Hello;
Thanks to certain unnamed correspondents for your assistance. You know who
you are.
This problem was solved by setting the rampart INFLOW_SECURITY parameter
with the Timestamp item. For some reason this would not work from the
module.xml file in rampart.mar, so we did it programmatically as in the
following code snippet.
This solution was validated on AXIS2 version 1.5.4
Note: the password callback class was not used and references to it are
commented out in the snippet.
Thanks again.
-Mike Pettigrew
=================== Code snippet =======================================
/**
* Setup WS-Security to secure the service.
*
* Remember that "rampart.mar" must be in your class path to engage
rampart
*/
private void secureService(ServiceClient client) throws AxisFault {
AxisService service = client.getAxisService();
Options options = client.getOptions();
String filePath = "policy.xml";
Policy securityPolicy = loadPolicy(filePath);
if (securityPolicy != null) {
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
securityPolicy);
log.debug("Security policy was found and set. See file -
"
+ filePath);
} else {
log.debug("Security policy was not used");
}
options.setUserName(GATEWAY_USER_ID);
options.setPassword(GATEWAY_PASSWORD);
client.engageModule("rampart");
Options opt = client.getOptions();
Parameter parm = getInflowConfiguration("Timestamp");
opt.setProperty(WSSHandlerConstants.INFLOW_SECURITY, parm);
}
private Parameter getInflowConfiguration(String item) {
InflowConfiguration ifc = new InflowConfiguration();
//set the action item
ifc.setActionItems(item);
//set the password callback class
//ifc.setPasswordCallbackClass("axis2.adb.sync.rampart.callbackhandler.PWCBH
andler");
//set the property file; remember if the properties is not in
classpath then it will not find this.
//ifc.setDecryptionPropFile("client.properties");
//return the parameter
return ifc.getProperty();
}
private Policy loadPolicy(String name) {
InputStream resource =
this.getClass().getResourceAsStream(name);
if (resource == null) {
log.warn("Security policy file not found - " + name);
return null;
}
StAXOMBuilder builder;
try {
builder = new StAXOMBuilder(resource);
} catch (XMLStreamException e) {
// TODO Auto-generated catch block
e.printStackTrace();
return null;
}
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
From: Mike Pettigrew [mailto:mpettig...@ewise.com]
Sent: Monday, June 27, 2011 2:58 PM
To: axis-u...@ws.apache.org
Subject: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.xsd : Security
Hello;
Does anyone have a solution for this problem? It seems to be a
long-standing issue.
Must Understand check failed for header http://.........secext-1.0.xsd :
Security
It occurs in the client when receiving a response from a service. The
"mustUnderstand" flag is set in the response.
The client sends a UsernameToken which appears to be accepted by the server.
The server sends back a response which includes a Security header and
Timestamp - and the "mustUnderstand" flag.
I am unclear how the client is supposed to process the response with the
security header. I have tried writing a client-side handler for the
Security header, but it never seems to engage. The examples I have found
seem to be incomplete in crucial details.
-Mike Pettigrew
