Re: unsubscribe
I think i'm not the only one that see this user list is kind of dead(where is nandana?)... but please do not send unsuscribe mussages to the list.. thats not the way to unsuscribe... just send a mail to: axis-user-unsubscr...@ws.apache.org ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Thu, Nov 12, 2009 at 7:56 PM, Mary Thompson mrthomp...@lbl.gov wrote: yes, I want to unsubscribe
Re: Retrieving faultString message
Somebody? the thing is that the application is being installed in many different and distant places, and every installation comes to different security configuration errors, not registered ips, bad user/pass credentials, not registered users etc, and all this errors generate correct coherent fault string that can help to solve them, but all I get is an SOAP HEADER MISSING error that don't help me to give support to the users. How can I get this faultstring for show in my App. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Wed, Oct 21, 2009 at 11:01 AM, m4rkuz m4r...@gmail.com wrote: Hi Everyone, Got a question for you all, I have an application that uses Axis2 + Rampart, to consume some Secure Webservices, but I'm having troubles to display all the info in the errors the server returns, to ilustrate this I show the SOAP I recive from the server: ?xml version=1.0 encoding=UTF-8 standalone=no? SOAP-ENV:Envelope xmlns:SOAP-ENV= http://schemas.xmlsoap.org/soap/envelope/; SOAP-ENV:Body SOAP-ENV:Fault faultcode xmlns:p=http://schemas.oblix.com/ws/2003/08/Faults p:Client.AuthenticationFault/faultcode faultstring*La autenticación contra el LDAP Falló*/faultstring detail/ /SOAP-ENV:Fault /SOAP-ENV:Body /SOAP-ENV:Envelope This happens because the user/password does not match, in my client app I wish to take this exact message (the one in bold, in the faultstring tag) but I only can get an Axis2 SOAP header missing error that says nothing to my final users... How can I capture this error message? (excuse my English, if better explanation is required, just ask) ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.
Retrieving faultString message
Hi Everyone, Got a question for you all, I have an application that uses Axis2 + Rampart, to consume some Secure Webservices, but I'm having troubles to display all the info in the errors the server returns, to ilustrate this I show the SOAP I recive from the server: ?xml version=1.0 encoding=UTF-8 standalone=no? SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/ SOAP-ENV:Body SOAP-ENV:Fault faultcode xmlns:p=http://schemas.oblix.com/ws/2003/08/Faults p:Client.AuthenticationFault/faultcode faultstring*La autenticación contra el LDAP Falló*/faultstring detail/ /SOAP-ENV:Fault /SOAP-ENV:Body /SOAP-ENV:Envelope This happens because the user/password does not match, in my client app I wish to take this exact message (the one in bold, in the faultstring tag) but I only can get an Axis2 SOAP header missing error that says nothing to my final users... How can I capture this error message? (excuse my English, if better explanation is required just ask) ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.
+Rampart Sign with two Certificates
___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. -- Forwarded message -- From: m4rkuz m4r...@gmail.com Date: Wed, Oct 14, 2009 at 10:50 AM Subject: +Rampart Sign with two Certificates To: axis-user@ws.apache.org Hello Everyone, I've been using axis2+rampart for a while now, I have an application that uses Axis2+Rampart for signing a validate the messages, it does this using only one .JKS with a key, the same .JKS, but now I been requested to change this behavior and make the app Sign the messages with one certificate and then validate the response with another certificate... How can I accomplish this? This is my current policy.xml : ?xml version=1.0 encoding=UTF-8? wsp:Policy wsu:Id=Sign xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy; wsp:ExactlyOne wsp:All sp:AsymmetricBinding xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:InitiatorToken wsp:Policy sp:UsernameToken sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient; / /wsp:Policy wsp:Policy sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient wsp:Policy sp:WssX509V3Token10 / /wsp:Policy /sp:X509Token /wsp:Policy /sp:InitiatorToken sp:RecipientToken wsp:Policy sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient wsp:Policy sp:WssX509V3Token10 / /wsp:Policy /sp:X509Token /wsp:Policy /sp:RecipientToken sp:AlgorithmSuite wsp:Policy sp:TripleDesRsa15 / /wsp:Policy /sp:AlgorithmSuite sp:Layout wsp:Policy sp:Strict / /wsp:Policy /sp:Layout sp:OnlySignEntireHeadersAndBody / /wsp:Policy /sp:AsymmetricBinding sp:SignedParts xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; sp:Body / /sp:SignedParts ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy; ramp:usersam/ramp:user ramp:encryptionUserdave/ramp:encryptionUser ramp:passwordCallbackClassco.como.security.axis2.PWCBHandler /ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.file tomcatdir/webapps/qxIntegradorRunt/WebContent/keystore/keystore.jks /ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.passwordmytestkeystore/ramp:property /ramp:crypto /ramp:signatureCrypto /ramp:RampartConfig /wsp:All /wsp:ExactlyOne /wsp:Policy Any input, will be appreciated. Thanks ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.
Re: +Rampart Sign with two Certificates
Thanks Prabath, I apologize for my English or my description, I see now it was misleading, and thanks for the clarification, I have now a preliminary demo working fine, the thing was I thought I need to specify two users in my policy file, but after importing the public key of my server into my client it start to work fine Thanks Again, Marcus ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Wed, Oct 14, 2009 at 4:53 PM, Prabath Siriwardena prab...@wso2.comwrote: Hi Marcus; The 'subject' of the mail doesn't seem to reflect the same in the 'description' of the mail - if I understood correctly... If you want the client to sign the message with one certificate and the service to sign with another certificate - then it is already supported under AsymmetricBinding. Or - do you want either the client or the service to sign the message with two different certificates ? Thanks regards. -Prabath m4rkuz wrote: ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. -- Forwarded message -- From: *m4rkuz* m4r...@gmail.com mailto:m4r...@gmail.com Date: Wed, Oct 14, 2009 at 10:50 AM Subject: +Rampart Sign with two Certificates To: axis-user@ws.apache.org mailto:axis-user@ws.apache.org Hello Everyone, I've been using axis2+rampart for a while now, I have an application that uses Axis2+Rampart for signing a validate the messages, it does this using only one .JKS with a key, the same .JKS, but now I been requested to change this behavior and make the app Sign the messages with one certificate and then validate the response with another certificate... How can I accomplish this? This is my current policy.xml : ?xml version=1.0 encoding=UTF-8? wsp:Policy wsu:Id=Sign xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy; wsp:ExactlyOne wsp:All sp:AsymmetricBinding xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:InitiatorToken wsp:Policy sp:UsernameToken sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient; / /wsp:Policy wsp:Policy sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient wsp:Policy sp:WssX509V3Token10 / /wsp:Policy /sp:X509Token /wsp:Policy /sp:InitiatorToken sp:RecipientToken wsp:Policy sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient wsp:Policy sp:WssX509V3Token10 / /wsp:Policy /sp:X509Token /wsp:Policy /sp:RecipientToken sp:AlgorithmSuite wsp:Policy sp:TripleDesRsa15 / /wsp:Policy /sp:AlgorithmSuite sp:Layout wsp:Policy sp:Strict / /wsp:Policy /sp:Layout sp:OnlySignEntireHeadersAndBody / /wsp:Policy /sp:AsymmetricBinding sp:SignedParts xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; sp:Body / /sp:SignedParts ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy; ramp:usersam/ramp:user ramp:encryptionUserdave/ramp:encryptionUser ramp:passwordCallbackClassco.como.security.axis2.PWCBHandler /ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.file tomcatdir/webapps/qxIntegradorRunt/WebContent/keystore/keystore.jks /ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.passwordmytestkeystore/ramp:property /ramp:crypto /ramp:signatureCrypto /ramp:RampartConfig /wsp:All /wsp:ExactlyOne /wsp:Policy Any input, will be appreciated. Thanks ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.
