On Fri, Jan 15, 2010 at 5:50 PM, Afkham Azeez <[email protected]> wrote:

> For the client trainings, we used dynamically generated clients without
> manually setting the policy, and everything worked fine.


Then what could be the problem here? Have I configure something in a wrong
way?

thanks,
Amila.

>
> Azeez
>
>
> On Fri, Jan 15, 2010 at 5:15 PM, Charitha Kankanamge <[email protected]>wrote:
>
>> We usually test all 16 security scenarios through the selenium test
>> framework and all were successful in WSAS-3.1.2 release. However we do not
>> use code generated client in there. We set the client side policy using
>> opts.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
>> loadPolicy("client-policy-path"-policy.xml"));
>>
>> Regards
>> Charitha
>>
>> Charitha Kankanamge
>> WSO2 Inc.
>> http://wso2.org
>> email: [email protected]
>> cell: +94 718 359 265
>> blog: http://charithaka.blogspot.com
>>
>>
>> On Fri, Jan 15, 2010 at 4:41 PM, Amila Suriarachchi <[email protected]>wrote:
>>
>>> hi,
>>>
>>> I tried to this in order to create a secure service.
>>>
>>> 1. Start the WSO2wsas 3.1.2 and goto HelloService.
>>> 2. Then enable security using Admin console and selet the 'Sign and
>>> encrypt - X509 Authentication' (5 th case)
>>> 3. Click on the Generate Client and generate the code with adb.
>>> 4. Geneate the maven project with the generated pom.xml
>>>
>>> Invoke the service with the following client code.
>>>
>>>         try {
>>>             HelloServiceStub stub = new HelloServiceStub("
>>> http://127.0.0.1:8088/services/HelloService.HelloServiceHttpSoap11Endpoint/
>>> ");
>>>             stub._getServiceClient().engageModule("rampart");
>>>             StAXOMBuilder builder = new StAXOMBuilder("conf/policy.xml");
>>>             Policy policy =
>>> PolicyEngine.getPolicy(builder.getDocumentElement());
>>>
>>> stub._getServiceClient().getAxisService().getPolicySubject().attachPolicy(policy);
>>>             stub.greet("hellow");
>>>         } catch (AxisFault axisFault) {
>>>             axisFault.printStackTrace();
>>>         } catch (java.rmi.RemoteException e) {
>>>             e.printStackTrace();
>>>         } catch (XMLStreamException e) {
>>>             e.printStackTrace();
>>>         } catch (FileNotFoundException e) {
>>>             e.printStackTrace();
>>>         }
>>>
>>> Policy.xml contains following. I added the rampart mar to classpath.
>>>
>>> <wsp:Policy wsu:Id="SigEncr"
>>>             xmlns:wsu="
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>> "
>>>             xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>>>     <wsp:ExactlyOne>
>>>         <wsp:All>
>>>             <ramp:RampartConfig xmlns:ramp="
>>> http://ws.apache.org/rampart/policy";>
>>>                 <ramp:user>wso2carbon</ramp:user>
>>>                 <ramp:encryptionUser>wso2carbon</ramp:encryptionUser>
>>>
>>> <ramp:passwordCallbackClass>org.wso2.www.types.PWCallbackHandler</ramp:passwordCallbackClass>
>>>
>>>                 <ramp:signatureCrypto>
>>>                     <ramp:crypto
>>> provider="org.apache.ws.security.components.crypto.Merlin">
>>>                         <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>>                         <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property>
>>>                         <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property>
>>>                     </ramp:crypto>
>>>                 </ramp:signatureCrypto>
>>>                 <ramp:encryptionCypto>
>>>                     <ramp:crypto
>>> provider="org.apache.ws.security.components.crypto.Merlin">
>>>                         <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>>                         <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property>
>>>                         <ramp:property
>>> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property>
>>>                     </ramp:crypto>
>>>                 </ramp:encryptionCypto>
>>>             </ramp:RampartConfig>
>>>         </wsp:All>
>>>     </wsp:ExactlyOne>
>>> </wsp:Policy>
>>>
>>> Callback handler class like this
>>>
>>> public class PWCallbackHandler implements CallbackHandler {
>>>
>>>     public void handle(Callback[] callbacks) throws IOException,
>>> UnsupportedCallbackException {
>>>         for (int i = 0; i < callbacks.length; i++) {
>>>             WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
>>>             String id = pwcb.getIdentifer();
>>>             if ("wso2carbon".equals(id)) {
>>>                 pwcb.setPassword("wso2carbon");
>>>             }
>>>         }
>>>     }
>>> }
>>>
>>> Then I am getting following error at the server side.
>>>
>>> aused by: org.apache.ws.security.WSSecurityException: An unsupported
>>> token was provided (Token type "
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1
>>> ")
>>>     at
>>> org.apache.ws.security.processor.SignatureProcessor.createSecurityToken(SignatureProcessor.java:594)
>>>     at
>>> org.apache.ws.security.processor.SignatureProcessor.getCertificatesTokenReference(SignatureProcessor.java:558)
>>>     at
>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:274)
>>>     at
>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:99)
>>>     at
>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329)
>>>     at
>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246)
>>>     at org.apache.rampart.RampartEngine.process(RampartEngine.java:154)
>>>     at
>>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
>>>
>>> I think this senario should work out of the box. What could be the
>>> problem?
>>>
>>> thanks,
>>> Amila.
>>>
>>>
>>> _______________________________________________
>>> Carbon-dev mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>
>>>
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
>
> --
> --
> Afkham Azeez
> [email protected]
> WSO2 Inc. http://wso2.com
> Blog: http://afkham.org
>
> _______________________________________________
> Carbon-dev mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
_______________________________________________
Carbon-dev mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Reply via email to