On Fri, Jan 15, 2010 at 5:15 PM, Charitha Kankanamge <[email protected]>wrote:

> We usually test all 16 security scenarios through the selenium test
> framework and all were successful in WSAS-3.1.2 release. However we do not
> use code generated client in there.


if you have a time please have a look with method I have given. I think that
is the most likely path any new comer would follow.

Amila.


> We set the client side policy using
> opts.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
> loadPolicy("client-policy-path"-policy.xml"));
>
> Regards
> Charitha
>
> Charitha Kankanamge
> WSO2 Inc.
> http://wso2.org
> email: [email protected]
> cell: +94 718 359 265
> blog: http://charithaka.blogspot.com
>
>
> On Fri, Jan 15, 2010 at 4:41 PM, Amila Suriarachchi <[email protected]>wrote:
>
>> hi,
>>
>> I tried to this in order to create a secure service.
>>
>> 1. Start the WSO2wsas 3.1.2 and goto HelloService.
>> 2. Then enable security using Admin console and selet the 'Sign and
>> encrypt - X509 Authentication' (5 th case)
>> 3. Click on the Generate Client and generate the code with adb.
>> 4. Geneate the maven project with the generated pom.xml
>>
>> Invoke the service with the following client code.
>>
>>         try {
>>             HelloServiceStub stub = new HelloServiceStub("
>> http://127.0.0.1:8088/services/HelloService.HelloServiceHttpSoap11Endpoint/
>> ");
>>             stub._getServiceClient().engageModule("rampart");
>>             StAXOMBuilder builder = new StAXOMBuilder("conf/policy.xml");
>>             Policy policy =
>> PolicyEngine.getPolicy(builder.getDocumentElement());
>>
>> stub._getServiceClient().getAxisService().getPolicySubject().attachPolicy(policy);
>>             stub.greet("hellow");
>>         } catch (AxisFault axisFault) {
>>             axisFault.printStackTrace();
>>         } catch (java.rmi.RemoteException e) {
>>             e.printStackTrace();
>>         } catch (XMLStreamException e) {
>>             e.printStackTrace();
>>         } catch (FileNotFoundException e) {
>>             e.printStackTrace();
>>         }
>>
>> Policy.xml contains following. I added the rampart mar to classpath.
>>
>> <wsp:Policy wsu:Id="SigEncr"
>>             xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>             xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>>     <wsp:ExactlyOne>
>>         <wsp:All>
>>             <ramp:RampartConfig xmlns:ramp="
>> http://ws.apache.org/rampart/policy";>
>>                 <ramp:user>wso2carbon</ramp:user>
>>                 <ramp:encryptionUser>wso2carbon</ramp:encryptionUser>
>>
>> <ramp:passwordCallbackClass>org.wso2.www.types.PWCallbackHandler</ramp:passwordCallbackClass>
>>
>>                 <ramp:signatureCrypto>
>>                     <ramp:crypto
>> provider="org.apache.ws.security.components.crypto.Merlin">
>>                         <ramp:property
>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>                         <ramp:property
>> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property>
>>                         <ramp:property
>> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property>
>>                     </ramp:crypto>
>>                 </ramp:signatureCrypto>
>>                 <ramp:encryptionCypto>
>>                     <ramp:crypto
>> provider="org.apache.ws.security.components.crypto.Merlin">
>>                         <ramp:property
>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>                         <ramp:property
>> name="org.apache.ws.security.crypto.merlin.file">/home/amila/downloads/wso2wsas-3.1.2/resources/security/wso2carbon.jks</ramp:property>
>>                         <ramp:property
>> name="org.apache.ws.security.crypto.merlin.keystore.password">wso2carbon</ramp:property>
>>                     </ramp:crypto>
>>                 </ramp:encryptionCypto>
>>             </ramp:RampartConfig>
>>         </wsp:All>
>>     </wsp:ExactlyOne>
>> </wsp:Policy>
>>
>> Callback handler class like this
>>
>> public class PWCallbackHandler implements CallbackHandler {
>>
>>     public void handle(Callback[] callbacks) throws IOException,
>> UnsupportedCallbackException {
>>         for (int i = 0; i < callbacks.length; i++) {
>>             WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
>>             String id = pwcb.getIdentifer();
>>             if ("wso2carbon".equals(id)) {
>>                 pwcb.setPassword("wso2carbon");
>>             }
>>         }
>>     }
>> }
>>
>> Then I am getting following error at the server side.
>>
>> aused by: org.apache.ws.security.WSSecurityException: An unsupported token
>> was provided (Token type "
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1
>> ")
>>     at
>> org.apache.ws.security.processor.SignatureProcessor.createSecurityToken(SignatureProcessor.java:594)
>>     at
>> org.apache.ws.security.processor.SignatureProcessor.getCertificatesTokenReference(SignatureProcessor.java:558)
>>     at
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:274)
>>     at
>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:99)
>>     at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329)
>>     at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246)
>>     at org.apache.rampart.RampartEngine.process(RampartEngine.java:154)
>>     at
>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
>>
>> I think this senario should work out of the box. What could be the
>> problem?
>>
>> thanks,
>> Amila.
>>
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
> _______________________________________________
> Carbon-dev mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
_______________________________________________
Carbon-dev mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Reply via email to