Steve, if you like to sig/encrypt elements of the adressing part of the request pls place the security handler _after_ the adressing handler. It is necessary that the elements are in the request before WSS4J can encrypt/sign the elements.
Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Steve Behrendt [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 5. Juli 2005 15:59 > An: Steve Behrendt; Dittmann, Werner > Cc: [email protected] > Betreff: RES: RES: How to configure UsernameTokenSignature > > > >The problem in this case is, that the process of add the > "action" property doesn't work. It always throws a exception: > > I fixed the problem. The URI class only accept a argument > that is conformed to a schema like "http://getclientes";. I > changed the "ServiceInterfaceStub.class" like this: > > > _call.setSOAPActionURI("http://localhost/WebServiceGMC/webserv > icegmc.asmx?op=getClientes"); > //_call.setSOAPActionURI("getClientes"); > > It's strange, but it works. Do anyone say why that works that way? > > > Steve > > -----Mensagem original----- > De: Steve Behrendt > Enviada em: terça-feira, 5 de julho de 2005 10:21 > Para: Dittmann, Werner > Cc: [email protected] > Assunto: RES: RES: How to configure UsernameTokenSignature > > > Werner, > > Thanks for the hint!! Now I want to add the addributes > "action", "MessageId", "ReplayTo" and "To". > When I use the ws-adressing-project, the handler always call > the part of the "action", even I don't define it in the .wsdd > file. I think it's a bug, or isn't it? > The problem in this case is, that the process of add the > "action" property doesn't work. It always throws a exception: > > AxisFault > faultCode: > {http://schemas.xmlsoap.org/soap/envelope/}Server.userException > faultSubcode: > faultString: > org.apache.axis.types.URI$MalformedURIException: No scheme > found in URI. > faultActor: > faultNode: > faultDetail: > > {http://xml.apache.org/axis/}stackTrace:org.apache.axis.types. > URI$MalformedURIException: No scheme found in URI. > at org.apache.axis.types.URI.initialize(URI.java:483) > at org.apache.axis.types.URI.<init>(URI.java:281) > at org.apache.axis.types.URI.<init>(URI.java:265) > at > org.apache.axis.message.addressing.handler.AddressingHandler.p > rocessClientRequest(AddressingHandler.java:240) > at > org.apache.axis.message.addressing.handler.AddressingHandler.i > nvoke(AddressingHandler.java:108) > at > org.apache.axis.strategies.InvocationStrategy.visit(Invocation > Strategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) > at org.apache.axis.client.Call.invokeEngine(Call.java:2765) > at org.apache.axis.client.Call.invoke(Call.java:2748) > at org.apache.axis.client.Call.invoke(Call.java:2424) > at org.apache.axis.client.Call.invoke(Call.java:2347) > at org.apache.axis.client.Call.invoke(Call.java:1804) > at > net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf > aceStub.java:284) > at net.weg.service.client.main(client.java:96) > > {http://xml.apache.org/axis/}hostname:brjgsd181091 > > org.apache.axis.types.URI$MalformedURIException: No scheme > found in URI. > at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) > at > org.apache.axis.message.addressing.handler.AddressingHandler.i > nvoke(AddressingHandler.java:121) > at > org.apache.axis.strategies.InvocationStrategy.visit(Invocation > Strategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) > at org.apache.axis.client.Call.invokeEngine(Call.java:2765) > at org.apache.axis.client.Call.invoke(Call.java:2748) > at org.apache.axis.client.Call.invoke(Call.java:2424) > at org.apache.axis.client.Call.invoke(Call.java:2347) > at org.apache.axis.client.Call.invoke(Call.java:1804) > at > net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf > aceStub.java:284) > at net.weg.service.client.main(client.java:96) > Caused by: org.apache.axis.types.URI$MalformedURIException: > No scheme found in URI. > at org.apache.axis.types.URI.initialize(URI.java:483) > at org.apache.axis.types.URI.<init>(URI.java:281) > at org.apache.axis.types.URI.