I have a couple of follow up questions if you wouldn't mind. 1. I was using a plain text UsernameToken policy over plain http initially. I changed it to digest mode but it is still being passed in plain text. Full policy file is below. Any idea why this isn't working?
2. Without ws-security it's easy to test basic web services with a browser. Is there a way to use basic auth from a URL to access these services? Something like http://user:p...@mydomain/axis2/service/blah? I know I can use SoapUI but I'm being told this is a big issue. 3. Because of #2, I'm being asked if we can use a different scheme to authenticate users. Something like an initial web service call to authenticate and get an access token that's good for X seconds that is then passed in with each subsequent service call. Does something like this exist or do I need to roll my own? I believe this is heavily influenced by #2 so if you know of alternate (easy) ways to test wen services secured with UsernameToken policies, please let me know. TIA, charles <wsp:Policy wsu:Id="UsernameToken" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; > <wsp:Policy> <sp:HashPassword/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SignedSupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>wsuser</ramp:user> <ramp:passwordCallbackClass>my.PasswordCallbackHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Thanks, charles ----- Original Message ----- From: "Charles Galpin" <[email protected]> To: [email protected] Sent: Thursday, June 3, 2010 4:05:52 PM GMT -05:00 US/Canada Eastern Subject: Re: ws-security at operation level Wow, thanks for that - solved all my problems! I just wish I'd asked a few hours ago :) Thanks! charles On Jun 3, 2010, at 2:57 PM, Prabath Siriwardena wrote: > Please move to the ws-security policy based approach and define your policy > at the operation level. > > This [1] by Nandana will be helpful.... > > Thanks & regards. > -Prabath > http://RampartFAQ.com > > [1]: http://wso2.org/library/3786 > > Charles Galpin wrote: >> I'm running axis2-1.5/rampart1.5 with a POJO based service and can't get >> ws-security enabled for specific operations (not the whole service). If I >> enable rampart for the service, using the same InflowSecurity parameter it >> works fine, but if I move it into an operation block I get >> >> [java] org.apache.axis2.AxisFault: Must Understand check failed for >> header http://docs.oasis-open.org/wss/2004/01/o >> asis-200401-wss-wssecurity-secext-1.0.xsd : Security >> [java] at >> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:517) >> [java] at >> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:371) >> [java] at >> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417) >> [java] at >> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) >> [java] at >> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) >> [java] at >> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:539) >> [java] at >> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:520) >> >> The admin tools verify the rampart module is engaged for the operation. Any >> thoughts on what I am doing wrong? >> >> Using policies is the next step, but for now I am using the following in >> services.xml (or trying to within an operation block) >> >> <module ref="rampart"/> >> <parameter name="InflowSecurity"> >> <action> >> <items>UsernameToken Timestamp</items> >> >> <passwordCallbackClass>my.PasswordCallbackHandler</passwordCallbackClass> >> </action> >> </parameter> >> >> In either case there is no markup in the WSDL which doesn't seem right, and >> when I have it at the service level and it worked, my operation got null for >> >> MessageContext.getCurrentMessageContext().getProperty(RampartMessageData.USERNAME); >> >> which is even more perplexing. Help! >> >> Thanks, >> charles >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
