Hi,
When I try to send a SOAP message to a non-secured back end service, using
a secured client through an ESB secure proxy, I get the following
exception in the ESB (debug mode).
*[2014-04-28 10:51:31,618] ERROR - NativeWorkerPool Uncaught exception
java.lang.NullPointerException at
org.apache.ws.security.message.token.X509Security.getX509Certificate(X509Security.java:94)
at
org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCertificatesTokenReference(BinarySecurityTokenProcessor.java:109)
at
org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleToken(BinarySecurityTokenProcessor.java:84)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:214) at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at
org.apache.axis2.engine.Phase.invoke(Phase.java:313) at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) at
org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:403)
at
org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:183)
at
org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)*
If I use a simple passthrough proxy, the SOAP message reaches the soap
tracer in ESB, with all the security headers.
Much appreciate a help on this.
I have attached my policy file and the client herewith. And my proxy is as
follows.
<proxy xmlns="http://ws.apache.org/ns/synapse";
name="SecureProxy2"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<header xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
name="wsse:Security"
action="remove"/>
</inSequence>
<outSequence>
<send/>
</outSequence>
<endpoint>
<address uri="
http://localhost:8080/axis2/services/SecureOrderProcessService"/>
</endpoint>
</target>
<publishWSDL
uri="file:/home/supun/workspace/SecureOrderProcessClient/SecureOrderProcessService.wsdl"/>
<enableSec/>
<policy key="conf:/repository/axis2/service-groups/policy.xml"/>
<description/>
</proxy>
Thanks and Regards,
--
*Supun Sethunga*
Software Engineer
WSO2, Inc.
lean | enterprise | middleware
Mobile : +94 716546324
package client;
import java.rmi.RemoteException;
import java.util.HashMap;
import java.util.Properties;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;
public class SecureOrderProcessClient {
public static void main(String args[]) throws Exception{
String clientRepo="/home/supun/workspace/SecureOrderProcessClient/clientRepo";
String clientKey ="/home/supun/workspace/SecureOrderProcessClient/wso2carbon.jks";
String securityPolicy = "/home/supun/workspace/SecureOrderProcessClient/policy.xml";
String trustStore = "/home/supun/workspace/SecureOrderProcessClient/client-truststore.jks";
String endpoint ="https://Supun:8243/services/SecureProxy2?wsdl";;
ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(clientRepo, null);
SecureOrderProcessServiceStub stub = new SecureOrderProcessServiceStub(ctx, endpoint);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
//ServiceClient sc = new ServiceClient(ctx, null);
ServiceClient sc = stub._getServiceClient();
sc.engageModule("rampart");
sc.engageModule("addressing");
Options opts = new Options();
opts.setTo(new EndpointReference(endpoint));
opts.setAction("urn:viewOrder");
opts.setAction("urn:makeOrder");
opts.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(securityPolicy,clientKey));
sc.setOptions(opts);
//viewOrder("0005", stub);
makeOrder(stub,sc);
}
public static Policy loadPolicy(String xmlPath , String clientKey) throws Exception {
StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());
RampartConfig rc = new RampartConfig();
rc.setUser("wso2carbon");
rc.setUserCertAlias("wso2carbon");
// rc.setUserCertAlias("clientks");
rc.setEncryptionUser("wso2carbon");
// rc.setEncryptionUser("serviceks");
rc.setPwCbClass("client.PWCBHandler");
CryptoConfig sigCryptoConfig = new CryptoConfig();
sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
Properties prop1 = new Properties();
prop1.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
prop1.put("org.apache.ws.security.crypto.merlin.file", clientKey);
prop1.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
// prop1.put("org.apache.ws.security.crypto.merlin.keystore.password", "clientks");
sigCryptoConfig.setProp(prop1);
CryptoConfig encrCryptoConfig = new CryptoConfig();
encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
Properties prop2 = new Properties();
prop2.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
prop2.put("org.apache.ws.security.crypto.merlin.file", clientKey);
