Werner,
Sorry, I forgot to tell that I have find that problem and fixed it. I changed
the order of the handlers.
But another Problem is (so many problems today), that the handler don't add a
"ReplyTo" attribute. The other attributes he adds perfectly.
The .net WebService don't "trust" the Signature. He says the Signature is
"invalid".
AxisFault
faultCode:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}FailedCheck
faultSubcode:
faultString: Microsoft.Web.Services2.Security.SecurityFault: The signature or
decryption was invalid
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage
message)
faultActor: http://localhost/WebServiceGMC/webservicegmc.asmx
faultNode:
faultDetail:
I think thats because of the missed "ReplyTo" Element. Isn't it? I'm so near at
the solution, I think.
Thanks. STEVE
-----Mensagem original-----
De: Dittmann, Werner [mailto:[EMAIL PROTECTED]
Enviada em: terça-feira, 5 de julho de 2005 11:15
Para: Steve Behrendt
Cc: [email protected]
Assunto: AW: RES: How to configure UsernameTokenSignature
Steve,
if you like to sig/encrypt elements of the adressing part
of the request pls place the security handler _after_ the
adressing handler. It is necessary that the elements are in
the request before WSS4J can encrypt/sign the elements.
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: Steve Behrendt [mailto:[EMAIL PROTECTED]
> Gesendet: Dienstag, 5. Juli 2005 15:59
> An: Steve Behrendt; Dittmann, Werner
> Cc: [email protected]
> Betreff: RES: RES: How to configure UsernameTokenSignature
>
>
> >The problem in this case is, that the process of add the
> "action" property doesn't work. It always throws a exception:
>
> I fixed the problem. The URI class only accept a argument
> that is conformed to a schema like "http://getclientes";. I
> changed the "ServiceInterfaceStub.class" like this:
>
>
> _call.setSOAPActionURI("http://localhost/WebServiceGMC/webserv
> icegmc.asmx?op=getClientes");
> //_call.setSOAPActionURI("getClientes");
>
> It's strange, but it works. Do anyone say why that works that way?
>
>
> Steve
>
> -----Mensagem original-----
> De: Steve Behrendt
> Enviada em: terça-feira, 5 de julho de 2005 10:21
> Para: Dittmann, Werner
> Cc: [email protected]
> Assunto: RES: RES: How to configure UsernameTokenSignature
>
>
> Werner,
>
> Thanks for the hint!! Now I want to add the addributes
> "action", "MessageId", "ReplayTo" and "To".
> When I use the ws-adressing-project, the handler always call
> the part of the "action", even I don't define it in the .wsdd
> file. I think it's a bug, or isn't it?
> The problem in this case is, that the process of add the
> "action" property doesn't work. It always throws a exception:
>
> AxisFault
> faultCode:
> {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> faultSubcode:
> faultString:
> org.apache.axis.types.URI$MalformedURIException: No scheme
> found in URI.
> faultActor:
> faultNode:
> faultDetail:
>
> {http://xml.apache.org/axis/}stackTrace:org.apache.axis.types.
> URI$MalformedURIException: No scheme found in URI.
> at org.apache.axis.types.URI.initialize(URI.java:483)
> at org.apache.axis.types.URI.<init>(URI.java:281)
> at org.apache.axis.types.URI.<init>(URI.java:265)
> at
> org.apache.axis.message.addressing.handler.AddressingHandler.p
> rocessClientRequest(AddressingHandler.java:240)
> at
> org.apache.axis.message.addressing.handler.AddressingHandler.i
> nvoke(AddressingHandler.java:108)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> Strategy.java:32)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> at org.apache.axis.client.Call.invoke(Call.java:2748)
> at org.apache.axis.client.Call.invoke(Call.java:2424)
> at org.apache.axis.client.Call.invoke(Call.java:2347)
> at org.apache.axis.client.Call.invoke(Call.java:1804)
> at
> net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> aceStub.java:284)
> at net.weg.service.client.main(client.java:96)
>
> {http://xml.apache.org/axis/}hostname:brjgsd181091
>
> org.apache.axis.types.URI$MalformedURIException: No scheme
> found in URI.
