hi, I have secured the proxy service with the attached policy. Also attached the source view of my secure proxy service.
thanks On Thu, Apr 17, 2014 at 5:05 PM, Suresh Attanayaka <[email protected]> wrote: > Hi Prasad, > > What is the security scenario/policy you are trying here ? How have you > secured the service ? > > Thanks, > -Suresh > > > On Thu, Apr 17, 2014 at 4:58 PM, Prasad Fernando <[email protected]> wrote: > >> Hi, >> >> I am getting the following error when I connect my secure client to the >> esb secure proxy service. >> >> *ON ESB* >> org.apache.axis2.AxisFault: General security error (No certificates were >> found for decryption (KeyId)) >> at >> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:180) >> at >> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95) >> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) >> at org.apache.axis2.engine.Phase.invoke(Phase.java:313) >> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) >> at >> org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:411) >> at >> org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:183) >> at >> org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at java.lang.Thread.run(Thread.java:744) >> Caused by: org.apache.ws.security.WSSecurityException: General security >> error (No certificates were found for decryption (KeyId)) >> at >> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:253) >> at >> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:119) >> at >> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:95) >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332) >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249) >> at org.apache.rampart.RampartEngine.process(RampartEngine.java:214) >> at >> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) >> ... 10 more >> [2014-04-17 16:44:34,101] ERROR - ServerWorker Error processing POST >> request for : /services/SecureOrderService >> org.apache.axis2.AxisFault: General security error (No certificates were >> found for decryption (KeyId)) >> at >> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:180) >> at >> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95) >> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) >> at org.apache.axis2.engine.Phase.invoke(Phase.java:313) >> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) >> at >> org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:411) >> at >> org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:183) >> at >> org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at java.lang.Thread.run(Thread.java:744) >> Caused by: org.apache.ws.security.WSSecurityException: General security >> error (No certificates were found for decryption (KeyId)) >> at >> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:253) >> at >> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:119) >> at >> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:95) >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332) >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249) >> at org.apache.rampart.RampartEngine.process(RampartEngine.java:214) >> at >> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) >> >> *ON Client* >> org.apache.axis2.AxisFault: Must Understand check failed for header >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd: >> Security >> at >> org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:105) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:171) >> at >> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364) >> at >> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421) >> at >> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) >> at >> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) >> at >> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555) >> at >> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:531) >> at com.wso2.training.esb.secureclient.Main.main(Main.java:40) >> >> SRC: https://svn.wso2.com/wso2/interns/2013/prasadf/ESB/ >> >> Do you have any idea on this error? >> >> thanks >> -- >> *Prasad Priyadarshana Fernando >> <http://www.linkedin.com/in/prasadfernando>* >> Mobile: +94715186801, +94772074279 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Suresh Attanayake > Senior Software Engineer; WSO2 Inc. http://wso2.com/ > Blog : http://sureshatt.blogspot.com/ > Web : http://www.ssoarcade.com/ > Facebook : https://www.facebook.com/IdentityWorld > Twitter : https://twitter.com/sureshatt > LinkedIn : http://lk.linkedin.com/in/sureshatt > Mobile : +94755012060 > Mobile : +016166171172 > -- *Prasad Priyadarshana Fernando <http://www.linkedin.com/in/prasadfernando>* Mobile: +94715186801, +94772074279
<!-- ~ Copyright (c) 2005-2010, WSO2 Inc. (http://wso2.com) All Rights Reserved. ~ ~ WSO2 Inc. licenses this file to you under the Apache License, ~ Version 2.0 (the "License"); you may not use this file except ~ in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, ~ software distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the License for the ~ specific language governing permissions and limitations ~ under the License. ~ --> <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:SignedParts> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:EncryptedParts> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>alice</ramp:user> <ramp:encryptionUser>bob</ramp:encryptionUser> <ramp:passwordCallbackClass>com.wso2.training.esb.secureclient.PWCBHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> /home/prasad/Program/wso2esb-4.8.1/repository/samples/resources/security/store.jks </ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password </ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> /home/prasad/Program/wso2esb-4.8.1/repository/samples/resources/security/store.jks </ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password </ramp:property> </ramp:crypto> </ramp:encryptionCypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
<?xml version="1.0" encoding="UTF-8"?> <proxy xmlns="http://ws.apache.org/ns/synapse"; name="SecureOrderService" transports="https,http,jms,local" statistics="disable" trace="disable" startOnLoad="true"> <target> <inSequence> <header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; name="wsse:Security" action="remove"/> <send> <endpoint> <address uri="http://localhost:9000/services/OrderService"/> </endpoint> </send> </inSequence> <outSequence> <send/> </outSequence> </target> <parameter name="disableREST">true</parameter> <parameter name="ScenarioID">policyFromRegistry</parameter> <parameter name="secPolicyRegistryPath">conf:/policy.xml</parameter> <enableSec/> <policy key="conf:/repository/axis2/service-groups/SecureOrderService/services/SecureOrderService/policies/policyFromRegistry"/> <description/> </proxy>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