Re: Error messages on a secured ws are not secured
Hi Nandana, mmm thanks again, I totally get it if the security is not well setup there is no point in trying to secured the error message, the misunderstanding emerge when I was told the OWSM handled this smoothly and it was required for me to do so in axis2. but after this and a little chat with the oracle web services manager guys everything was cleared. Thanks Nandana, I really appreciate your help ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. SCDJWS on Going... On Thu, Jul 9, 2009 at 1:25 AM, Nandana Mihindukulasooriya nandana@gmail.com wrote: Hi Marcus, Rampart expect only service faults to be secured. Security faults are not expected to be secured. You can find more details in this JIRA [1]. Can you also post the response message ? regards, Nandana [1] - https://issues.apache.org/jira/browse/RAMPART-90 On Thu, Jul 9, 2009 at 2:22 AM, m4rkuz m4r...@gmail.com wrote: Hi Everyone, Here again, now I think I have a question instead of a problem, you see I'm consuming a ws from an oracle web services manager, this ws is secured (signed and authenticated) but when I get an error from OWSM this messages comes with out security headers with a description of the fault, but my axis client is always expecting a secured response so it crash... is this a normal behavior ? is there a work around? any ideas? looking forward for your input, Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. SCDJWS on Going... PD: hope I made myself understood, if not.. just ask me anything you want :)
Error messages on a secured ws are not secured
Hi Everyone, Here again, now I think I have a question instead of a problem, you see I'm consuming a ws from an oracle web services manager, this ws is secured (signed and authenticated) but when I get an error from OWSM this messages comes with out security headers with a description of the fault, but my axis client is always expecting a secured response so it crash... is this a normal behavior ? is there a work around? any ideas? looking forward for your input, Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. SCDJWS on Going... PD: hope I made myself understood, if not.. just ask me anything you want :)
Re: Setting Username/password Programaticly
Hi Nandana, I can't help to ask if there is a way to dynamically set the user and password w/o having a password call back handler... is there any? Thanks for your your valuable input. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Tue, Jul 7, 2009 at 11:56 AM, Nandana Mihindukulasooriya nandana@gmail.com wrote: Hi Marcus, You are using the deprecated configuration of Apache Rampart. Apache Rampart recommends policy based configuration. The latter option only works with policy based configuration. If you have the option of moving in to policy based configuration, following tutorials might help you. Web Services Security with Apache Rampart - Part 1 (Transport Level Security) http://wso2.org/library/3190 Understanding WS - Security Policy Language http://wso2.org/library/3132 thanks, Nandana On Mon, Jul 6, 2009 at 7:29 PM, m4rkuz m4r...@gmail.com wrote: Hi Everyone, I'm trying to set username/password dynamically on my ws app I've googled a lot and find some workarounds but the only one that has worked for me contains deprecated code, and used a password call back handler that really mess with what i want to do, this is the code: * **OutflowConfiguration outflowConfig = new OutflowConfiguration();* * * * **outflowConfig.setActionItems(UsernameToken);* * * * **outflowConfig.setUser(username);* * * * **outflowConfig* * **.setPasswordCallbackClass(com.xxx.xxx.security.PWCBHandler);* * * * **outflowConfig.setPasswordType(PasswordText);* * * * ** _serviceClient.getOptions().setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, ** **outflowConfig.getProperty());* This works like a charm but I have to search for the username/password in base of some parameters I won't have available in the PWDCBHandler class, so what I'm looking for is a way to set the password directly w/o using a password call back handler. About this I've found some code that claims to do so: * **_serviceClient.getOptions().setUserName(15374159);* * ** * * ** _serviceClient.getOptions().setPassword(admin123);* but it''s not working for me... Any Ideas? I would really appreciate your input, Thanks in advance, ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. SCDJWS on going... -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org
Re: Setting Username/password Programaticly
Hi Nandana, Don't mind my last message, reading carefully I've found everything I need in the example you provide.. Thanks again. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Tue, Jul 7, 2009 at 1:10 PM, m4rkuz m4r...@gmail.com wrote: Hi Nandana, I can't help to ask if there is a way to dynamically set the user and password w/o having a password call back handler... is there any? Thanks for your your valuable input. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Tue, Jul 7, 2009 at 11:56 AM, Nandana Mihindukulasooriya nandana@gmail.com wrote: Hi Marcus, You are using the deprecated configuration of Apache Rampart. Apache Rampart recommends policy based configuration. The latter option only works with policy based configuration. If you have the option of moving in to policy based configuration, following tutorials might help you. Web Services Security with Apache Rampart - Part 1 (Transport Level Security) http://wso2.org/library/3190 Understanding WS - Security Policy Languagehttp://wso2.org/library/3132 thanks, Nandana On Mon, Jul 6, 2009 at 7:29 PM, m4rkuz m4r...@gmail.com wrote: Hi Everyone, I'm trying to set username/password dynamically on my ws app I've googled a lot and find some workarounds but the only one that has worked for me contains deprecated code, and used a password call back handler that really mess with what i want to do, this is the code: * **OutflowConfiguration outflowConfig = new OutflowConfiguration();* * * * **outflowConfig.setActionItems(UsernameToken);* * * * **outflowConfig.setUser(username);* * * * **outflowConfig* * **.setPasswordCallbackClass(com.xxx.xxx.security.PWCBHandler);* * * * **outflowConfig.setPasswordType(PasswordText);* * * * ** _serviceClient.getOptions().setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, ** **outflowConfig.getProperty());* This works like a charm but I have to search for the username/password in base of some parameters I won't have available in the PWDCBHandler class, so what I'm looking for is a way to set the password directly w/o using a password call back handler. About this I've found some code that claims to do so: * **_serviceClient.getOptions().setUserName(15374159);* * ** * * ** _serviceClient.getOptions().setPassword(admin123);* but it''s not working for me... Any Ideas? I would really appreciate your input, Thanks in advance, ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. SCDJWS on going... -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org
Setting Username/password Programaticly
Hi Everyone, I'm trying to set username/password dynamically on my ws app I've googled a lot and find some workarounds but the only one that has worked for me contains deprecated code, and used a password call back handler that really mess with what i want to do, this is the code: * **OutflowConfiguration outflowConfig = new OutflowConfiguration();* * * * **outflowConfig.setActionItems(UsernameToken);* * * * **outflowConfig.setUser(username);* * * * **outflowConfig* * **.setPasswordCallbackClass(com.xxx.xxx.security.PWCBHandler);* * * * **outflowConfig.setPasswordType(PasswordText);* * * * ** _serviceClient.getOptions().setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, ** **outflowConfig.getProperty());* This works like a charm but I have to search for the username/password in base of some parameters I won't have available in the PWDCBHandler class, so what I'm looking for is a way to set the password directly w/o using a password call back handler. About this I've found some code that claims to do so: * **_serviceClient.getOptions().setUserName(15374159);* * ** * * ** _serviceClient.getOptions().setPassword(admin123);* but it''s not working for me... Any Ideas? I would really appreciate your input, Thanks in advance, ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. SCDJWS on going...
