Hi Jing,
By looking at the code segments and configurations, I could not identify
anything suspicious. I am not sure whether there is a bug in this particular
version.
Is it possible for you to try this with the latest release (Rampart 1.5.1
and Axis2 1.5.5). Also please try to use the policy based configuration,
because that is the model we encourage users to follow. You can find a
similar scenario in the first sample of under the policy section in the
Rampart distribution.
Thanks,
Thilina
On Wed, Aug 17, 2011 at 5:15 AM, jing <t...@nceas.ucsb.edu> wrote:
> Hi, everyone:
>
> I am using rampart-1.4 to secure a axis2-1.4 web service.
>
> Here is my setting on client.axis2.xml for rampart:
>
> <module ref="rampart" />
> <parameter name="OutflowSecurity">
> <action>
> <items>UsernameToken Timestamp</items>
> <user>wsuser</user>
> <passwordCallbackClass>org.**kepler.executionWS.client.**PWHandlerClient</
> **passwordCallbackClass>
> </action>
> </parameter>
>
> The PWHandlerClient class will read a property file to set password for
> wsuser:
> public class PWHandlerClient implements CallbackHandler {
>
> private static final String WS_USER_PROPS = "conf/UserManagement.**
> properties";
>
>
> public void handle (Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
> String id = pwcb.getIdentifer();
> if (id == null)
> System.out.println("no users");
> //get user info from configuration file
> try {
> Properties pros = new Properties();
> BufferedInputStream prosFile = new BufferedInputStream(new
> FileInputStream(WS_USER_PROPS)**);
> pros.load(prosFile);
> pwcb.setPassword(pros.**getProperty(id));
> } catch (FileNotFoundException e) {
> e.printStackTrace();
> } catch (IOException e) {
> e.printStackTrace();
> } catch (Exception e) {
> e.printStackTrace();
> }
> }
> }
> }
>
>
> Here is my services.xml about the rampart on my service side:
> <module ref="rampart" />
> <parameter name="InflowSecurity">
> <action>
> <items>UsernameToken Timestamp</items>
> <passwordCallbackClass>org.**kepler.executionWS.**PWHandlerServer</**
> passwordCallbackClass>
> </action>
> </parameter>
>
> The PWHandlerServer class looks like:
> public void handle (Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> if (callbacks[i] instanceof WSPasswordCallback) {
> WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
> System.out.println(""+i+"=====**====== the identifier is
> "+pc.getIdentifer());
> System.out.println(""+i+"=====**====== the usag is
> "+pc.getUsage());
> System.out.println(""+i+"=====**====== the password is
> "+pc.getPassword());
> pc.setPassword("wsuserPass");
> }
> }
> System.out.println("reach the end =====!");
> }
>
> The output always is:
> 0=========== the identifier is wsuser
> 0=========== the usag is 2
> 0=========== the password is null
> reach the end =====!
>
> You see, the service PWHandlerServer couldn't get the password. The value
> is null. I have to manually set the password by:
> pc.setPassword("wsuserPass");
>
> By the way, the username/password (they wsuser/wsuserPass) was sent to the
> service correctly. If i set a different password by:
> pc.setPassword("hello") on the service side,my code will get a
> WSSecurityException.
>
>
> My purpose is: if i can get the username/password pair on service side, I
> can send this pair to a ldap server to authenticate if the username/password
> from client is valid. If it is valid, the operation will be continue.
> Otherwise, it stops.
>
> I looked an article on this page:
> http://wso2.org/library/3190#**Step_3._Engaging_Rampart_and_**
> setting_authentication_**information<http://wso2.org/library/3190#Step_3._Engaging_Rampart_and_setting_authentication_information>
> On service side, it has some code like:
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>
> for (int i = 0; i< callbacks.length; i++) {
>
> //When the server side need to authenticate the user
> WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[**i];
>
> if(pwcb.getIdentifer().equals(**"apache")&&
> pwcb.getPassword().equals("**password")) {
> //If authentication successful, simply return
> return;
> } else {
> throw new UnsupportedCallbackException(**callbacks[i],
> "check failed");
> }
>
> }
> }
>
> It seems his code can get the password on service's CallbackHandler.
>
> Do you have any idea why i can't get the password on the service side?
>
> Thank you very much!
>
> Regards,
>
> Jing
>
>
> By the way, my client code is:
> /**
> * Constructor
> */
> public KeplerExeWSClient(String endPoint, boolean loadConfigFromJar)
> throws Exception{
> this.loadConfigFromJar = loadConfigFromJar;
> options = new Options();
> options.setProperty(Constants.**Configuration.ENABLE_SWA,
> Constants.VALUE_TRUE);
> options.setSoapVersionURI(**SOAP11Constants.SOAP_ENVELOPE_**
> NAMESPACE_URI);
> // Increase the time out when sending large attachments
> options.**setTimeOutInMilliSeconds(**1000000);
> EndpointReference epr = new EndpointReference(endPoint);
> options.setTo(epr);
> if (loadConfigFromJar) {
> //System.out.println("load config from jar");
> cofigContext = ConfigurationContextFactory.**
> createDefaultConfigurationCont**ext();
>
> } else {
> //System.out.println("load config from file system");
> cofigContext = ConfigurationContextFactory.**
> createConfigurationContextFrom**FileSystem(this.**axis2ModulePath,
> this.axis2xmlPath);
> }
> }
>
> /**
> * Get the status of a workflowRun with given id
> * @param workflowRunId
> * @return
> */
> public String getStatus(String workflowRunId) throws Exception
> {
> String action = "getStatus";
> options.setAction("urn:"+**action);
> OperationClient keplerWSClient = createOperationClient(options)**;
> MessageContext mc = createMessageWithoutAttach(**action,
> workflowRunId);
> keplerWSClient.**addMessageContext(mc);
> keplerWSClient.execute(true);
>
> //Let's get the message context for the response
> OMElement outputs = getResponseOMElement(**keplerWSClient, action);
> //get corresponding output
> OMElement outputOME = outputs.getFirstChildWithName(**new
> QName(KEPLER_NAME_SPACE,"**return"));
>
> return outputOME.getText();
> }
>
> /*
> * Creates an OperationClient object
> */
> private OperationClient createOperationClient(Options options) throws
> Exception
> {
> ServiceClient sender = new ServiceClient(cofigContext, null);
> sender.setOptions(options);
> OperationClient keplerWSClient = sender
> .createClient(ServiceClient.**ANON_OUT_IN_OP);
> return keplerWSClient;
> }
>
>
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail:
> java-user-unsubscribe@axis.**apache.org<java-user-unsubscr...@axis.apache.org>
> For additional commands, e-mail: java-user-h...@axis.apache.org
>
>
--
Thilina Mahesh Buddhika
http://blog.thilinamb.com
