Ming, Two things,
1. Can you verify that you're using the http://localhost:8000/TradeOrderProcessor/msec endpoint address when calling wsHttp? It seems like the code is still setup for the basicBinding endpoint. 2. Were you able to get the customBinding for .NET working. PHP and WSAS are using the customBinding OPS_SEC. the endpoint is http://localhost:8000/tradeorderprocessor/sec (without the m). This might be a better option, There has been talks of removing the wsHttpBinding and replacing it with the customBinding throughout. -Ben -----Original Message----- From: Ming Jin [mailto:[email protected]] Sent: Thursday, May 21, 2009 10:07 AM To: [email protected] Cc: Kent Brown; Harold Carr; [email protected]; Ye Zheng; [email protected]; Ming Jin; [email protected]; [email protected]; Song Zhang Subject: Interoperability Failure: SslContextToken & WS-Policy Hi, we're configuring stonehenge to use Java WSIT client to connect the .NET orderprocessor service via wsHttpBinding. We followed the installation document under the .net directory from stonehenge m1 branch, and we got order processor service running via both basicHttpBinding and wsHttpBinding. At first, we tried the interoperability via basicHttpBinding, the result was perfect. Then we wanted to configure it to via wsHttpBinding, but we encountered the following problem: -------------- May 21, 2009 8:21:21 PM com.sun.xml.ws.security.impl.policy.Constants log_invalid_assertion WARNING: SP0100: Policy assertion Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] { assertion data { namespace = 'http://schemas.microsoft.com/ws/2005/07/securitypolicy' prefix = 'mssp' local name = 'SslContextToken' value = 'null' optional = 'false' ignorable = 'false' attributes { name = ' http://schemas.xmlsoap.org/ws/2005/07/securitypolicy:IncludeToken', value = ' http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient ' } } no parameters nested policy { namespace version = 'v1_5' id = 'null' name = 'null' vocabulary { 1. entry = ' http://schemas.microsoft.com/ws/2005/07/securitypolicy:RequireClientCertificate ' 2. entry = ' http://schemas.xmlsoap.org/ws/2005/07/securitypolicy:RequireDerivedKeys' } assertion set { Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] { assertion data { namespace = ' http://schemas.microsoft.com/ws/2005/07/securitypolicy' prefix = 'mssp' local name = 'RequireClientCertificate' value = 'null' optional = 'false' ignorable = 'false' no attributes } no parameters no nested policy } Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] { assertion data { namespace = ' http://schemas.xmlsoap.org/ws/2005/07/securitypolicy' prefix = 'sp' local name = 'RequireDerivedKeys' value = 'null' optional = 'false' ignorable = 'false' no attributes } no parameters no nested policy } } } } is not supported under Token assertion. Exception in thread "main" java.lang.NullPointerException at com.sun.xml.ws.security.impl.policy.PolicyUtil.isSecurityPolicyNS(PolicyUtil.java:70) at com.sun.xml.ws.security.impl.policy.PolicyUtil.isIssuedToken(PolicyUtil.java:644) at com.sun.xml.ws.security.impl.policyconv.SCTokenWrapper.addToken(SCTokenWrapper.java:222) at com.sun.xml.ws.security.impl.policyconv.SCTokenWrapper.getTokens(SCTokenWrapper.java:205) at com.sun.xml.ws.security.impl.policyconv.SCTokenWrapper.getIssuedTokens(SCTokenWrapper.java:169) at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getIssuedTokenPoliciesFromBootstrapPolicy(SecurityTubeBase.java:458) at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.constructPolicyHolder(SecurityTubeBase.java:1332) at com.sun.xml.wss.jaxws.impl.SecurityClientTube.addIncomingProtocolPolicy(SecurityClientTube.java:599) at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.buildProtocolPolicy(SecurityTubeBase.java:1258) at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.collectPolicies(SecurityTubeBase.java:752) at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.<init>(SecurityTubeBase.java:284) at com.sun.xml.wss.jaxws.impl.SecurityClientTube.<init>(SecurityClientTube.java:131) at com.sun.xml.wss.provider.wsit.SecurityTubeAppender.appendTube(SecurityTubeAppender.java:189) at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$WsitTubelineAssembler.createClient(TubelineAssemblerFactoryImpl.java:79) at com.sun.xml.ws.client.WSServiceDelegate.createPipeline(WSServiceDelegate.java:446) at com.sun.xml.ws.client.WSServiceDelegate.createEndpointIFBaseProxy(WSServiceDelegate.java:639) at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:342) at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:324) at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:306) at javax.xml.ws.Service.getPort(Service.java:92) at org.tempuri.OrderProcessor.getWSHttpBindingOrderProcessorService(OrderProcessor.java:78) at org.wso2.stocktrader.services.TradeOrderServiceClient.SubmitOrderTrasactedQueue(Unknown Source) at org.wso2.stocktrader.services.TradeOrderServiceClient.main(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90) Process finished with exit code 1 -------------- After some digging by google, we found this article with the solution: Interoperability Gotcha: SslContextToken Negotiation & WS-Policy ( http://proxy88.com/index.php?hl=f5&q=uggc%3A%2F%2Fjrofreivprf20.oybtfcbg.pbz%2F2008%2F10%2Fvagrebcrenovyvgl-tbgpun-ffypbagrkggbxra.ugzy) There the author provided a solution, we can turn the X.509 negotiation off by updating wshttpbinding configuration like bellow <security> <message clientCredentialType="None" negotiateServiceCredential="false" /> </security> So, we updated the relevant configuration in Trade.BusinessServiceConsole.exe.config as bellow: <binding name="OpsClient_WsHttpBinding_MSec" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Message"> <!--<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />--><!--here we comment it out--> <!--<message clientCredentialType="Certificate" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" />--><!--here we comment it out--> <message clientCredentialType="None" negotiateServiceCredential="false"/> </security> </binding> However, the error message as former still occured. Here is our java client code: OrderProcessor processor = new OrderProcessor(new URL(" http://localhost:8000/tradeorderprocessor";), new QName("http://tempuri.org/";, "OrderProcessor")); //OrderProcessor class is generated by wsimport from http://localhost:8000/tradeorderprocessor?wsdl OrderProcessorService service = processor.getWSHttpBindingOrderProcessorService(); SubmitOrder param = new SubmitOrder(); param.setOrder(order); service.submitOrder(param); We've imported the certificate of CN OPS.Com into the keystore.jks for the glassfish, and imported the certificate of alias 's1as' from glassfish into mmc. We tried to find some examples about using WSIT to inter-operate the java client and .net service provider via wsHttpBinding, but there are so few materials or examples. Does anyone have any suggestion? Where can we find the examples that represent the interoperability via wsHttpBinding? ---- Ming Jin Consultant Thoughtworks, Inc
