Hi all,
Currently I'm working on securing messages with rampart. Therefore I
just add Username/Pass/Timestamp in a policy. This works all fine (at
client and at server-side) using a code first approach and defining the
policy as well as the rampart-config in the services.xml.
services.xml (partially):
<service name="UserNameTokenService">
<parameter name="ServiceClass" locked="false">unt.UserNameToken
</parameter>
<operation name="add">
<messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver" />
</operation>
<module ref="rampart" />
<wsp:Policy wsu:Id="UsernameTokenOverHTTP"
...
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:passwordCallbackClass>unt.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
...
When I want to use contract first and load a policy document from an
external source (e.g. http://ip:port/axis2/external-policy.xml), the
Axis2-framework responds with "
Exception in thread "main" org.apache.axis2.AxisFault: Must Understand
check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:446)
..."
The (relevant) part of the WSDL:
<wsdl:portType name="UserNameTokenExternalPolicyServicePortType">
<wsdl:operation name="add">
<wsdl:input message="ns:addRequest" wsaw:Action="urn:add">
</wsdl:input>
<wsdl:output message="ns:addResponse" wsaw:Action="urn:addResponse">
</wsdl:output>
</wsdl:operation>
<wsp:PolicyReference
URI="http://localhost:7080/axis2/external-policy.xml#TS_AUTH-UNT-PASS";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>
</wsdl:portType>
The services.xml is the same like above but wss- policy is deleted. I
have tried to define the rampart-config 1) in the services.xml 2) in the
external-policy.xml, but both times the error stated above occurs.
Tracking the request with TCPMon shows that the client sends a valid
request to the server.
Is it generally possbile to use references to policies with rampart? If
so, how do I have to change my code for that?
Thanks in advance & Best regards
--
*************************
Universität Siegen
Institut: Wirtschaftsinformatik, Bereich: IT-Sicherheit
Hölderlinstr. 3
57068 Siegen
Raum: H-C 8329/3
Tel.: +49-271-740-3041
Fax: +49-271-740-3444
Mail: [email protected]
Web: http://www.uni-siegen.de/fb5/itsec/index.html?lang=de
*************************
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