Certificated expired problem...
Hi Everyone, I'm using an axis2 client to consume a webservice, but this webservice aparently does not care if the certificated has expired, and just behaves normally and even send me a response, but my client is refusing the soap messages because it says the certificated has expired, I cannot modify the certificate or the way the web service ignores the expiration date, so my question is.. How can I tell my Axis2 client to ommit the expiration date validation ovr the certificate?? hope I made myself undrestood, if not please ask further. Best regards. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.
Re: Problemin implementing WS Security
I personally think that more information is needed in order for me and others to help you, maybe a larger stack trace, policy files and the web service code. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Sat, Apr 4, 2009 at 3:06 AM, Supriya supriyashivku...@gmail.com wrote: -- Forwarded message -- From: Supriya supriyashivku...@gmail.com Date: Sat, Apr 4, 2009 at 1:35 PM Subject: Problemin implementing WS Security To: axis-user@ws.apache.org Hey, We have been tryin to implement WS Security using Rampart 1.4 and Axis2 1.4. We have been following the article given on the following links: [1] - http://wso2.org/library/3190 [2]- https://wso2.org/library/3415 We are gettin the following error. .. Creating Stub to send request log4j:WARN No appenders could be found for logger (org.apache.axis2.deployment.FileSystemConfigurator). log4j:WARN Please initialize the log4j system properly. Enable to engage rampart completely org.apache.axis2.AxisFault: SOAP header missing at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault( *RampartReceiver.java:172*) at org.apache.rampart.handler.RampartReceiver.invoke( *RampartReceiver.java:99*) at org.apache.axis2.engine.Phase.invoke( *Phase.java:317*) at org.apache.axis2.engine.AxisEngine.invoke( *AxisEngine.java:264*) at org.apache.axis2.engine.AxisEngine.receive( *AxisEngine.java:163*) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse( *OutInAxisOperation.java:363*) at org.apache.axis2.description.OutInAxisOperationClient.send( *OutInAxisOperation.java:416*) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl( *OutInAxisOperation.java:228*) at org.apache.axis2.client.OperationClient.execute( *OperationClient.java:163*) at com.sample.webservice.client.HelloWebServiceStub.sayHello( *HelloWebServiceStub.java:192*) at com.sample.webservice.client.TestWebService.main( *TestWebService.java:55*) Caused by: *org.apache.rampart.RampartException*: SOAP header missing at org.apache.rampart.RampartEngine.process( *RampartEngine.java:99*) at org.apache.rampart.handler.RampartReceiver.invoke( *RampartReceiver.java:92*) ... 9 more . Also, please find attached , the WSDL,services.xml, SOAP request and SOAP response as observed on TCPMON. Kindly help us out. Thanks in advance, -- Supriya.Shivkumar -- Supriya.Shivkumar
Re: Question about exposing a database as a web service...
let's see when you modify your code to accept the param id like this: public OrderData orderDetails(int id) You must do another client for the WS generated, query string is not the way to pass parameter to a web service. Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) PD: this line : String SQL = SELECT * FROM `porder` WHERE order_id = + id ; is a HUGE security risk. On Wed, Mar 4, 2009 at 11:53 PM, riveraej river...@gmail.com wrote: Hi everyone! I come to you asking for help. I'm trying to mount a web service which consults a MySQL Database. I have already done the consult, but I can show all data contained in the database, or I can show data according to conditions setting these conditions manually in the code of the Java Class. Nevertheless I need to pass in some way to my class a value in order to make the SQL consult according to this. Talking in code terms... I have the next code: public class poDBService{ public OrderData orderDetails(){ Connection conn = (Connection) MessageContext.getCurrentMessageContext().getProperty( poDataServiceLifeCycle.DB_CONNECTION); if (conn!=null){ try{ String SQL = SELECT * FROM `porder` WHERE order_id=1; PreparedStatement statement = conn.prepareStatement(SQL); ResultSet result = statement.executeQuery(); if (result.next()){ OrderData orderData = new OrderData(); orderData.setOrderId(result.getInt(order_id)); orderData.setSoldTo(result.getInt(soldTo)); orderData.setShipTo(result.getInt(shipTo)); I can access to my service through my browser in the address: http://localhost:8080/axis2/services/poDataService/orderDetails It correctly displays the corresponding data contained in the table porder But I need to define my SQL sentence allowing to pass it the needed parameter for the WHERE clause. I already found that some people makes it with code like the next: public class poDBService{ public OrderData orderDetails(int id){ Connection conn = (Connection) MessageContext.getCurrentMessageContext().getProperty( poDataServiceLifeCycle.DB_CONNECTION); if (conn!=null){ try{ String SQL = SELECT * FROM `porder` WHERE order_id = + id ; PreparedStatement statement = conn.prepareStatement(SQL); ResultSet result = statement.executeQuery(); if (result.next()){ OrderData orderData = new OrderData(); orderData.setOrderId(result.getInt(order_id)); orderData.setSoldTo(result.getInt(soldTo)); orderData.setShipTo(result.getInt(shipTo)); With this code theoretically it would be possible to pass paramete id to the service in the URL address: http://localhost:8080/axis2/services/poDataService/orderDetails?id=1 But when I try to do it in this way Axis returns in my web browser a Soap message like this: soapenv:Reason soapenv:Text xml:lang=en-USunknown/soapenv:Text /soapenv:Reason No error is thorwn in JBoss console window. I'm using: - JBoss-4.2.2.G.A. - Axis2-1.3 - jdk1.5.0_17 - mysql-connector-java-5.1.7 - MySQL Server 5.1 Any ideas what is happening? or is there another way to do this? Thanks in advance! Ernesto J. Rivera -- View this message in context: http://www.nabble.com/Question-about-exposing-a-database-as-a-web-service...-tp22345253p22345253.html Sent from the Axis - User mailing list archive at Nabble.com.
