hi
I will be using X509 tokens for signing my request and I am not encrypting those. Moreover I am using aSymmetric binding (if that has to do anything with this issue) I have already specified security policy namspace in my policy.xml Is Rampart compatiable with Websphere and what versions of Rampart and Axis2 ar compatiable. Regards Anurag Sahni From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Friday, October 26, 2012 5:43 PM To: java-dev@axis.apache.org Subject: RE: issue with Rampart somewhere in your client code you have a reqest for a security token Token responseToken = stsClient.requestSecurityToken(loadPolicy("policy.xml"), "http://localhost:8080/axis2/services/STS";, loadPolicy("sts_policy.xml"), null); as the policy.xml is located locally we can examine the namespace assignments from policy.xml <wsp:Policy wsu:Id="SgnOnlyAnonymous" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:ExactlyOne> <wsp:All> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <Address xmlns="http://www.w3.org/2005/08/addressing";>http://localhost:8080/axis2/services/STS</Address> </Issuer> <sp:RequestSecurityTokenTemplate> <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType> <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>256</t:KeySize> </sp:RequestSecurityTokenTemplate> <wsp:Policy> <sp:RequireInternalReference/> </wsp:Policy> </sp:IssuedToken> </wsp:Policy> </sp:SupportingTokens> <sp:SignedParts> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> <sp:Body/> </sp:SignedParts> <sp:Wss11> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefThumbprint/> <sp:MustSupportRefEncryptedKey/> <sp:RequireSignatureConfirmation/> </wsp:Policy> </sp:Wss11> <sp:Trust10> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> notice the namespace assignment for the encompassing Policy element is xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; if we looked at the policy.xml you are referencing in client code would we see a non-null namespace assignment? Martin ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. ________________________________ Subject: issue with Rampart Date: Fri, 26 Oct 2012 05:49:58 -0500 From: anurag_sa...@uhc.com To: java-dev@axis.apache.org Hi I am facing this error on client side. Not able to invoke Rampart correctly My policy is attached herewith . I am using Rampart 1.6.0 and Axis2 version 1.5 I am runing it on IBM Websphere 7 and getting this error [10/22/12 2:41:32:909 CDT] 00000033 SystemErr R java.lang.RuntimeException: Undefined 'Security policy namespace cannot be null.' resource property [10/22/12 2:41:32:910 CDT] 00000033 SystemErr R at org.apache.rampart.RampartException.getMessage(RampartException.java:81) [10/22/12 2:41:32:910 CDT] 00000033 SystemErr R at org.apache.rampart.RampartException.<init>(RampartException.java:41) [10/22/12 2:41:32:910 CDT] 00000033 SystemErr R at org.apache.rampart.RampartException.<init>(RampartException.java:57) [10/22/12 2:41:32:911 CDT] 00000033 SystemErr R at org.apache.rampart.RampartMessageData.setWSSecurityVersions(RampartMessageData.java:373) [10/22/12 2:41:32:911 CDT] 00000033 SystemErr R at org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:261) [10/22/12 2:41:32:911 CDT] 00000033 SystemErr R at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61) [10/22/12 2:41:32:911 CDT] 00000033 SystemErr R at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) [10/22/12 2:41:32:911 CDT] 00000033 SystemErr R at org.apache.axis2.engine.Phase.invoke(Phase.java:318) [10/22/12 2:41:32:911 CDT] 00000033 SystemErr R at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:347) [10/22/12 2:41:32:912 CDT] 00000033 SystemErr R at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:512) [10/22/12 2:41:32:912 CDT] 00000033 SystemErr R at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401) [10/22/12 2:41:32:912 CDT] 00000033 SystemErr R at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) [10/22/12 2:41:32:912 CDT] 00000033 SystemErr R at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) [10/22/12 2:41:32:912 CDT] 00000033 SystemErr R at searchregionplanmediation.searchregionplan.SearchRegionPlanExport_SearchRegionPlanHttpServiceStub.searchRegionPlan(SearchRegionPlanExport_SearchRegionPlanHttpServiceStub.java:190) [10/22/12 2:41:32:912 CDT] 00000033 SystemErr R at com.uhg.uhc.employerportal.transactions.gps.esb.serviceimpl.SearchRegionPlanService.prepareSearchRegionPlanResponse(SearchRegionPlanService.java:139) [10/22/12 2:41:32:913 CDT] 00000033 SystemErr R at com.uhg.uhc.employerportal.transactions.gps.esb.serviceimpl.SearchRegionPlanService.getSearchRegionPlan(SearchRegionPlanService.java:110) [10/22/12 2:41:32:913 CDT] 00000033 SystemErr R at com.uhg.uhc.employerportal.transactions.gps.GPSSearchRegionPlan.invoke(GPSSearchRegionPlan.java:165) [10/22/12 2:41:32:913 CDT] 00000033 SystemErr R at com.uhg.uhc.employerportal.transactions.tools.AuditService.doAudit(AuditService.java:361) Is it a bug in Rampart or some compatibility issue with Websphere 7.5??? Regards Anurag Sahni This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.
