Hi, Right now I'm not sure why policy wasn't available when the rampart handler was called and why it is available in post dispatch. Maybe someone more familiar with policy loading will be able to help.
Can you please verify whether the callback handler was called to authenticate the username token in this case (I don't think it will be). I noticed you have used : <parameter name="useOriginalwsdl">true</parameter> Do you have security policy on the wsdl? If so I'm wondering whether there's an issue when loading policy that depends on dispatch. Thanks, Ruchith On Sat, Apr 9, 2011 at 2:12 PM, Stephen Cresswell <[email protected]> wrote: > Hi Ruchith, > > Can you elaborate a bit more please? If the webservice request is sent with > the correct security headers, and if the service the correct policy > definition, and can you think of any reason why it would not be available? > Also any idea why it works for one service and not another (the headers and > policy definitions are identical)? > > Thanks for your help, > > S > > On 9 April 2011 19:04, Ruchith Fernando <[email protected]> wrote: >> >> Hi, >> >> This error (PostDispatchVerificationHandler.java:152) means that >> security policy was not available at the time rampart was called. >> >> Thanks, >> Ruchith >> >> On Sat, Apr 9, 2011 at 1:05 PM, Stephen Cresswell >> <[email protected]> wrote: >> > We're running into problems added authentication to our web services. It >> > works for our simple "hello world" web service, but when we try it with >> > the >> > real web service we get an InvalidSecurity fault. I've stripped the WSDL >> > back so that the hello world and post code service are almost identical, >> > but >> > I still get this error. Any ideas? >> > >> > Failing Request >> > <soapenv:Envelope xmlns:car="http://xyzi.mycomp.co.uk/postcodedata_1"; >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> >> > <soapenv:Header> >> > <wsse:Security soapenv:mustUnderstand="1" >> > >> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> >> > <wsse:UsernameToken wsu:Id="UsernameToken-1" >> > >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> >> > <wsse:Username>BILL</wsse:Username> >> > <wsse:Password >> > >> > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>SECRET</wsse:Password> >> > </wsse:UsernameToken> >> > </wsse:Security> >> > </soapenv:Header> >> > <soapenv:Body> >> > <car:getValidAddressTypes> >> > <car:category>X</car:category> >> > </car:getValidAddressTypes> >> > </soapenv:Body> >> > </soapenv:Envelope> >> > >> > Response >> > <soapenv:Envelope >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> >> > <soapenv:Body> >> > <soapenv:Fault> >> > <faultcode>soapenv:Server</faultcode> >> > <faultstring>InvalidSecurity</faultstring> >> > <detail/> >> > </soapenv:Fault> >> > </soapenv:Body> >> > </soapenv:Envelope> >> > >> > services.xml >> > <?xml version="1.0" encoding="UTF-8"?> >> > <!-- This file was auto-generated from WSDL --> >> > <!-- by the Apache Axis2 version: 1.5.2 Built on : Sep 06, 2010 >> > (09:42:01 >> > CEST) --> >> > <serviceGroup> >> > <service name="PostCodeService_1_0"> >> > <messageReceivers> >> > <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"; >> > class="uk.co.mycomp.foo.PostCodeService_1_0MessageReceiverInOut"/> >> > </messageReceivers> >> > <parameter >> > >> > name="ServiceClass">uk.co.mycomp.foo.PostCodeService_1_0Skeleton</parameter> >> > <parameter name="useOriginalwsdl">true</parameter> >> > <parameter name="modifyUserWSDLPortAddress">true</parameter> >> > <operation name="getValidAddressTypes" >> > mep="http://www.w3.org/ns/wsdl/in-out"; >> > namespace="http://xyzi.mycomp.co.uk/postcodeservice_1";> >> > >> > >> > <actionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesRequest</actionMapping> >> > >> > >> > <outputActionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesResponse</outputActionMapping> >> > </operation> >> > <module ref="SmartintegratorModule"/> >> > <module ref="rampart"/> >> > >> > <wsp:Policy wsu:Id="UsernameToken" >> > >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> >> > <wsp:ExactlyOne> >> > <wsp:All> >> > <sp:SupportingTokens >> > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> >> > <wsp:Policy> >> > <sp:UsernameToken >> > >> > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> >> > </sp:UsernameToken> >> > </wsp:Policy> >> > </sp:SupportingTokens> >> > <ramp:RampartConfig >> > xmlns:ramp="http://ws.apache.org/rampart/policy";> >> > >> > >> > <ramp:passwordCallbackClass>com.mycomp.ext.auth.PasswordCallbackHandler</ramp:passwordCallbackClass> >> > </ramp:RampartConfig> >> > </wsp:All> >> > </wsp:ExactlyOne> >> > </wsp:Policy> >> > </service> >> > <service name="SpringAwareService" >> > class="com.mycomp.ext.spring.SpringInit"> >> > <description>Spring initialiser</description> >> > </service> >> > </serviceGroup> >> > >> > debug >> > [ERROR] InvalidSecurity >> > org.apache.axis2.AxisFault: InvalidSecurity >> > at >> > >> > org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:152) >> > at org.apache.axis2.engine.Phase.invoke(Phase.java:318) >> > at >> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) >> > at >> > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) >> > at >> > >> > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167) >> > at >> > org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266) >> > at >> > >> > org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) >> > at >> > >> > org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) >> > at >> > >> > org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) >> > at >> > >> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) >> > at >> > >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) >> > at java.lang.Thread.run(Thread.java:662) >> > >> >> >> >> -- >> http://ruchith.org > > -- http://ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