Re: Enabling rampart in servlet
Hi Håkon, You can build the policy reading an XML, like this... try { StAXOMBuilder builder = new StAXOMBuilder(rampartPolicyFileLocation); Policy rampartConfig = PolicyEngine.getPolicy(builder .getDocumentElement()); sc.getAxisService().getPolicySubject().attachPolicy(rampartConfig); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (XMLStreamException e) { e.printStackTrace(); } or put the resource in a jar and use the method getResourceAsStream (or so... ) and then: StAXOMBuilder builder = new StAXOMBuilder(new ByteArrayInputStream(configFileRawBytes)); Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Thu, Mar 5, 2009 at 11:49 AM, Håkon Sagehaug hakon.sageh...@bccs.uib.nowrote: Hi all I have a web application that contains some servlets, where I need to engage rampart, but I can only engage rampart if i specify the hole path for the repository in ConfigurationContext ConfigurationContextFactory .createConfigurationContextFromFileSystem(/home/user/folder/path/to/repository, null); I've tried placing the repository everywhere when building the war file under WEB-INF etc, but I always get the error Couldn't find repository location 'repository' if I don't specify the hole path, does anyone know where this should be placed inside my web app so I don't need to specify the hole path for web app to pick up the repository. I use maven to build my web application and tried to add rampart module as a dependency, but it did not change anything any hints on ow to solve it?? cheers, Håkon -- Håkon Sagehaug, Scientific Programmer Parallab, Bergen Center for Computational Science (BCCS) UNIFOB AS (University of Bergen Research Company)
Re: Memory problems using axis2 tomcat and ssl
This exception usually apears when your code is messing with the classloader, or you're making hot redeploys etc. Ring a bell? Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) PD: if you know some spanish there is a really good explanation(at least when the propblem is the code): http://rubensa.wordpress.com/2008/02/11/java-classloader-permgen-exception/ On Thu, Feb 26, 2009 at 8:37 AM, Håkon Sagehaug hakon.sageh...@bccs.uib.nowrote: Hi all, I'm experimenting with web services deployed with axis2 in tomcat using ssl for securing them and noticed something strange. I can call one of the services many times and no problems, but when I want to call another service I get java.lang.OutOfMemoryError: PermGen space from tomcat. If I start tomcat without ssl enabled all services and container behaves normally, calling them multiple times works as it should. Have anyone experienced anything similar? I've not altered any of the web services just added the tomcat ssl connector and configured it like this Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=200 scheme=https secure=true clientAuth=false sslProtocol=TLS enableLookups=true keystoreFile=${user.home}/my.jks keystorePass=password acceptCount=100 minSpareThreads=5 maxSpareThreads=75 disableUploadTimeout=true / I'm usign axis2-1.4.1, tomat 6.0.18 cheers, Håkon -- Håkon Sagehaug, Scientific Programmer Parallab, Bergen Center for Computational Science (BCCS) UNIFOB AS (University of Bergen Research Company)
Re: Memory problems using axis2 tomcat and ssl
Hello Martin, I've been down that path too, but extracted from the same blog: http://my.opera.com/karmazilla/blog/2007/03/15/permgen-strikes-back This solution only works fine in some cases, in other it just delay the error. Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Thu, Feb 26, 2009 at 8:54 AM, Martin Gainty mgai...@hotmail.com wrote: Hakkon If you dont mind taking advice from a norsk please read http://my.opera.com/karmazilla/blog/2007/03/13/good-riddance-permgen-outofmemoryerror as this is related to the JVM and permgen settings you must tweak JAVA_OPTS env parameter please add these parameters to your JAVA_OPTS env variable switch garbage-collector to concurrent -XX:+UseConcMarkSweepGC collect in permgen space -XX:+CMSPermGenSweepingEnabled allow classes to be unloaded -XX:+CMSClassUnloadingEnabled tweak the Max Perm Gen size up to 128M -XX:MaxPermSize=128m SET JAVA_OPTS=-XX:UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=128m Takk Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. -- Date: Thu, 26 Feb 2009 14:37:58 +0100 Subject: Memory problems using axis2 tomcat and ssl From: hakon.sageh...@bccs.uib.no To: axis-user@ws.apache.org Hi all, I'm experimenting with web services deployed with axis2 in tomcat using ssl for securing them and noticed something strange. I can call one of the services many times and no problems, but when I want to call another service I get java.lang.OutOfMemoryError: PermGen space from tomcat. If I start tomcat without ssl enabled all services and container behaves normally, calling them multiple times works as it should. Have anyone experienced anything similar? I've not altered any of the web services just added the tomcat ssl connector and configured it like this Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=200 scheme=https secure=true clientAuth=false sslProtocol=TLS enableLookups=true keystoreFile=${user.home}/my.jks keystorePass=password acceptCount=100 minSpareThreads=5 maxSpareThreads=75 disableUploadTimeout=true / I'm usign axis2-1.4.1, tomat 6.0.18 cheers, Håkon -- Håkon Sagehaug, Scientific Programmer Parallab, Bergen Center for Computational Science (BCCS) UNIFOB AS (University of Bergen Research Company) -- Windows Live™: Discover 10 secrets about the new Windows Live. View post.http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns%21550F681DAD532637%217540.entry?ocid=TXT_TAGLM_WL_t2_ugc_post_022009
Re: Error in signature with X509Token
HI Tomaz, I'm no guru in the subject but I had a similar problem and I don't see BinarySecurityToken being send in the request, so try changing the correct lines for this one: sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/* AlwaysToRecipient* Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Thu, Feb 5, 2009 at 6:28 AM, Erwin Reinhoud erwin.reinh...@ictu.nlwrote: Hello Tomaz, In my sanbox env i have put the file in the tomcat bin dir and no path indication in service.xml. Regards, Erwin -Oorspronkelijk bericht- Van: TomazM [mailto:tomaz.majerh...@arnes.si] Verzonden: donderdag 5 februari 2009 12:13 Aan: axis-user@ws.apache.org Onderwerp: Re: Error in signature with X509Token I'm using rampart version 1.4, but it seem as the rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the keystore, because I change the name to a nonexistent file and I don't get any error that file don't exist. Regards, Tomaz Erwin Reinhoud wrote: Hello Tomaz, Try also using rampart version 1.4 io 1.3. Regards, Erwin -- -- *Van:* m4rkuz [mailto:m4r...@gmail.com] *Verzonden:* woensdag 4 februari 2009 15:16 *Aan:* axis-user@ws.apache.org *Onderwerp:* Re: Error in signature with X509Token Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si mailto:tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 63) Is anybody have a clue what I'm doing wrong Best regards, Tomaz
Re: how to enable rampart logging
Asuming you have log4j in your project, you can modify this line in your log4j.properties # Set the enterprise logger priority to FATAL log4j.logger.org.apache.axis2.enterprise=DEBUG Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) PD: full file attached On Thu, Feb 5, 2009 at 6:22 AM, TomazM tomaz.majerh...@arnes.si wrote: Is there any way to have full logging for rampart, let say as TRACE or DEBUG mode. Best Regard; Tomaz log4j.properties Description: Binary data
Re: Error in signature with X509Token
Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM tomaz.majerh...@arnes.si wrote: Env: OS: Microsoft Windows XP [Version 5.1.2600] java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) Tomcat: 6.0.16 Axis2: 1.4.1 Rampart: 1.3 I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are in keystore of JKS type(server.jks and client.jks) 1) In service.xml I have: . ramp:passwordCallbackClassrampart.sign.service.SecurityHandler/ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.filekeys\\server.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.password/ramp:property /ramp:crypto 2) In client I also have my CallbackHandler and applying RampartConfig which use client.jks(contain server key) The finger print of server and client certificates are the same in both keystore. Error: org.apache.axis2.AxisFault: Error in signature with X509Token at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) Is anybody have a clue what I'm doing wrong Best regards, Tomaz
Problem building proper Policy file ...