> at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
> at
> org.apache.axis.message.addressing.handler.AddressingHandler.i
> nvoke(AddressingHandler.java:121)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> Strategy.java:32)
> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> at org.apache.axis.client.Call.invoke(Call.java:2748)
> at org.apache.axis.client.Call.invoke(Call.java:2424)
> at org.apache.axis.client.Call.invoke(Call.java:2347)
> at org.apache.axis.client.Call.invoke(Call.java:1804)
> at
> net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> aceStub.java:284)
> at net.weg.service.client.main(client.java:96)
> Caused by: org.apache.axis.types.URI$MalformedURIException:
> No scheme found in URI.
> at org.apache.axis.types.URI.initialize(URI.java:483)
> at org.apache.axis.types.URI.<init>(URI.java:281)
> at org.apache.axis.types.URI.<init>(URI.java:265)
> at
> org.apache.axis.message.addressing.handler.AddressingHandler.p
> rocessClientRequest(AddressingHandler.java:240)
> at
> org.apache.axis.message.addressing.handler.AddressingHandler.i
> nvoke(AddressingHandler.java:108)
> ... 11 more
>
>
> My wsdd-File is that:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/";
>
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
>
> <globalConfiguration >
> <requestFlow>
> <handler
> type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action"
> value="Timestamp UsernameTokenSignature" />
> <parameter name="passwordCallbackClass"
> value="net.weg.service.PWCallback" />
>
> <parameter name="signatureParts"
> value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;
>
> {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-
> wss-wssecurity-utility-1.0.xsd}Timestamp;" />
> </handler>
>
> <handler name="addr"
> type="java:org.apache.axis.message.addressing.handler.Addressi
> ngHandler">
> <parameter
> name="referencePropertyNames"
> value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/address
> ing}MessageID;
>
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplayTo;
>
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To"/>
> </handler>
>
> </requestFlow>
> </globalConfiguration>
>
> <transport name="java"
> pivot="java:org.apache.axis.transport.java.JavaSender"/>
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <transport name="local"
> pivot="java:org.apache.axis.transport.local.LocalSender"/>
>
> </deployment>
>
>
> The Program throws the exception at this point in the
> "org.apache.axis.message.addressing.handler.AddressingHandler"
> in the method "processClientRequest"
>
> // set Action
> String action = msgContext.getSOAPActionURI();
> if (action != null) {
> headers.setAction(new Action(new URI(action)));
> ///// Here is the exception thrown --> action has the value
> "getClientes" - the name of the method in the webservice.
> } else if(headers.getAction() != null) {
> msgContext.setUseSOAPAction(true);
> // Make SOAP action match
>
> msgContext.setSOAPActionURI(headers.getAction().toString());
> }
>
> Thanks to everyone!!!!
>
> Steve
>
>
> -----Mensagem original-----
> De: Dittmann, Werner [mailto:[EMAIL PROTECTED]
> Enviada em: terça-feira, 5 de julho de 2005 03:28
> Para: Steve Behrendt
> Cc: [email protected]
> Assunto: AW: RES: How to configure UsernameTokenSignature
>
>
> Steve.
>
> about the problem "Timestamp" not found, just
> reverse the actions. That is do "Timestamp"
> first, then the Signature. The handler works
> from left to right, builds up the request
> as it works thru the actions. This, you try
> to perform a Signature of en element that is
> not yet build into the request.
>
> Regards,
> Werner
>
> > -----Ursprüngliche Nachricht-----
> > Von: Steve Behrendt [mailto:[EMAIL PROTECTED]
> > Gesendet: Montag, 4. Juli 2005 19:28
> > An: Werner Dittmann
> > Cc: [email protected]
> > Betreff: RES: RES: How to configure UsernameTokenSignature
> >
> >
> > Werner,
> >
> > Thanks for the tip. Now I have another problem. The engine
> > don't signate a part of the message. It stops with a
> > Exception shown at the bottom of the Mail.
> >
> > .NET with wse2.0 sp3 uses signature based on usernametoken
> > for the "wsa:Action", "wsa:MessageID", "wsa:ReplayTo",
> > "wsa:To", "wsu:Timestamp" and the "soap:Body wsu:Id"
> > elements. I began with Timestamp, but it downs't work.
