Hi everybody,
We want to test the following scenario using Rampart SNAPSHOT. We have a
service that defines Asymetric binding (I am applying the WSDL and the
services.xml). What we want to achieve is not to store the clients' public
keys (PK) at server side. We do not want to spend memory resources to save
all clients' PK which can be of great amount. That's why we want to use X509
in order clients to exchange public PKs with the service. My understanding
is that in this case we do not need to specify the <ramp:encryptionUser>
into the services.xml, because the client provides the X509 sent with the
SOAP. The problem is that we receive the following exception when there is
no <ramp:encryptionUser> specified:
com.mycompany.wsstack.client.api.WSClientException:
org.apache.axis2.AxisFault: Encryption user not specified (The context is
created by the initiating party)
at com.mycompany.wsstack.client.impl.WSStaxClientImpl.sendReceive(
WSStaxClientImpl.java:133)
at com.mycompany.wsstack.samples.SampleSymClient.invokeWebService(
SampleSymClient.java:67)
at com.mycompany.wsstack.samples.SampleSymClient.main(
SampleSymClient.java:29)
Caused by: org.apache.axis2.AxisFault: Encryption user not specified (The
context is created by the initiating party)
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(
Utils.java:486)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(
OutInAxisOperation.java:343)
at org.apache.axis2.description.OutInAxisOperationClient.send(
OutInAxisOperation.java:389)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(
OutInAxisOperation.java:211)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java
:163)
at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java
:528)
at com.mycompany.wsstack.client.impl.WSStaxClientImpl.sendReceive(
WSStaxClientImpl.java:129)
... 2 more
The WSDL of the service is:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:mime="
http://schemas.xmlsoap.org/wsdl/mime/"; xmlns:ns0="
http://pojo.wsstack.mycompany.com"; xmlns:soap12="
http://schemas.xmlsoap.org/wsdl/soap12/"; xmlns:http="
http://schemas.xmlsoap.org/wsdl/http/"; xmlns:ns1="
http://org.apache.axis2/xsd"; xmlns:wsaw="
http://www.w3.org/2006/05/addressing/wsdl"; xmlns:xs="
http://www.w3.org/2001/XMLSchema"; xmlns:soap="
http://schemas.xmlsoap.org/wsdl/soap/"; targetNamespace="
http://pojo.wsstack.mycompany.com";>
<wsdl:documentation>HelloPojo</wsdl:documentation>
<wsdl:types>
<xs:schema xmlns:ns="http://pojo.wsstack.mycompany.com";
attributeFormDefault="qualified" elementFormDefault="qualified"
targetNamespace="http://pojo.wsstack.mycompany.com";>
<xs:element name="sayHello">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="name"
nillable="true" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="sayHelloResponse">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="return"
nillable="true" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
</wsdl:types>
<wsdl:message name="sayHelloRequest">
<wsdl:part name="parameters" element="ns0:sayHello"/>
</wsdl:message>
<wsdl:message name="sayHelloResponse">
<wsdl:part name="parameters" element="ns0:sayHelloResponse"/>
</wsdl:message>
<wsdl:portType name="HelloPojoPortType">
<wsdl:operation name="sayHello">
<wsdl:input message="ns0:sayHelloRequest"
wsaw:Action="urn:sayHello"/>
<wsdl:output message="ns0:sayHelloResponse"
wsaw:Action="urn:sayHelloResponse"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="HelloPojoHttpBinding" type="ns0:HelloPojoPortType">
<http:binding verb="POST"/>
<wsdl:operation name="sayHello">
<http:operation location="HelloPojo/sayHello"/>
<wsdl:input>
<mime:content type="text/xml" part="sayHello"/>
</wsdl:input>
<wsdl:output>
<mime:content type="text/xml" part="sayHello"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="User defined">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
<sp:RequireDerivedKeys/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</sp:Policy>
</sp:Wss10>
<sp:SignedSupportingTokens xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:SignedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedElements xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedElements xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:service name="HelloPojo">
<wsdl:port name="HelloPojoSOAP11port_http"
binding="ns0:HelloPojoSOAP11Binding">
<soap:address location="
http://localhost:8082/wsstack/services/HelloPojo"/>
</wsdl:port>
<wsdl:port name="HelloPojoSOAP12port_http"
binding="ns0:HelloPojoSOAP12Binding">
<soap12:address location="
http://localhost:8082/wsstack/services/HelloPojo"/>
</wsdl:port>
<wsdl:port name="HelloPojoHttpport"
binding="ns0:HelloPojoHttpBinding">
<http:address location="
http://localhost:8082/wsstack/services/HelloPojo"/>
</wsdl:port>
</wsdl:service>
<wsdl:binding name="HelloPojoSOAP12Binding"
type="ns0:HelloPojoPortType">
<wsp:PolicyReference xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy"; URI="#User defined"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http";
style="document"/>
<wsdl:operation name="sayHello">
<soap:operation soapAction="urn:sayHello" style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="HelloPojoSOAP11Binding"
type="ns0:HelloPojoPortType">
<wsp:PolicyReference xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy"; URI="#User defined"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http";
style="document"/>
<wsdl:operation name="sayHello">
<soap:operation soapAction="urn:sayHello" style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
</wsdl:definitions>
The services.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<serviceGroup>
<service name="HelloPojoAsync">
<description>Web Service HelloPojoAsync</description>
<parameter name="ServiceClass">com.mycompany.wsstack.pojo.HelloPojoAsync
</parameter>
<messageReceivers>
<messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver" mep="
http://www.w3.org/2004/08/wsdl/in-out"/>
</messageReceivers>
<operation name="sayHello"/>
<wsp:Policy wsu:Id="User defined"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</sp:Policy>
</sp:Wss10>
<sp:SignedSupportingTokens xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy/>
</sp:SignedSupportingTokens>
<sp:SignedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedElements xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedElements xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy";>
<ramp:user>service</ramp:user>
<ramp:encryptionUser/>
<ramp:passwordCallbackClass>
com.mycompany.wsstack.pwcb.ServerPWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="
org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.file
">D:\Downloads\Rampart\wsstack\keystores\service.jks</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.password
">openssl</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="
org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.file
">D:\Downloads\Rampart\wsstack\keystores\service.jks</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.password
">openssl</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<module ref="addressing"/>
<module ref="rampart"/>
</service>
</serviceGroup>
Thank you in advance!
Dobri Kitipov