Hi Eeveryone, I've trying for a while now to make a proper client for a web service made in oracle (OWM ) with Axis2 and Rampart, I had been able to overcome some issues about x509v3 and the hole signing process but now in the last part the Encription I just don't know how to declare it properly for the client to sussesfuly call the WS. I had an example of a suscessfull soap message (oracle client generated) and a copy of my policy for someone to take a quick look and help me out. The files are attached. that same policy file and without the encription configuration works fine if the WS require only signing, so is not totally wrong. If someone had an idea how to mimic that message from axis2, would help me a lot, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) ?xml version=1.0 encoding=UTF-8? env:Envelope xmlns:env=http://schemas.xmlsoap.org/soap/envelope/; xmlns:xsd=http://www.w3.org/2001/XMLSchema; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:ns0=http://test.heinsohn.com/types/; env:Header wsse:Security env:mustUnderstand=1 xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns:env=http://schemas.xmlsoap.org/soap/envelope/; wsse:BinarySecurityToken ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3; EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary; wsu:Id=aSfsuZGB0yY2p9x2idFRrag22 xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; MIICYTCCAcqgAwIBAgIESYhp+jANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDaXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRMwEQYDVQQDEwpEYXZlIFNhbWlzMB4XDTA5MDIwMzE1NTk1NFoXDTA5MDUwNDE1NTk1NFowdTELMAkGA1UEBhMCRksxFjAUBgNVBAgTDUZha2UgUHJvdmluY2UxEjAQBgNVBAcTCUZha2UgQ2l0eTERMA8GA1UEChMIRmFrZSBPcmcxEjAQBgNVBAsTCUZha2UgVW5pdDETMBEGA1UEAxMKRGF2ZSBTYW1pczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0KGfK7v/xLfKNFVGz2Ja3nhmlSUGQfmI+r/pSw632HDjqjbX8ZzPZPBw4WtVozxKkgymJLaw26Cru07LRW6a++2iUUhoxGkrz7O+3+fp0TdgMEDtWj92QJrn93IoBZOd43wkSHU6urZUOerfCrW7DK18uCxW8M5Pi4qYuAXKGL0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBo10BPLlr9ZLEhHt8Rfej6varvZGS+rm2WqAXTrZokRiq04i2zpp16jgf1ltCBI4EzU3uHBBAvnq3EhxNbc8Aad95r5K5JyU1Nd+3IdALKZLagasp1JgOiXmB8D1nCQvc1ao/LTuFfzyePNYOXWnsHskpUQ4d5jMfVZDFG5GClEg== /wsse:BinarySecurityToken xenc:EncryptedKey xmlns=http://www.w3.org/2001/04/xmlenc#; xmlns:xenc=http://www.w3.org/2001/04/xmlenc#; xenc:EncryptionMethod Algorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5; / dsig:KeyInfo xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; wsse:SecurityTokenReference xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; wsse:Reference URI=#aSfsuZGB0yY2p9x2idFRrag22 ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3; xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; / /wsse:SecurityTokenReference /dsig:KeyInfo xenc:CipherData xenc:CipherValue k/V7ppQNywzQyu92y2SopAbZGTOHHlPz05i9oUEAkkoLTMJPiR0rcINP9C9BZ6ypPoSbguOYWbfzXHvNghdi1yNV95ahGRcegFWud01ok3q6h1uv6RCF3OudKiyGTtC2124qMP3hpxMBau/4tcebcuXvJLcsG49LBNP9n8quSU4= /xenc:CipherValue /xenc:CipherData xenc:ReferenceList xenc:DataReference URI=#_oKDaW2Wq2XtjtBF5fZs0Dw22 / /xenc:ReferenceList /xenc:EncryptedKey wsse:BinarySecurityToken ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3; EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary; wsu:Id=_V0HeS0pOYm2iCVmURgcaUw22 xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd;
Re: Problem building proper Policy file ...