prop2.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
// prop2.put("org.apache.ws.security.crypto.merlin.keystore.password", "clientks");
encrCryptoConfig.setProp(prop2);
rc.setSigCryptoConfig(sigCryptoConfig);
rc.setEncrCryptoConfig(encrCryptoConfig);
policy.addAssertion(rc);
return policy;
}
public static void makeOrder(SecureOrderProcessServiceStub stub,ServiceClient sc) throws RemoteException {
//create the new order
HashMap<String, Integer> order = new HashMap<>();
order.put("Large Pizza - chicken", 7);
order.put("Cocacola - 1.5l", 1);
order.put("French Fries", 3);
OMFactory fac = OMAbstractFactory.getOMFactory();
OMNamespace omNs = fac.createOMNamespace("http://service";, "ns");
OMElement method = fac.createOMElement("makeOrder", omNs);
//create the element using above order, to be sent to the OrderProcessor
for (String key : order.keySet()) {
OMElement item = fac.createOMElement("item", omNs);
OMElement itemId = fac.createOMElement("itemId", omNs);
OMElement quantity = fac.createOMElement("quantity", omNs);
itemId.addChild(fac.createOMText(itemId, key));
item.addChild(itemId);
quantity.addChild(fac.createOMText(quantity, "" + order.get(key)));
item.addChild(quantity);
method.addChild(item);
}
System.out.println(method);
//sends the order to the sever and gets the response
//OMElement result = sc.sendReceive(method);
OMElement result = stub.makeOrder(method);
//extract the order code from the received response to display
OMElement orderIdElement = result.getFirstElement().getFirstElement();
String orderId = orderIdElement.getText();
System.out.println("New Order added Successfuly. Your Order Code: "+orderId);
}
public static void viewOrder(String id, SecureOrderProcessServiceStub stub) throws RemoteException{
OMFactory fac = OMAbstractFactory.getOMFactory();
OMNamespace omNs = fac.createOMNamespace("orderprocessorns", "ns");
OMElement method = fac.createOMElement("viewOrder", omNs);
OMElement orderId = fac.createOMElement("orderId", omNs);
orderId.addChild(fac.createOMText(orderId, id));
method.addChild(orderId);
//send the order id element to the server, and get the order details as the response
OMElement orderInfo = stub.viewOrder(method);
//prints the received order details
printOrder(orderInfo,id);
}
public static void printOrder(OMElement element, String s) {
/* prints the details of items in an order
*
* If a invalid/non-existing order is given to print, a error message is printed
*/
element.build();
if (((OMElement) element.getFirstElement().getFirstElement()) != null) {
OMElement orderItem = element.getFirstElement().getFirstElement();
OMElement itemElement;
OMElement quantityElement;
System.out.println("\n************ Oder Details ************\n");
System.out.println("OrderCode : "+ s);
System.out.println("\nItem\t\t\t\tAmount\n");
do {
itemElement = (OMElement) orderItem.getFirstOMChild();
quantityElement = (OMElement) itemElement.getNextOMSibling();
System.out.println(itemElement.getText() + " \t\t "
+ Integer.parseInt(quantityElement.getText()));
}
while ((orderItem = (OMElement) orderItem.getNextOMSibling()) != null);
}
else {
System.out.println("No such order found! Please check the order id again.");
}
}
}
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
<!-- sp:WssX509V3Token10/ -->
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
<!-- sp:WssX509V3Token10/ -->
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>package client;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException { WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[0];
String id = pwcb.getIdentifier();
int usage = pwcb.getUsage();
if (usage == WSPasswordCallback.USERNAME_TOKEN) {
if ("admin".equals(id)) {
// if ("[email protected]".equals(id)) {
pwcb.setPassword("admin");
// pwcb.setPassword("admin123");
}
} else if (usage == WSPasswordCallback.SIGNATURE || usage == WSPasswordCallback.DECRYPT) {
// Logic to get the private key password for signture or decryption
/* if ("client".equals(id)) {
pwcb.setPassword("apache");
}
if ("service".equals(id)) {
pwcb.setPassword("apache");
} */
if ("wso2carbon".equals(id)) {
//pwcb.setPassword("wso2carbon");
pwcb.setPassword("wso2carbon");
}
if ("clientks".equals(id)) {
pwcb.setPassword("clientks");
}
if ("serviceks".equals(id)) {
pwcb.setPassword("serviceks");
}
}
}
}
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
