On Fri, Jan 15, 2010 at 5:50 PM, Afkham Azeez <[email protected]> wrote:
> For the client trainings, we used dynamically generated clients without > manually setting the policy, and everything worked fine. Then what could be the problem here? Have I configure something in a wrong way? thanks, Amila. > > Azeez > > > On Fri, Jan 15, 2010 at 5:15 PM, Charitha Kankanamge <[email protected]>wrote: > >> We usually test all 16 security scenarios through the selenium test >> framework and all were successful in WSAS-3.1.2 release. However we do not >> use code generated client in there. We set the client side policy using >> opts.setProperty(RampartMessageData.KEY_RAMPART_POLICY, >> loadPolicy("client-policy-path"-policy.xml")); >> >> Regards >> Charitha >> >> Charitha Kankanamge >> WSO2 Inc. >> http://wso2.org >> email: [email protected] >> cell: +94 718 359 265 >> blog: http://charithaka.blogspot.com >> >> >> On Fri, Jan 15, 2010 at 4:41 PM, Amila Suriarachchi <[email protected]>wrote: >> >>> hi, >>> >>> I tried to this in order to create a secure service. >>> >>> 1. Start the WSO2wsas 3.1.2 and goto HelloService. >>> 2. Then enable security using Admin console and selet the 'Sign and >>> encrypt - X509 Authentication' (5 th case) >>> 3. Click on the Generate Client and generate the code with adb. >>> 4. Geneate the maven project with the generated pom.xml >>> >>> Invoke the service with the following client code. >>> >>> try { >>> HelloServiceStub stub = new HelloServiceStub(" >>> http://127.0.0.1:8088/services/HelloService.HelloServiceHttpSoap11Endpoint/ >>> "); >>> stub._getServiceClient().engageModule("rampart"); >>> StAXOMBuilder builder = new StAXOMBuilder("conf/policy.xml"); >>> Policy policy = >>> PolicyEngine.getPolicy(builder.getDocumentElement()); >>> >>> stub._getServiceClient().getAxisService().getPolicySubject().attachPolicy(policy); >>> stub.greet("hellow"); >>> } catch (AxisFault axisFault) { >>> axisFault.printStackTrace(); >>> } catch (java.rmi.RemoteException e) { >>> e.printStackTrace(); >>> } catch (XMLStreamException e) { >>> e.printStackTrace(); >>> } catch (FileNotFoundException e) { >>> e.printStackTrace(); >>> } >>> >>> Policy.xml contains following. I added the rampart mar to classpath. >>> >>> <wsp:Policy wsu:Id="SigEncr" >>> xmlns:wsu=" >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>> " >>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <ramp:RampartConfig xmlns:ramp=" >>> http://ws.apache.org/rampart/policy"> >>> <ramp:user>wso2carbon</ramp:user> >>> <ramp:encryptionUser>wso2carbon</ramp:encryptionUser> >>> >>> <ramp:passwordCallbackClass>org.wso2.www.types.PWCallbackHandler</ramp:passwordCallbackClass> >>> >>> <ramp:signatureCrypto> >>> <ramp:crypto >>> provider="org.apache.ws.security.components.crypto.Merlin"> >>> <ramp:property >>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> >>> <ramp:property >>> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property> >>> <ramp:property >>> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property> >>> </ramp:crypto> >>> </ramp:signatureCrypto> >>> <ramp:encryptionCypto> >>> <ramp:crypto >>> provider="org.apache.ws.security.components.crypto.Merlin"> >>> <ramp:property >>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> >>> <ramp:property >>> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property> >>> <ramp:property >>> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property> >>> </ramp:crypto> >>> </ramp:encryptionCypto> >>> </ramp:RampartConfig> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> >>> Callback handler class like this >>> >>> public class PWCallbackHandler implements CallbackHandler { >>> >>> public void handle(Callback[] callbacks) throws IOException, >>> UnsupportedCallbackException { >>> for (int i = 0; i < callbacks.length; i++) { >>> WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i]; >>> String id = pwcb.getIdentifer(); >>> if ("wso2carbon".equals(id)) { >>> pwcb.setPassword("wso2carbon"); >>> } >>> } >>> } >>> } >>> >>> Then I am getting following error at the server side. >>> >>> aused by: org.apache.ws.security.WSSecurityException: An unsupported >>> token was provided (Token type " >>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1 >>> ") >>> at >>> org.apache.ws.security.processor.SignatureProcessor.createSecurityToken(SignatureProcessor.java:594) >>> at >>> org.apache.ws.security.processor.SignatureProcessor.getCertificatesTokenReference(SignatureProcessor.java:558) >>> at >>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:274) >>> at >>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:99) >>> at >>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329) >>> at >>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246) >>> at org.apache.rampart.RampartEngine.process(RampartEngine.java:154) >>> at >>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) >>> >>> I think this senario should work out of the box. What could be the >>> problem? >>> >>> thanks, >>> Amila. >>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > -- > Afkham Azeez > [email protected] > WSO2 Inc. http://wso2.com > Blog: http://afkham.org > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