HI Nandana, Attached to this message is the soap message generated by rampart(the one that fails), is quite different and the first big difference I see is that oracle made soap has two (2) BinarySecurityToken and the rampart made just have one. the error I get in the client side wrap around the soap response message is: *InvalidSecurity FAULT MESSAGE: An invalid token was provided* Any Ideas? I would ask for the Oracle Log, to post it. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 12:21 PM, Nandana Mihindukulasooriya nandana@gmail.com wrote: Hi Marcus, From the first look, it seems the policy you have matches the success SOAP message. Do you get an error from the OWM side when you use this policy at the client ? If so what is the error message ? The returning message may not say what the error is, but if you have access to the OWM logs, you will be able to find out what the error is. And can you attach the message generated with this policy in Axis2/Rampart client so we can compare it. thanks, nandana On Wed, Feb 4, 2009 at 10:37 PM, m4rkuz m4r...@gmail.com wrote: Hi Eeveryone, I've trying for a while now to make a proper client for a web service made in oracle (OWM ) with Axis2 and Rampart, I had been able to overcome some issues about x509v3 and the hole signing process but now in the last part the Encription I just don't know how to declare it properly for the client to sussesfuly call the WS. I had an example of a suscessfull soap message (oracle client generated) and a copy of my policy for someone to take a quick look and help me out. The files are attached. that same policy file and without the encription configuration works fine if the WS require only signing, so is not totally wrong. If someone had an idea how to mimic that message from axis2, would help me a lot, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org ?xml version='1.0' encoding='UTF-8'? soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/; xmlns:xenc=http://www.w3.org/2001/04/xmlenc#; soapenv:Header wsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; soapenv:mustUnderstand=1 xenc:EncryptedKey Id=EncKeyId-urn:uuid:2B19CE53876911914512337660693932 xenc:EncryptionMethod Algorithm=http://www.w3.org/2001/04/xmlenc#rsa-1_5; / ds:KeyInfo xmlns:ds=http://www.w3.org/2000/09/xmldsig#; wsse:SecurityTokenReference wsse:KeyIdentifier EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary; ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier;G6Vav3SyoYV9uno6UbDKzGaVUeM=/wsse:KeyIdentifier /wsse:SecurityTokenReference /ds:KeyInfo xenc:CipherData xenc:CipherValueavZMHMrW37IHbzkj0UKvQih7Pwwvk1N4kxzeey9GJr2Pe4kVJ2T59i9OKAFNjkEJCQgaJ1lEj0DaWz2IiHRECKj152aYU4QXbV0wg8QmzW4BIfzEl71mDTpy4CcR/JDb6axRLpFW/UFQ2+3/ZLx+jfPnFIwUGJh1Q/AQ3fSlbrA=/xenc:CipherValue /xenc:CipherData xenc:ReferenceList xenc:DataReference URI=#EncDataId-19647819 / /xenc:ReferenceList /xenc:EncryptedKey wsse:BinarySecurityToken xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary; ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3; wsu:Id=CertId-909101MIICXzCCAcigAwIBAgIESYhpJTANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDSXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRIwEAYDVQQDEwlTYW0gRGF2aXMwHhcNMDkwMjAzMTU1NjIxWhcNMDkwNTA0MTU1NjIxWjB0MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDSXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRIwEAYDVQQDEwlTYW0gRGF2aXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJnZAvXEkOM6iUgpv9WqhR9/N1qBDzK8hYm0uifE8hyLvIc244PNyLHFH7ntTarRkL16L08Jz70cf4qddY9C2sa2EQYdYwCsAF1838SZ/B97KHAJCnXouDBcQZwqqlBPGtaspFLwokoZd6cg4eoCQ+fGJ5mJCYVopMpaeFuUQ6JhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAFfwFCDFA+CnOpA+zH+n+oz3nyKrv8b8UgFOd0TWFMv/FltuS6jX1r/3xvazTFiW8lOVIpDGK7IMxpapzGtAoaA2JR4wtuskmbWat2O0Cj61b9nZhSBbDnkWtYADdQhei6yi0ha9wNkfG6mpE36LIBm+xRp9Xk35mWoh/xXEmwew=/wsse:BinarySecurityToken ds:Signature xmlns:ds=http://www.w3.org/2000/09/xmldsig#; Id=Signature-3860801 ds:SignedInfo ds:CanonicalizationMethod Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#; / ds:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1; / ds:Reference URI=#Id-19647819 ds:Transforms
Re: Problem building proper Policy file ...
It Worked like a charm!! So many thanks!!! Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) PD: Thanks Again!! On Wed, Feb 4, 2009 at 1:29 PM, Nandana Mihindukulasooriya nandana@gmail.com wrote: Hi Marcus, try changing sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never; to sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient in the sp:RecipientToken assertion. thanks, nandana On Wed, Feb 4, 2009 at 11:26 PM, m4rkuz m4r...@gmail.com wrote: HI Nandana, Attached to this message is the soap message generated by rampart(the one that fails), is quite different and the first big difference I see is that oracle made soap has two (2) BinarySecurityToken and the rampart made just have one. the error I get in the client side wrap around the soap response message is: *InvalidSecurity FAULT MESSAGE: An invalid token was provided* Any Ideas? I would ask for the Oracle Log, to post it. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 12:21 PM, Nandana Mihindukulasooriya nandana@gmail.com wrote: Hi Marcus, From the first look, it seems the policy you have matches the success SOAP message. Do you get an error from the OWM side when you use this policy at the client ? If so what is the error message ? The returning message may not say what the error is, but if you have access to the OWM logs, you will be able to find out what the error is. And can you attach the message generated with this policy in Axis2/Rampart client so we can compare it. thanks, nandana On Wed, Feb 4, 2009 at 10:37 PM, m4rkuz m4r...@gmail.com wrote: Hi Eeveryone, I've trying for a while now to make a proper client for a web service made in oracle (OWM ) with Axis2 and Rampart, I had been able to overcome some issues about x509v3 and the hole signing process but now in the last part the Encription I just don't know how to declare it properly for the client to sussesfuly call the WS. I had an example of a suscessfull soap message (oracle client generated) and a copy of my policy for someone to take a quick look and help me out. The files are attached. that same policy file and without the encription configuration works fine if the WS require only signing, so is not totally wrong. If someone had an idea how to mimic that message from axis2, would help me a lot, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org
Re: unsubscribe
Sorry, my wrong, I was trying to unsubscribe from another list, and got mixed up.. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 2:59 PM, Andreas Veithen andreas.veit...@gmail.comwrote: Christopher, If you want to unsubscribe, you need to send a mail to axis-user-unsubscr...@ws.apache.org. Andreas On Wed, Feb 4, 2009 at 20:56, Meeusen, Christopher W. meeusen.christop...@mayo.edu wrote: unsubscribe From: axis-user-return-77544-meeusen.christopher=mayo@ws.apache.org [mailto:axis-user-return-77544-Meeusen.Christopher=mayo.edu@ ws.apache.org] On Behalf Of Nandana Mihindukulasooriya Sent: Wednesday, February 04, 2009 12:30 PM To: axis-user@ws.apache.org Subject: Re: Problem building proper Policy file ... Hi Marcus, try changing sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never; to sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient in the sp:RecipientToken assertion. thanks, nandana On Wed, Feb 4, 2009 at 11:26 PM, m4rkuz m4r...@gmail.com wrote: HI Nandana, Attached to this message is the soap message generated by rampart(the one that fails), is quite different and the first big difference I see is that oracle made soap has two (2) BinarySecurityToken and the rampart made just have one. the error I get in the client side wrap around the soap response message is: InvalidSecurity FAULT MESSAGE: An invalid token was provided Any Ideas? I would ask for the Oracle Log, to post it. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 12:21 PM, Nandana Mihindukulasooriya nandana@gmail.com wrote: Hi Marcus, From the first look, it seems the policy you have matches the success SOAP message. Do you get an error from the OWM side when you use this policy at the client ? If so what is the error message ? The returning message may not say what the error is, but if you have access to the OWM logs, you will be able to find out what the error is. And can you attach the message generated with this policy in Axis2/Rampart client so we can compare it. thanks, nandana On Wed, Feb 4, 2009 at 10:37 PM, m4rkuz m4r...@gmail.com wrote: Hi Eeveryone, I've trying for a while now to make a proper client for a web service made in oracle (OWM ) with Axis2 and Rampart, I had been able to overcome some issues about x509v3 and the hole signing process but now in the last part the Encription I just don't know how to declare it properly for the client to sussesfuly call the WS. I had an example of a suscessfull soap message (oracle client generated) and a copy of my policy for someone to take a quick look and help me out. The files are attached. that same policy file and without the encription configuration works fine if the WS require only signing, so is not totally wrong. If someone had an idea how to mimic that message from axis2, would help me a lot, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org
Problem: Oracle Server - Rampart Client...