<init>(URI.java:265) > at > org.apache.axis.message.addressing.handler.AddressingHandler.p > rocessClientRequest(AddressingHandler.java:240) > at > org.apache.axis.message.addressing.handler.AddressingHandler.i > nvoke(AddressingHandler.java:108) > ... 11 more > > > My wsdd-File is that: > > <deployment xmlns="http://xml.apache.org/axis/wsdd/"; > > xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> > > <globalConfiguration > > <requestFlow> > <handler > type="java:org.apache.ws.axis.security.WSDoAllSender" > > <parameter name="action" > value="Timestamp UsernameTokenSignature" /> > <parameter name="passwordCallbackClass" > value="net.weg.service.PWCallback" /> > > <parameter name="signatureParts" > value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; > > {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401- > wss-wssecurity-utility-1.0.xsd}Timestamp;" /> > </handler> > > <handler name="addr" > type="java:org.apache.axis.message.addressing.handler.Addressi > ngHandler"> > <parameter > name="referencePropertyNames" > value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/address > ing}MessageID; > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplayTo; > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To"/> > </handler> > > </requestFlow> > </globalConfiguration> > > <transport name="java" > pivot="java:org.apache.axis.transport.java.JavaSender"/> > <transport name="http" > pivot="java:org.apache.axis.transport.http.HTTPSender"/> > <transport name="local" > pivot="java:org.apache.axis.transport.local.LocalSender"/> > > </deployment> > > > The Program throws the exception at this point in the > "org.apache.axis.message.addressing.handler.AddressingHandler" > in the method "processClientRequest" > > // set Action > String action = msgContext.getSOAPActionURI(); > if (action != null) { > headers.setAction(new Action(new URI(action))); > ///// Here is the exception thrown --> action has the value > "getClientes" - the name of the method in the webservice. > } else if(headers.getAction() != null) { > msgContext.setUseSOAPAction(true); > // Make SOAP action match > > msgContext.setSOAPActionURI(headers.getAction().toString()); > } > > Thanks to everyone!!!! > > Steve > > > -----Mensagem original----- > De: Dittmann, Werner [mailto:[EMAIL PROTECTED] > Enviada em: terça-feira, 5 de julho de 2005 03:28 > Para: Steve Behrendt > Cc: [email protected] > Assunto: AW: RES: How to configure UsernameTokenSignature > > > Steve. > > about the problem "Timestamp" not found, just > reverse the actions. That is do "Timestamp" > first, then the Signature. The handler works > from left to right, builds up the request > as it works thru the actions. This, you try > to perform a Signature of en element that is > not yet build into the request. > > Regards, > Werner > > > -----Ursprüngliche Nachricht----- > > Von: Steve Behrendt [mailto:[EMAIL PROTECTED] > > Gesendet: Montag, 4. Juli 2005 19:28 > > An: Werner Dittmann > > Cc: [email protected] > > Betreff: RES: RES: How to configure UsernameTokenSignature > > > > > > Werner, > > > > Thanks for the tip. Now I have another problem. The engine > > don't signate a part of the message. It stops with a > > Exception shown at the bottom of the Mail. > > > > .NET with wse2.0 sp3 uses signature based on usernametoken > > for the "wsa:Action", "wsa:MessageID", "wsa:ReplayTo", > > "wsa:To", "wsu:Timestamp" and the "soap:Body wsu:Id" > > elements. I began with Timestamp, but it downs't work. > > > > AxisFault > > faultCode: > > {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException > > faultSubcode: > > faultString: WSDoAllSender: Error during Signatur with > > UsernameToken > > secretorg.apache.ws.security.WSSecurityException: General > > security error (WSEncryptBody/WSSignEnvelope: Element to > > encrypt/sign not found: > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu > > rity-secext-1.0.xsd, Timestamp) > > faultActor: > > faultNode: > > faultDetail: > > {http://xml.apache.org/axis/}stackTrace:WSDoAllSender: > > Error during Signatur with UsernameToken > > secretorg.apache.ws.security.WSSecurityException: General > > security error (WSEncryptBody/WSSignEnvelope: Element to > > encrypt/sign not found: > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu > > rity-secext-1.0.xsd, Timestamp) > > at > > org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction > > (WSDoAllSender.java:512) > > at > > org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender > > .java:336) > > at > > org.apache.axis.strategies.InvocationStrategy.visit(Invocation > > Strategy.java:32) > > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) > > at org.apache.axis.client.Call.invokeEngine(Call.java:2765) > > at org.apache.axis.client.Call.invoke(Call.java:2748) > > at org.apache.axis.client.Call.invoke(Call.java:2424) > > at org.apache.axis.client.Call.invoke(Call.java:2347) > > at org.apache.axis.client.Call.invoke(Call.java:1804) > > at > > net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf > > aceStub.java:284) > > at net.weg.service.client.main(client.java:95) > > > > {http://xml.apache.org/axis/}hostname:brjgsd181091 > > > > WSDoAllSender: Error during Signatur with UsernameToken > > secretorg.apache.ws.security.WSSecurityException: General > > security error (WSEncryptBody/WSSignEnvelope: Element to > > encrypt/sign not found: > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu > > rity-secext-1.0.xsd, Timestamp) > > at > > org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction > > (WSDoAllSender.java:512) > > at > > org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender > > .java:336) > > at > > org.apache.axis.strategies.InvocationStrategy.visit(Invocation > > Strategy.java:32) > > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) > > at org.apache.axis.client.Call.invokeEngine(Call.java:2765) > > at org.apache.axis.client.Call.invoke(Call.java:2748) > > at org.apache.axis.client.Call.invoke(Call.java:2424) > > at org.apache.axis.client.Call.invoke(Call.java:2347) > > at org.apache.axis.client.Call.invoke(Call.java:1804) > > at > > net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf > > aceStub.java:284) > > > > at net.weg.service.client.main(client.java:95) > > > > Here is my .wsdd-File: > > > > <deployment xmlns="http://xml.apache.org/axis/wsdd/"; > > > > xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> > > > > <globalConfiguration > > > <requestFlow> > > <handler > > type="java:org.apache.ws.axis.security.WSDoAllSender" > > > <parameter name="action" > > value="UsernameTokenSignature Timestamp" /> > > <parameter name="passwordCallbackClass" > > value="net.weg.service.PWCallback" /> > > > > <parameter name="signatureParts" > > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis- > > 200401-wss-wssecurity-secext-1.0.xsd}Timestamp" /> > > </handler> > > </requestFlow> > > </globalConfiguration> > > > > <transport name="java" > > pivot="java:org.apache.axis.transport.java.JavaSender"/> > > <transport name="http" > > pivot="java:org.apache.axis.transport.http.HTTPSender"/> > > <transport name="local" > > pivot="java:org.apache.axis.transport.local.LocalSender"/> > > > > </deployment> > > > > Any idea? > > Thanks!!! > > > > Steve > > > > -----Mensagem original----- > > De: Werner Dittmann [mailto:[EMAIL PROTECTED] > > Enviada em: sábado, 2 de julho de 2005 07:42 > > Para: Steve Behrendt > > Cc: [email protected] > > Assunto: Re: RES: How to configure UsernameTokenSignature > > > > > > Steve, > > > > just remove the action that you don't want from the scenarios, e.g > > the encrypt. > > > > On the Callback problem: as the deployment setup overwrights the > > progeamatic setup the "passwordCallbackClass parameter" > > will be used by the handler. As I can see you define a java > > source file here - not a class. pls check your setup and fix > > it. > > > > Regards, > > Werner > > > > Steve Behrendt schrieb: > > > Werner, > > > > > > > > >>AFAIK the Secnario 3a (or 2a?) of the interop scenarios > > >>show ho to use the stuff. > > > > > > > > > The Problem is that the stuff is only shown with encryption > > etc. But I only want to use a signature base on the > > UsernameToken - for an implementation with Microsoft .NET. > > > But when I call the method of the service, the handler > > (PasswordCallBackHandler) is not passed. > > > > > > My Handler: > > > > > > <deployment xmlns="http://xml.apache.org/axis/wsdd/"; > > > > > xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";> > > > > > > <globalConfiguration > > > > <requestFlow> > > > <handler > > type="java:org.apache.ws.axis.security.WSDoAllSender" > > > > <parameter name="action" > > value="UsernameTokenSignature" /> > > > <parameter name="passwordCallbackClass" > > value="net.weg.service.PWCallback.java" /> > > > </handler> > > > </requestFlow> > > > </globalConfiguration> > > > > > > <transport name="java" > > pivot="java:org.apache.axis.transport.java.JavaSender"/> > > > <transport name="http" > > pivot="java:org.apache.axis.transport.http.HTTPSender"/> > > > <transport name="local" > > pivot="java:org.apache.axis.transport.local.LocalSender"/> > > > > > > </deployment> > > > > > > and thats a part of my client: > > > > > > PWCallback pwCallback = new PWCallback(); > > > ServiceInterfaceStub axisPort = > > (ServiceInterfaceStub)service; > > > > > > axisPort._setProperty(WSHandlerConstants.USER, > > usuario); //fixe o usuario > > > > > axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,pwCal > > lback); //fixe a classe //do handler > > > > > > The Message is sent, but hasn't a Header with the > > UsenameToken or the Signature. > > > > > > > > > For a little bit of help, > > > i'm very gratefully. > > > > > > STEVE > > > > > > > > > -----Mensagem original----- > > > De: Dittmann, Werner [mailto:[EMAIL PROTECTED] > > > Enviada em: quarta-feira, 29 de junho de 2005 11:33 > > > Para: Steve Behrendt; [email protected] > > > Assunto: AW: How to configure UsernameTokenSignature > > > > > > > > > Steve, > > > > > > AFAIK the Secnario 3a (or 2a?) of the interop scenarios > > > show ho to use the stuff. > > > > > > We've not fully tested interop with Microsoft or others. > > > > > > Regards, > > > Werner > > > > > > > > >>-----Ursprüngliche Nachricht----- > > >>Von: Steve Behrendt [mailto:[EMAIL PROTECTED] > > >>Gesendet: Mittwoch, 29. Juni 2005 14:36 > > >>An: [email protected] > > >>Betreff: RES: How to configure UsernameTokenSignature > > >> > > >> > > >>Hi, > > >> > > >>Is there now an existing implementation of the > > >>UsernameTokenSignature "Problem"? > > >>Because my implementation is using only a UsernameToken and I > > >>want to implement more security, but without using keys. > > >> > > >>Greets, > > >>Steve > > >> > > >>-----Mensagem original----- > > >>De: Davanum Srinivas [mailto:[EMAIL PROTECTED] > > >>Enviada em: terça-feira, 21 de junho de 2005 10:53 > > >>Para: Dittmann, Werner > > >>Cc: Granqvist, Hans; [email protected] > > >>Assunto: Re: How to configure UsernameTokenSignature > > >> > > >> > > >>Hi Werner, > > >> > > >>updated the specs directory. Please take a look and let me > > know if you > > >>need something else. > > >> > > >>-- dims > > >> > > >>On 6/21/05, Dittmann, Werner <[EMAIL PROTECTED]> wrote: > > >> > > >>>Hans, > > >>> > > >>>are the drafts publicly available? Can't find > > >>>them on the OASIS WSS pages. > > >>> > > >>>Regards, > > >>>Werner > > >>> > > >>> > > >>>>-----Ursprüngliche Nachricht----- > > >>>>Von: Granqvist, Hans [mailto:[EMAIL PROTECTED] > > >>>>Gesendet: Montag, 20. Juni 2005 17:31 > > >>>>An: [email protected] > > >>>>Betreff: RE: How to configure UsernameTokenSignature > > >>>> > > >>>> > > >>>> > > >>>>><quote> > > >>>>>The Username Token profile does not currently define a key > > >>>>>derivation algorithm. The OASIS WSS TC is expected to address > > >>>>>this issue in a subsequent specification. </quote> > > >>>> > > >>>>The latest (March 2005 and onward) WSS 1.1 draft of the > > >>>>UsernameToken profile defines key derivation in section 4. > > >>>> > > >>>>Hans > > >>>> > > >>> > > >> > > >>-- > > >>Davanum Srinivas -http://blogs.cocoondev.org/dims/ > > >> > > > > > > > > > > >
