Hi Megadeth, Please find some answers inline.
On Tue, Jun 26, 2012 at 1:15 PM, Megadeth <[email protected]> wrote: > > Hi, > > I created java project. It is client of my jax-ws web service and I use it > for signing messages. > I renamed rampart.mar to rampart.jar and put it into classpath of java > project (also addressing and rahas mars). I am not sure if this is correct, > but it works for me. This is not the correct way to do. When creating the FileSystemConfigurator, you can give a repository path. There you can specify path to the axis2 repository (E.g :- /home/amila/development/apache/axis2/java/rampart/packs/axis2-1.6.2/repository). Rampart.mar should be there within repository in a folder called "modules". > > In client I put this: > > String axis2xml = "C:/.../conf/client.axis2.xml"; > System.setProperty(Constants.AXIS2_CONF, axis2xml); > FileSystemConfigurator configurator = new FileSystemConfigurator(null, > axis2xml); > ClientConfigurationFactory factory = new > ClientConfigurationFactory(configurator); > MetadataFactoryRegistry.setFactory(ClientConfigurationFactory.class, > factory); > > JaxwsLibrary service = new JaxwsLibrary(); > ESomePortType stub = service.getLibrary(); > > BindingProvider provider = (BindingProvider)stub; > > Policy policy = loadPolicy("sign-policy-client.xml"); > provider.getRequestContext().put(RampartMessageData.KEY_RAMPART_POLICY, > policy); > > provider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, > "http://localhost:8080........../MyWebService";); > > I realized that I MUST set factory BEFORE creating service object. If you do > not, then Axis will not be configured properly. > As you can see, my entire policy is in separate xml. I also put this policy > into wsdl, but I am not sure if this one (from wsdl) is used anywhere. > > Then I generate service jar: > <jar jarfile="${service-archive-name}.jar"> > <fileset dir="${compiled-code}"/> > </jar> > > "compiled-code" is directory where resides classes generated by wsimport. > Then I put this into axis2.xml on the service side (I am not sure this is > correct): > > <parameter name="OutflowSecurity"> > <action> > <items>Signature</items> > <user>serveralias</user> > <passwordCallbackClass>hr.bla.bla.PWServiceHandler</passwordCallbackClass> > <signaturePropFile>crypto.properties</signaturePropFile> > </action> > </parameter> > > <parameter name="InflowSecurity"> > <action> > <items>Signature</items> > <passwordCallbackClass>hr.bla.bla.PWServiceHandler</passwordCallbackClass> > <signaturePropFile>crypto.properties</signaturePropFile> > </action> > </parameter> Rampart supports 2 modes of operations. 1. Parameter based configurations 2. Policy based configurations What you have defined above is parameter based configuration. Parameter based configuration is sort of obsolete. Therefore we recommend you to use policy based configurations. In addition you dont need to specify both to sign messages. > > Also, I put crypto.properties, My.jks and handler class into MyUtil.jar. > Then MyUtil.jar is added to /WEB-INF/lib. > > When I start all this (WebSphere 6.1, Rational Software Developer with > TCP/IP monitoring, Axis 1.6.0 and Rampart 1.6.0; axis and rampart versions > MUST be the same) client sends signed message to web service. From the web > service side this message is validated, but when server sends > acknowledgement message something goes wrong. > I can see from debugger that password handler (on service side) do his job, > but after that I see this (without security everything works ok): > > [2012.06.18 10:08:52:000 CEST] 0000001f ServletWrappe E SRVE0068E: Uncaught > exception thrown in one of the service methods of the servlet: AxisServlet. > Exception thrown : java.lang.NullPointerException > at > org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:281) > at > org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:255) > at > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:717) > at > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414) > at > org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90) > at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) > at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) > at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) > at org.apache.axis2.engine.Phase.invoke(Phase.java:313) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) > at org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:516) > at > org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433) > at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:216) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:763) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) > at > com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:989) > at > com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:501) > at > com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:464) > at > com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:90) > at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:744) > at > com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455) > at > com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:113) > at > com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454) > at > com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383) > at > com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:279) > at > com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) > at > com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) > at > com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) > at > com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) > at > com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) > at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) > at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195) > at > com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743) > at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873) > at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1469) > > I realize that above exception is because I forgot to load policy for > service. > But where I need to put it ? > I know that somehow I can put policy inside axis2.xml, but I don't know how. You need to specify policy within the services.xml file. > > Using this: > > https://issues.apache.org/jira/browse/AXIS2-4611?p...em.issuetabpanels:all-tabpanel > I tried to create aar and put policy in service.xml. > But for that I need axis2 1.7 and rampart 1.7. (The same thing is with 1.6.0 > versions). > I can see my service from axis console, and also I can open wsdl by click on > web service link. > > After I start client TCP/IP monitor gave me: > <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> > <soapenv:Header > xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > soapenv:mustUnderstand="1"><wsu:Timestamp > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="Timestamp-1"><wsu:Created>2012-06-18T14:45:29.000Z</wsu:Created><wsu:Expires>2012-06-18T14:50:29.000Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > wsu:Id="CertId-CFAD48F0CEE02316E613400307290001">MIICKzCCAZSgAwIBAgIET9nnZDANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJIUjENMAsGA1UEChMERmluYTETMBEGA1UECxMKUHJvZ3JhbWVyaTEnMCUGA1UEAxMeZHRvbWxqZW5vdmljMS5pbnRyYW5ldC5maW5hLmhyMB4XDTEyMDYxNDEzMzAxMloXDTEzMDYxNDEzMzAxMlowWjELMAkGA1UEBhMCSFIxDTALBgNVBAoTBEZpbmExEzARBgNVBAsTClByb2dyYW1lcmkxJzAlBgNVBAMTHmR0b21samVub3ZpYzEuaW50cmFuZXQuZmluYS5ocjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu/FWX1RIOSHaVSMHMU/debHywi5PMkKXQISeWljpZ/by4T/HEQGFB9muJDnOTdHJ8ELF0s+r1RUAF/+mG5sD3UpUZeAmyP+haSQh5weD7Aj/OUf3g8S6/Ftk5OkS4XOaVWqJwhpkTrLa9Lgk2fQLpOW2Zsk0z62Cb87/VsYy42ECAwEAATANBgkqhkiG9w0BAQQFAAOBgQAJ0+fNH8o3BPV9JgQrjdJbeObRccNT7fIR3YtMgtm/Xp6/hqMAbS/qBkNsPx4VJImc8xjXnWdDr6I0+nsxTtCmw5FIPKKkYaYWxo3r/LZy6eZwcSfAzxWGVv4S4b8lIkZqLn2iBBKNEwDPr5dDtCMj5+SfvDmRo1Kp096K7iEqHw==</wsse:BinarySecurityToken><ds:Signature > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-2"> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; > /> > <ds:Reference URI="#Id-806760470"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <dsigestValue>PZ7Tv3Iei2t9trchNcReIWIPqdg=</dsigestValue> > </ds:Reference> > <ds:Reference URI="#Timestamp-1"> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > <dsigestValue>dW1lWCZA1zJ+aKHv7k6oIE7VcDE=</dsigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > Vw2alx+bvcoUqhtYKeYfNm4LEi6P1PBqJs2vDu9mzN4VghsLiYXQsADaK2S+izxNLIy+FwVuXn/z > DI7tyPqZtZW6GXUGfl8fSJvDbxtcX7SWu8mQwzQGuK9gBQRLMkqEvB3Gh/YuNpD8htiU1jFM4jBw > yhgIQco07s1R5B+yK5U= > </ds:SignatureValue> > <ds:KeyInfo Id="KeyId-CFAD48F0CEE02316E613400307290002"> > <wsse:SecurityTokenReference > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="STRId-CFAD48F0CEE02316E613400307290003"><wsse:Reference > URI="#CertId-CFAD48F0CEE02316E613400307290001" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > /></wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature></wsse:Security><wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action><wsa:RelatesTo>urn:uuid:4a9625ed-87b6-4238-8fc8-2589f578edd9</wsa:RelatesTo></soapenv:Header><soapenv:Body > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="Id-806760470"><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>java.lang.RuntimeException: > The service class cannot be found for this > AxisService.</faultstring><detail > /></soapenv:Fault></soapenv:Body></soapenv:Envelope> > > I suppose that rampart now runs but without Axis doing web service method > call. > Probably Axis can't find service class. Also debugger won't debug this class > in Eclipse. > > This is error from axis log: > Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: > java.lang.RuntimeException: The service class cannot be found for this > AxisService. I am not quite sure why you are getting above error message. (Service class not deployed properly ?) Thanks AmilaJ > at > org.apache.axis2.jaxws.marshaller.impl.alt.MethodMarshallerUtils.createSystemException(MethodMarshallerUtils.java:1326) > at > org.apache.axis2.jaxws.marshaller.impl.alt.MethodMarshallerUtils.demarshalFaultResponse(MethodMarshallerUtils.java:1052) > at > org.apache.axis2.jaxws.marshaller.impl.alt.DocLitBareMethodMarshaller.demarshalFaultResponse(DocLitBareMethodMarshaller.java:415) > at > org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.getFaultResponse(JAXWSProxyHandler.java:577) > at > org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.createResponse(JAXWSProxyHandler.java:520) > at > org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invokeSEIMethod(JAXWSProxyHandler.java:386) > at > org.apache.axis2.jaxws.client.proxy.JAXWSProxyHandler.invoke(JAXWSProxyHandler.java:171) > at $Proxy28.sendOutgoingInvoice(Unknown Source) > at > hr.fina.jaxws.invoicesStatusesService.client.WebServiceClient.main(WebServiceClient.java:92) > > Do I need to comment some of this features in axis2.xml ? > > <deployer extension=".class" directory="pojo" > class="org.apache.axis2.deployment.POJODeployer"/> > <deployer extension=".jar" directory="servicejars" > class="org.apache.axis2.jaxws.framework.JAXWSDeployer"/> > <deployer extension=".jar" directory="transports" > class="org.apache.axis2.deployment.TransportDeployer"/> > > I read on web that this is some problem between axis2 engine, jdk 1.6 and > Websphere 6.1. > What to do next ? > > Please, help me. > > Thanks. > -- > View this message in context: > http://old.nabble.com/JAX-WS-client-and-service-with-Rampart-module-for-signing-messages-tp34070987p34070987.html > Sent from the Axis - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