Hi Everyone, I'm new to rampart but learning quickly, well not quikly enough because I've been having some problems trying to invoke a WS that was made using oracle tools, is supposed to be easy initialy I just had to sing the message but even at that level I haven't been able to do it, I went thru examples on the distribution (1.4.1) and some webs but I'm still getting : FAULT CODE: UnsupportedSecurityToken FAULT MESSAGE: An unsupported token was provided I asked for a successful soap message example to compare the one I generate with a good one, (attached to the message) the only big diference I see is that in the rampart made soap message all the URI attributes are not encripted as they do in the oracle example Rampart: ... ds:Reference URI=#Id-27978063 .. ds:Reference URI=#Timestamp-14707008 wsse:Reference URI=#CertId-1097338 Oracle: .. dsig:Reference URI=#bcyKqLafyGSUXDbAEVXbIg22 ... dsig:Reference URI=#5KdQ0TRTux484dTYM5mpHQ22 wsse:Reference URI=#5KdQ0TRTux484dTYM5mpHQ22 What is all about? (I'm really newbie) and how can I match that using rampart ?? Best Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) ?xml version=1.0 encoding=UTF-8? env:Envelope xmlns:env=http://schemas.xmlsoap.org/soap/envelope/; xmlns:xsd=http://www.w3.org/2001/XMLSchema; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:ns0=http://test.heinsohn.com/types/; env:Header wsse:Security env:mustUnderstand=1 xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns:env=http://schemas.xmlsoap.org/soap/envelope/; wsse:BinarySecurityToken ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3; EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary; wsu:Id=5KdQ0TRTux484dTYM5mpHQ22 xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; MIICQjCCAasCBEjSYtkwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEDAOBgNVBAcTB3NhbUhvbWUxDzANBgNVBAoTBnNhbU9yZzEQMA4GA1UECxMHc2FtRGVwdDESMBAGA1UEAxMJU2FtIE1vb3JlMB4XDTA4MDkxODE0MTY1N1oXDTA4MTIxNzE0MTY1N1owaDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEDAOBgNVBAcTB3NhbUhvbWUxDzANBgNVBAoTBnNhbU9yZzEQMA4GA1UECxMHc2FtRGVwdDESMBAGA1UEAxMJU2FtIE1vb3JlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3cDnMuNkqKweUeC458/74Kp4bht6ipjTQtgiR1xDUotymfMyOuYHzFCzbYv8z5N+jVP0pLXCN4eYqVJKZ20+mnDtxPZPKJsTLtnNF+VwoiVZ7GF5eb9Qrbul/6/veolFaMeJySUJEWaGRhiA3CsyWMUBirYtrItqe+puX2ivkwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAKXJ6hI72drL+HGErxiBi5ToqTOv4frXH4TdTE2scSkl3DSZM0nryWfA76rxmxbxRSRzNAzs+nP6wWthpb5NcfUoMuZ/Zx+mSfTfoNWLDev2QaFbSIv/sFGZNfODGigOvAyCM33BtxFXXkR54bNfe13MBrLe/RSlzsBSrbf5w7/2 /wsse:BinarySecurityToken dsig:Signature xmlns=http://www.w3.org/2000/09/xmldsig#; xmlns:dsig=http://www.w3.org/2000/09/xmldsig#; dsig:SignedInfo dsig:CanonicalizationMethod Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#; / dsig:SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1; / dsig:Reference URI=#bcyKqLafyGSUXDbAEVXbIg22 dsig:Transforms dsig:Transform Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#; / /dsig:Transforms dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1; / dsig:DigestValue r6mS6ytfF/8Hj5qOfC3Vy8o5n5c= /dsig:DigestValue /dsig:Reference dsig:Reference URI=#5KdQ0TRTux484dTYM5mpHQ22 dsig:Transforms dsig:Transform Algorithm=http://www.w3.org/2001/10/xml-exc-c14n#; / /dsig:Transforms dsig:DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1; / dsig:DigestValue 7g8/vO+zjJNHKyKPpJGhBDRNO8A= /dsig:DigestValue /dsig:Reference /dsig:SignedInfo dsig:SignatureValue eF1WtunbSIGGMLDEurLqa5QTXoNYbHd0AG9Kg2glQVOZhvFJ0QvmMx3YNPuwbw5x7+lbGjRqSI9eD/EMwXyVAlvMTbMJJsspYoocS/tspTRqxIuKtI72qKIqOaUnXWJDFXocM9nxmqththJuuUf8Dji8+Y1rtHby9WlCh9EWkHI= /dsig:SignatureValue dsig:KeyInfo wsse:SecurityTokenReference xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; xmlns=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; wsse:Reference URI=#5KdQ0TRTux484dTYM5mpHQ22 ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3; xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd;
Re: Problem: Oracle Server - Rampart Client...
