[
https://issues.apache.org/jira/browse/RAMPART-300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Samisa Abeysinghe resolved RAMPART-300.
---------------------------------------
Resolution: Fixed
Fix Version/s: NextVersion
Assignee: Samisa Abeysinghe (was: Ruchith Udayanga Fernando)
Fix for RAMPART-225 should also fix this issue
> Rampart automaticaly tries to load an "Encryption user" if the security
> policy defines the use of a UsernameToken with a AsymmetricBinding
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-300
> URL: https://issues.apache.org/jira/browse/RAMPART-300
> Project: Rampart
> Issue Type: Bug
> Environment: OS: Linux. Axis2, RAMPART 1.5
> Reporter: cerbero
> Assignee: Samisa Abeysinghe
> Fix For: NextVersion
>
>
> Rampart automaticaly tries to load an "Encryption user" if the security
> policy defines the use of a UsernameToken with a AsymmetricBinding
> I have a service implemented using Websphere Message Broker and I'm
> developing an axis2 client for this service.
> To use this service, the message's body must be signed, to sign the message I
> created the following policy (based on rampart sample03):
> <?xml version="1.0" encoding="UTF-8"?>
> <wsp:Policy wsu:Id="SigOnly"
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
> />
> </wsp:Policy>
> </sp:SupportingTokens>
> <sp:AsymmetricBinding
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
>
> <sp:RequireThumbprintReference />
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> <wsp:Policy>
> <!--
> <sp:RequireThumbprintReference /> -->
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic128Rsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <!-- <sp:IncludeTimestamp /> -->
> <!-- <sp:OnlySignEntireHeadersAndBody
> /> -->
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> </wsp:Policy>
> </sp:Wss10>
> <sp:SignedParts
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body />
> </sp:SignedParts>
> <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy";>
> <ramp:user>client</ramp:user>
> <ramp:userCertAlias>client</ramp:userCertAlias>
> <!--
> <ramp:encryptionUser>client</ramp:encryptionUser> -->
>
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">/home/.../src/client.jks
> </ramp:property>
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.password">changeme</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> The problem is that rampart is trying to retrieve "Encryption user" to
> encrypt the mesage, but I only wish sign the mesage.
> org.apache.axis2.AxisFault: Encryption user not specified (The context is
> created by the initiating party)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> at
> org.example.www.echoservice.EchoServiceStub.send(EchoServiceStub.java:187)
> at TesteSignOnly.main(TesteSignOnly.java:45)
> Caused by: org.apache.rampart.RampartException: Encryption user not specified
> (The context is created by the initiating party)
> at
> org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1254)
> at
> org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1242)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:536)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:95)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
> ... 8 more
> the code works fine, the message is signed, if I take out the snippet:
> <sp:SupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
> />
> </wsp:Policy>
> </sp:SupportingTokens>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