> >
> > AxisFault
> > faultCode:
> > {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
> > faultSubcode:
> > faultString: WSDoAllSender: Error during Signatur with
> > UsernameToken
> > secretorg.apache.ws.security.WSSecurityException: General
> > security error (WSEncryptBody/WSSignEnvelope: Element to
> > encrypt/sign not found:
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> > rity-secext-1.0.xsd, Timestamp)
> > faultActor:
> > faultNode:
> > faultDetail:
> > {http://xml.apache.org/axis/}stackTrace:WSDoAllSender:
> > Error during Signatur with UsernameToken
> > secretorg.apache.ws.security.WSSecurityException: General
> > security error (WSEncryptBody/WSSignEnvelope: Element to
> > encrypt/sign not found:
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> > rity-secext-1.0.xsd, Timestamp)
> > at
> > org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction
> > (WSDoAllSender.java:512)
> > at
> > org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender
> > .java:336)
> > at
> > org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> > Strategy.java:32)
> > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> > at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> > at org.apache.axis.client.Call.invoke(Call.java:2748)
> > at org.apache.axis.client.Call.invoke(Call.java:2424)
> > at org.apache.axis.client.Call.invoke(Call.java:2347)
> > at org.apache.axis.client.Call.invoke(Call.java:1804)
> > at
> > net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> > aceStub.java:284)
> > at net.weg.service.client.main(client.java:95)
> >
> > {http://xml.apache.org/axis/}hostname:brjgsd181091
> >
> > WSDoAllSender: Error during Signatur with UsernameToken
> > secretorg.apache.ws.security.WSSecurityException: General
> > security error (WSEncryptBody/WSSignEnvelope: Element to
> > encrypt/sign not found:
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> > rity-secext-1.0.xsd, Timestamp)
> > at
> > org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction
> > (WSDoAllSender.java:512)
> > at
> > org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender
> > .java:336)
> > at
> > org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> > Strategy.java:32)
> > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> > at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> > at org.apache.axis.client.Call.invoke(Call.java:2748)
> > at org.apache.axis.client.Call.invoke(Call.java:2424)
> > at org.apache.axis.client.Call.invoke(Call.java:2347)
> > at org.apache.axis.client.Call.invoke(Call.java:1804)
> > at
> > net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> > aceStub.java:284)
> >
> > at net.weg.service.client.main(client.java:95)
> >
> > Here is my .wsdd-File:
> >
> > <deployment xmlns="http://xml.apache.org/axis/wsdd/";
> >
> > xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
> >
> > <globalConfiguration >
> > <requestFlow>
> > <handler
> > type="java:org.apache.ws.axis.security.WSDoAllSender" >
> > <parameter name="action"
> > value="UsernameTokenSignature Timestamp" />
> > <parameter name="passwordCallbackClass"
> > value="net.weg.service.PWCallback" />
> >
> > <parameter name="signatureParts"
> > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-
> > 200401-wss-wssecurity-secext-1.0.xsd}Timestamp" />
> > </handler>
> > </requestFlow>
> > </globalConfiguration>
> >
> > <transport name="java"
> > pivot="java:org.apache.axis.transport.java.JavaSender"/>
> > <transport name="http"
> > pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> > <transport name="local"
> > pivot="java:org.apache.axis.transport.local.LocalSender"/>
> >
> > </deployment>
> >
> > Any idea?
> > Thanks!!!
> >
> > Steve
> >
> > -----Mensagem original-----
> > De: Werner Dittmann [mailto:[EMAIL PROTECTED]
> > Enviada em: sábado, 2 de julho de 2005 07:42
> > Para: Steve Behrendt
> > Cc: [email protected]
> > Assunto: Re: RES: How to configure UsernameTokenSignature
> >
> >
> > Steve,
> >
> > just remove the action that you don't want from the scenarios, e.g
> > the encrypt.
> >
> > On the Callback problem: as the deployment setup overwrights the
> > progeamatic setup the "passwordCallbackClass parameter"
> > will be used by the handler. As I can see you define a java
> > source file here - not a class. pls check your setup and fix
> > it.
> >
> > Regards,
> > Werner
> >
> > Steve Behrendt schrieb:
> > > Werner,
> > >
> > >
> > >>AFAIK the Secnario 3a (or 2a?) of the interop scenarios
> > >>show ho to use the stuff.
> > >
> > >
> > > The Problem is that the stuff is only shown with encryption
> > etc. But I only want to use a signature base on the
> > UsernameToken - for an implementation with Microsoft .NET.
> > > But when I call the method of the service, the handler
> > (PasswordCallBackHandler) is not passed.
