Hi Dmitry,
On 3/24/07, Dmitry Sherman <[EMAIL PROTECTED]> wrote:
Hi everyone, could anyone help me with the following:
1. Problem:
Failing to do the WS-Security handshake on the client side (I think).
The debugger steps into the callback strangely enough no code is
executed in it (?).
If I follow it into some Axis2 source I can see the password set
correctly, but at the .invoke call AxisFault is returned (see below).
No HTTP traffic is visible and the SOAPMonitor does not catch
anything going back and forth
(if I make unsecured calls, or call other services SOAPMonitor shows
the messages; including faults).
Security processing fails at the client side because it cannot obtain
a password to add to the UsernameToken.
My guess is you probably might be loading a different
com.kryterion.poc.PWCBHandler class at the client side.
2. Environment:
JDK 1.5.0_6 (OS X)
Tomcat 5.5.23
Eclipse 3.2.0
Axis2 1.1.1 (rampart-1.1)
Firefox 1.5 & Safari
OS X (10.4.9)
3. Error Message:
Mar 23, 2007 9:20:50 AM org.apache.axis2.deployment.DeploymentEngine
doDeploy
INFO: Deploying module : rampart-1.1
Mar 23, 2007 9:20:52 AM org.apache.axis2.deployment.DeploymentEngine
doDeploy
INFO: Deploying module : rahas-1.1
Mar 23, 2007 9:20:52 AM org.apache.axis2.deployment.DeploymentEngine
doDeploy
INFO: Deploying module : soapmonitor-1.1.1
Mar 23, 2007 9:20:52 AM org.apache.axis2.deployment.DeploymentEngine
doDeploy
INFO: Deploying module : addressing-1.1.1
org.apache.axis2.AxisFault: General security error
(WSSecurityEngine: Callback supplied no password for: arnhem)
at org.apache.axis2.description.OutInAxisOperationClient.send
(OutInAxisOperation.java:271)
at org.apache.axis2.description.OutInAxisOperationClient.execute
(OutInAxisOperation.java:202)
at
com.kryterion.poc..KServicesStub.putBinary(KServicesStub.java:364)
at com.kryterion.poc..Client.main(Client.java:77)
4. Client code:
---- START ---
KServicesStub ks = new
KServicesStub("http://localhost:8080/axis2/
services/KServices");
ServiceClient client = ks._getServiceClient();
Options options = client.getOptions();
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("policy.xml"));
client.setOptions(options);
client.engageModule(new QName("addressing"));
client.engageModule(new QName("rampart"));
ks._setServiceClient(client);
KServicesStub.PutBinary pb = new
KServicesStub.PutBinary();
FileInputStream fi = new FileInputStream("1.jpg");
byte[] fia = new byte[fi.available()];
fi.read(fia);
String send = new String(Base64.encode(fia));
pb.setBinaryXML("<data><![CDATA[" + send +
"]]></data>");
KServicesStub.PutBinaryResponse pbr = ks.putBinary(pb);
---- End ---
5. Client policy.xml:
---- START ----
<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/
2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/
2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/
2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>arnhem</ramp:user>
<ramp:passwordCallbackClass>com.kryterion.poc.PWCBHandler</
ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
---- END ----
6. Server service.xml:
---- START ----
<?xml version="1.0" encoding="UTF-8"?>
<service>
<operation name="putBinary">
<messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</operation>
<parameter
name="ServiceClass">com.kryterion.poc.login.KServices</parameter>
<module ref="rampart" />
<module ref="addressing" />
<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/
2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/
2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/
2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:passwordCallbackClass>com.kryterion.poc.PWCBHandler</
ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
---- END ----
7. Callback code:
---- START ----
/*
* Copyright 2004,2005 The Apache Software Foundation.
*/
package com.kryterion.poc;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
//When the server side need to authenticate the user
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
if (pwcb.getUsage() ==
WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
if(pwcb.getIdentifer().equals("arnhem") &&
pwcb.getPassword().equals("password")) {
return;
} else {
throw new UnsupportedCallbackException(callbacks
[i], "check failed");
}
}
//When the client requests for the password to be added
in to the
//UT element
pwcb.setPassword("password");
}
}
}
---- END ----
If anyone have a working sample code on how to do the UsernameToken &
Timestamp ws-security w/ Axis2, that would be SOOOOOOO appreciated!
Please see rampart-1.1/samples/policy/sample01 for a sample
Thanks,
Ruchith
--
www.ruchith.org
www.wso2.org