Sorry in the last message I forgot to put another diference that maybe more trouble, Rampart: wsa:Tohttp://localhost:8088/gateway/services/SID0003001/wsa:To wsa:MessageIDurn:uuid:AECDDCE53586EDD65F1232669747468/wsa:MessageID wsa:Actionhttp://test.heinsohn.com//talkToMe/wsa:Action ... In the Oracle version that part doesn't exist, there is no wsa:To,wsa:MessageID or wsa:Action Tags.. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Fri, Jan 23, 2009 at 8:35 AM, m4rkuz m4r...@gmail.com wrote: Hi Everyone, I'm new to rampart but learning quickly, well not quikly enough because I've been having some problems trying to invoke a WS that was made using oracle tools, is supposed to be easy initialy I just had to sing the message but even at that level I haven't been able to do it, I went thru examples on the distribution (1.4.1) and some webs but I'm still getting : FAULT CODE: UnsupportedSecurityToken FAULT MESSAGE: An unsupported token was provided I asked for a successful soap message example to compare the one I generate with a good one, (attached to the message) the only big diference I see is that in the rampart made soap message all the URI attributes are not encripted as they do in the oracle example Rampart: ... ds:Reference URI=#Id-27978063 .. ds:Reference URI=#Timestamp-14707008 wsse:Reference URI=#CertId-1097338 Oracle: .. dsig:Reference URI=#bcyKqLafyGSUXDbAEVXbIg22 ... dsig:Reference URI=#5KdQ0TRTux484dTYM5mpHQ22 wsse:Reference URI=#5KdQ0TRTux484dTYM5mpHQ22 What is all about? (I'm really newbie) and how can I match that using rampart ?? Best Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP)
Re: Problem: Oracle Server - Rampart Client...
More Findings, Aparently this issue had nothing to do with what I described, but with some sort of bug that makes rampart build X509v1 security tokens even when we especifically configure x509v3 tokens like this: sp:X509Token sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient wsp:Policy /sp:WssX509V3Token10 /wsp:Policy /sp:X509Token Is there a know work around? regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Fri, Jan 23, 2009 at 9:14 AM, m4rkuz m4r...@gmail.com wrote: Sorry in the last message I forgot to put another diference that maybe more trouble, Rampart: wsa:Tohttp://localhost:8088/gateway/services/SID0003001/wsa:To wsa:MessageIDurn:uuid:AECDDCE53586EDD65F1232669747468/wsa:MessageID wsa:Actionhttp://test.heinsohn.com//talkToMe/wsa:Action ... In the Oracle version that part doesn't exist, there is no wsa:To,wsa:MessageID or wsa:Action Tags.. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Fri, Jan 23, 2009 at 8:35 AM, m4rkuz m4r...@gmail.com wrote: Hi Everyone, I'm new to rampart but learning quickly, well not quikly enough because I've been having some problems trying to invoke a WS that was made using oracle tools, is supposed to be easy initialy I just had to sing the message but even at that level I haven't been able to do it, I went thru examples on the distribution (1.4.1) and some webs but I'm still getting : FAULT CODE: UnsupportedSecurityToken FAULT MESSAGE: An unsupported token was provided I asked for a successful soap message example to compare the one I generate with a good one, (attached to the message) the only big diference I see is that in the rampart made soap message all the URI attributes are not encripted as they do in the oracle example Rampart: ... ds:Reference URI=#Id-27978063 .. ds:Reference URI=#Timestamp-14707008 wsse:Reference URI=#CertId-1097338 Oracle: .. dsig:Reference URI=#bcyKqLafyGSUXDbAEVXbIg22 ... dsig:Reference URI=#5KdQ0TRTux484dTYM5mpHQ22 wsse:Reference URI=#5KdQ0TRTux484dTYM5mpHQ22 What is all about? (I'm really newbie) and how can I match that using rampart ?? Best Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP)
ds:Refence URI not Encripted
Hi Everyone, I'm new to Axis2 and Rampart, but I need to do something very easy with them and haven't been able to do it.. The main problem is that I'm just to newbie at this, but for what I've learn I had seen the problem described below... I need to consume a WebService that only needs to be signed, I have trayed the onlySing example for rampart but I keep getting: * FAULT MESSAGE: An unsupported token was provided* Somebody has a working client made with the oracle suit, (I Cannot use that) and send me an example soap message, comparing the two I only see one diference Mine: ... ds:Reference URI=#Id-20736546 ... ds:Reference URI=#Timestamp-16437003 the working one: dsig:Reference URI=#bcyKqLafyGSUXDbAEVXbIg22 ... dsig:Reference URI=#5KdQ0TRTux484dTYM5mpHQ22 how can I do to encript that URI ??? I had attached the policy file.. any Ideas?? Cordialmente, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) ?xml version=1.0 encoding=UTF-8? !-- ! ! Copyright 2006 The Apache Software Foundation. ! ! Licensed under the Apache License, Version 2.0 (the License); ! you may not use this file except in compliance with the License. ! You may obtain a copy of the License at ! ! http://www.apache.org/licenses/LICENSE-2.0 ! ! Unless required by applicable law or agreed to in writing, software ! distributed under the License is distributed on an AS IS BASIS, ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ! See the License for the specific language governing permissions and ! limitations under the License. ! -- wsp:Policy wsu:Id=SigOnly xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy; wsp:ExactlyOne wsp:All sp:AsymmetricBinding xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:InitiatorToken wsp:Policy sp:X509Token sp:IncludeToken=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient; wsp:Policy sp:WssX509V3Token10 / /wsp:Policy /sp:X509Token /wsp:Policy /sp:InitiatorToken sp:RecipientToken wsp:Policy sp:X509Token sp:IncludeToken=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never; wsp:Policy sp:WssX509V3Token10 / /wsp:Policy /sp:X509Token /wsp:Policy /sp:RecipientToken sp:AlgorithmSuite wsp:Policy sp:TripleDesRsa15 / /wsp:Policy /sp:AlgorithmSuite sp:Layout wsp:Policy sp:Strict / /wsp:Policy /sp:Layout sp:IncludeTimestamp / sp:OnlySignEntireHeadersAndBody / /wsp:Policy /sp:AsymmetricBinding sp:Wss10 xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:MustSupportRefKeyIdentifier / sp:MustSupportRefIssuerSerial / /wsp:Policy /sp:Wss10 sp:SignedParts xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; sp:Body / /sp:SignedParts ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy; ramp:usersam/ramp:user ramp:encryptionUserdave/ramp:encryptionUser ramp:passwordCallbackClasscom.heinsohn.test.PWCBHandler /ramp:passwordCallbackClass ramp:signatureCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.file C:\RUNT\keystore\mytestkeystore.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.passwordmytestkeystore/ramp:property /ramp:crypto /ramp:signatureCrypto ramp:encryptionCrypto ramp:crypto provider=org.apache.ws.security.components.crypto.Merlin ramp:property name=org.apache.ws.security.crypto.merlin.keystore.typeJKS/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.file C:\RUNT\keystore\mytestkeystore.jks/ramp:property ramp:property name=org.apache.ws.security.crypto.merlin.keystore.passwordmytestkeystore/ramp:property /ramp:crypto /ramp:encryptionCrypto /ramp:RampartConfig /wsp:All /wsp:ExactlyOne /wsp:Policy