> > >
> > > My Handler:
> > >
> > > <deployment xmlns="http://xml.apache.org/axis/wsdd/";
> > >
> > xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
> > >
> > > <globalConfiguration >
> > > <requestFlow>
> > > <handler
> > type="java:org.apache.ws.axis.security.WSDoAllSender" >
> > > <parameter name="action"
> > value="UsernameTokenSignature" />
> > > <parameter name="passwordCallbackClass"
> > value="net.weg.service.PWCallback.java" />
> > > </handler>
> > > </requestFlow>
> > > </globalConfiguration>
> > >
> > > <transport name="java"
> > pivot="java:org.apache.axis.transport.java.JavaSender"/>
> > > <transport name="http"
> > pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> > > <transport name="local"
> > pivot="java:org.apache.axis.transport.local.LocalSender"/>
> > >
> > > </deployment>
> > >
> > > and thats a part of my client:
> > >
> > > PWCallback pwCallback = new PWCallback();
> > > ServiceInterfaceStub axisPort =
> > (ServiceInterfaceStub)service;
> > >
> > > axisPort._setProperty(WSHandlerConstants.USER,
> > usuario); //fixe o usuario
> > >
> > axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,pwCal
> > lback); //fixe a classe //do handler
> > >
> > > The Message is sent, but hasn't a Header with the
> > UsenameToken or the Signature.
> > >
> > >
> > > For a little bit of help,
> > > i'm very gratefully.
> > >
> > > STEVE
> > >
> > >
> > > -----Mensagem original-----
> > > De: Dittmann, Werner [mailto:[EMAIL PROTECTED]
> > > Enviada em: quarta-feira, 29 de junho de 2005 11:33
> > > Para: Steve Behrendt; [email protected]
> > > Assunto: AW: How to configure UsernameTokenSignature
> > >
> > >
> > > Steve,
> > >
> > > AFAIK the Secnario 3a (or 2a?) of the interop scenarios
> > > show ho to use the stuff.
> > >
> > > We've not fully tested interop with Microsoft or others.
> > >
> > > Regards,
> > > Werner
> > >
> > >
> > >>-----Ursprüngliche Nachricht-----
> > >>Von: Steve Behrendt [mailto:[EMAIL PROTECTED]
> > >>Gesendet: Mittwoch, 29. Juni 2005 14:36
> > >>An: [email protected]
> > >>Betreff: RES: How to configure UsernameTokenSignature
> > >>
> > >>
> > >>Hi,
> > >>
> > >>Is there now an existing implementation of the
> > >>UsernameTokenSignature "Problem"?
> > >>Because my implementation is using only a UsernameToken and I
> > >>want to implement more security, but without using keys.
> > >>
> > >>Greets,
> > >>Steve
> > >>
> > >>-----Mensagem original-----
> > >>De: Davanum Srinivas [mailto:[EMAIL PROTECTED]
> > >>Enviada em: terça-feira, 21 de junho de 2005 10:53
> > >>Para: Dittmann, Werner
> > >>Cc: Granqvist, Hans; [email protected]
> > >>Assunto: Re: How to configure UsernameTokenSignature
> > >>
> > >>
> > >>Hi Werner,
> > >>
> > >>updated the specs directory. Please take a look and let me
> > know if you
> > >>need something else.
> > >>
> > >>-- dims
> > >>
> > >>On 6/21/05, Dittmann, Werner <[EMAIL PROTECTED]> wrote:
> > >>
> > >>>Hans,
> > >>>
> > >>>are the drafts publicly available? Can't find
> > >>>them on the OASIS WSS pages.
> > >>>
> > >>>Regards,
> > >>>Werner
> > >>>
> > >>>
> > >>>>-----Ursprüngliche Nachricht-----
> > >>>>Von: Granqvist, Hans [mailto:[EMAIL PROTECTED]
> > >>>>Gesendet: Montag, 20. Juni 2005 17:31
> > >>>>An: [email protected]
> > >>>>Betreff: RE: How to configure UsernameTokenSignature
> > >>>>
> > >>>>
> > >>>>
> > >>>>><quote>
> > >>>>>The Username Token profile does not currently define a key
> > >>>>>derivation algorithm. The OASIS WSS TC is expected to address
> > >>>>>this issue in a subsequent specification. </quote>
> > >>>>
> > >>>>The latest (March 2005 and onward) WSS 1.1 draft of the
> > >>>>UsernameToken profile defines key derivation in section 4.
> > >>>>
> > >>>>Hans
> > >>>>
> > >>>
> > >>
> > >>--
> > >>Davanum Srinivas -http://blogs.cocoondev.org/dims/
> > >>
> > >
> > >
> >
> >
>
