Hi Hailong,
The error is due to the server's password callback handler
implementation NOT authenticating the username token. In addition to
providing the passwords for the private keys in the keystores the
password callback handler implementation should authenticate the user
(in the case of plain text password) and provide the password *in the
case of hashed password).
Please see here [1] for more!
Thanks,
Ruchith
[1] http://www.wso2.org/library/240
p.s. Please post to the rampart-dev@ list ... others might be able to
help you faster ! :-)
On 6/7/07, Wang, Hailong (NIH/CIT) [C] <[EMAIL PROTECTED]> wrote:
Ruchith,
Thanks very much. I used your policy file and the client did send out
the UsernameToken. But the server said there is no password for
UsernameToken. I am pretty sure that at the client side Callback
function, I set the password. Do I miss something here?
Below is the error message thrown by server:
user: client
org.apache.ws.security.WSSecurityException: General security error
(WSSecurityEngine: Callback supplied no password for: client)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameTo
ken(UsernameTokenProcessor.java:114)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(User
nameTokenProcessor.java:49)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity
Engine.java:279)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity
Engine.java:201)
at
org.apache.rampart.RampartEngine.process(RampartEngine.java:71)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:7
1)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReques
t(HTTPTransportUtils.java:279)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:210)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:174)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
51)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:87
0)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc
essConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint
.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow
erWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:685)
at java.lang.Thread.run(Thread.java:595)
Hailong
-----Original Message-----
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 07, 2007 5:55 AM
To: Wang, Hailong (NIH/CIT) [C]
Subject: Re: A question about Rampart
Please see my reply in the ramprt-dev list!
Thanks,
Ruchith
On 6/6/07, Wang, Hailong (NIH/CIT) [C] <[EMAIL PROTECTED]> wrote:
> Hi Ruchith,
>
> Could you tell me if Rampart 1.2 supports following policy? This time
I
> am pretty sure the policy is a valid policy. But the client did not
send
> out the UsernameToken at all. Could you help me on this? Thanks a lot.
>
>
> Hailong
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 05, 2007 11:39 AM
> To: Wang, Hailong (NIH/CIT) [C]
> Cc: [EMAIL PROTECTED]
> Subject: Re: A question about Rampart
>
> Hi,
>
> Yes!
>
> Please see the "basic" samples of Rampart to gen an idea of this with
> Rampart-1.0 style config.
>
> In the case of WS-Policy/SecurityPolicy config you will be able to do
> the above with the use of a supporting token (for the UsernameToken)
> in the policy shown in "samples/policy/sample03/". Please see the
> rampart bin distro's samples dir.
>
> Thanks,
> Ruchith
>
> On 6/5/07, Wang, Hailong (NIH/CIT) [C] <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >
> > Hi,
> >
> >
> >
> > Does Rampart support UsernameToken, Sign and Encrypt at the same
time?
> > Thanks in advance.
> >
> >
> >
> > Hailong Wang
> >
> > National Database for Autism Research(NDAR)
> >
> > NIH/CIT/DECA (MOM CONTRACTOR)
> >
> > 9000 Rockville Pike, Bld 12A/Room 2027
> >
> > Bethesda, MD 20892
> >
> > Phone: 301-402-3045
> >
> > Fax: 301-480-0028
> >
> > Email: [EMAIL PROTECTED]
> >
> > URL: http://ndar.nih.gov
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
--
www.ruchith.org
www.wso2.org
--
www.ruchith.org
www.wso2.org
