageModule("rampart"); >> StAXOMBuilder builder = new StAXOMBuilder("conf/policy.xml"); >> Policy policy = >> PolicyEngine.getPolicy(builder.getDocumentElement()); >> >> stub._getServiceClient().getAxisService().getPolicySubject().attachPolicy(policy); >> stub.greet("hellow"); >> } catch (AxisFault axisFault) { >> axisFault.printStackTrace(); >> } catch (java.rmi.RemoteException e) { >> e.printStackTrace(); >> } catch (XMLStreamException e) { >> e.printStackTrace(); >> } catch (FileNotFoundException e) { >> e.printStackTrace(); >> } >> >> Policy.xml contains following. I added the rampart mar to classpath. >> >> <wsp:Policy wsu:Id="SigEncr" >> xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> " >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> >> <wsp:ExactlyOne> >> <wsp:All> >> <ramp:RampartConfig xmlns:ramp=" >> http://ws.apache.org/rampart/policy"> >> <ramp:user>wso2carbon</ramp:user> >> <ramp:encryptionUser>wso2carbon</ramp:encryptionUser> >> >> <ramp:passwordCallbackClass>org.wso2.www.types.PWCallbackHandler</ramp:passwordCallbackClass> >> >> <ramp:signatureCrypto> >> <ramp:crypto >> provider="org.apache.ws.security.components.crypto.Merlin"> >> <ramp:property >> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> >> <ramp:property >> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property> >> <ramp:property >> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property> >> </ramp:crypto> >> </ramp:signatureCrypto> >> <ramp:encryptionCypto> >> <ramp:crypto >> provider="org.apache.ws.security.components.crypto.Merlin"> >> <ramp:property >> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> >> <ramp:property >> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property> >> <ramp:property >> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property> >> </ramp:crypto> >> </ramp:encryptionCypto> >> </ramp:RampartConfig> >> </wsp:All> >> </wsp:ExactlyOne> >> </wsp:Policy> >> >> Callback handler class like this >> >> public class PWCallbackHandler implements CallbackHandler { >> >> public void handle(Callback[] callbacks) throws IOException, >> UnsupportedCallbackException { >> for (int i = 0; i < callbacks.length; i++) { >> WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i]; >> String id = pwcb.getIdentifer(); >> if ("wso2carbon".equals(id)) { >> pwcb.setPassword("wso2carbon"); >> } >> } >> } >> } >> >> Then I am getting following error at the server side. >> >> aused by: org.apache.ws.security.WSSecurityException: An unsupported token >> was provided (Token type " >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1 >> ") >> at >> org.apache.ws.security.processor.SignatureProcessor.createSecurityToken(SignatureProcessor.java:594) >> at >> org.apache.ws.security.processor.SignatureProcessor.getCertificatesTokenReference(SignatureProcessor.java:558) >> at >> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:274) >> at >> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:99) >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329) >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246) >> at org.apache.rampart.RampartEngine.process(RampartEngine.java:154) >> at >> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) >> >> I think this senario should work out of the box. What could be the >> problem? >> >> thanks, >> Amila. >> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- -- Afkham Azeez [email protected] WSO2 Inc. http://wso2.com Blog: http://afkham.org
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
