Perhaps I misunderstood the original problem. As I read the e-mal thread I thought the issue was with a Java client calling the .NET order processing service. If the certificate negotiation is causing a problem with that communication then both the Java client and the .NET OPS need to be configured to use common bindings or they will not be able to communicate.
Scott > Date: Fri, 22 May 2009 00:29:52 +0800 > Subject: Re: Interoperability Failure: SslContextToken & WS-Policy > From: [email protected] > To: [email protected] > > thanks for your reminder, we did modify the > Trade.BusinessServiceConsoleHost.exe.config file rather than the > Trade.OrderProcessorConsoleHost.exe.config file, because the former one is > the file we can modify the ORDER_PROCESSIING_MODE. > > we'll try that way. > > BTW, do you mean the binding 'OpsClient_WsHttpBinding_MSec' is just for how > the client proxy in BS access the OPS with the binding? > > > On Fri, May 22, 2009 at 12:13 AM, Scott Golightly < > [email protected]> wrote: > > > > > I am reading the description below and it sounds like you are trying to > > call the order processor service but made the change to X509 negotiation to > > the business service. The configuration file for the order processor service > > is . You might want to see if turning off X509 negotiation on that service > > fixes the problem. > > > > Another item to be aware of is if you compile the project the > > Trade.OrderProcessorConsoleHost.exe.config file is overwritten. To make sure > > the changes are in the config file after a compile you can update the > > App.config file in the OrderProcessorConsoleServiceHost directory. > > > > > > > > Scott Golightly > > > > > Date: Thu, 21 May 2009 22:07:04 +0800 > > > Subject: Interoperability Failure: SslContextToken & WS-Policy > > > From: [email protected] > > > To: [email protected] > > > CC: [email protected]; [email protected]; [email protected]; > > [email protected]; [email protected]; [email protected]; > > [email protected]; [email protected]; [email protected] > > > > > > Hi, we're configuring stonehenge to use Java WSIT client to connect the > > .NET > > > orderprocessor service via wsHttpBinding. > > > > > > We followed the installation document under the .net directory from > > > stonehenge m1 branch, and we got order processor service running via both > > > basicHttpBinding and wsHttpBinding. > > > > > > At first, we tried the interoperability via basicHttpBinding, the result > > was > > > perfect. > > > > > > Then we wanted to configure it to via wsHttpBinding, but we encountered > > the > > > following problem: > > > -------------- > > > May 21, 2009 8:21:21 PM com.sun.xml.ws.security.impl.policy.Constants > > > log_invalid_assertion > > > WARNING: SP0100: Policy assertion > > > > > Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] > > > { > > > assertion data { > > > namespace = 'http://schemas.microsoft.com/ws/2005/07/securitypolicy' > > > prefix = 'mssp' > > > local name = 'SslContextToken' > > > value = 'null' > > > optional = 'false' > > > ignorable = 'false' > > > attributes { > > > name = ' > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy:IncludeToken', > > value = > > > ' > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > > > ' > > > } > > > } > > > no parameters > > > nested policy { > > > namespace version = 'v1_5' > > > id = 'null' > > > name = 'null' > > > vocabulary { > > > 1. entry = ' > > > > > http://schemas.microsoft.com/ws/2005/07/securitypolicy:RequireClientCertificate > > > ' > > > 2. entry = ' > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy:RequireDerivedKeys' > > > } > > > assertion set { > > > > > > > > Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] > > > { > > > assertion data { > > > namespace = ' > > > http://schemas.microsoft.com/ws/2005/07/securitypolicy' > > > prefix = 'mssp' > > > local name = 'RequireClientCertificate' > > > value = 'null' > > > optional = 'false' > > > ignorable = 'false' > > > no attributes > > > } > > > no parameters > > > no nested policy > > > } > > > > > > > > Assertion[com.sun.xml.ws.policy.sourcemodel.DefaultPolicyAssertionCreator$DefaultPolicyAssertion] > > > { > > > assertion data { > > > namespace = ' > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy' > > > prefix = 'sp' > > > local name = 'RequireDerivedKeys' > > > value = 'null' > > > optional = 'false' > > > ignorable = 'false' > > > no attributes > > > } > > > no parameters > > > no nested policy > > > } > > > } > > > } > > > } is not supported under Token assertion. > > > Exception in thread "main" java.lang.NullPointerException > > > at > > > > > com.sun.xml.ws.security.impl.policy.PolicyUtil.isSecurityPolicyNS(PolicyUtil.java:70) > > > at > > > > > com.sun.xml.ws.security.impl.policy.PolicyUtil.isIssuedToken(PolicyUtil.java:644) > > > at > > > > > com.sun.xml.ws.security.impl.policyconv.SCTokenWrapper.addToken(SCTokenWrapper.java:222) > > > at > > > > > com.sun.xml.ws.security.impl.policyconv.SCTokenWrapper.getTokens(SCTokenWrapper.java:205) > > > at > > > > > com.sun.xml.ws.security.impl.policyconv.SCTokenWrapper.getIssuedTokens(SCTokenWrapper.java:169) > > > at > > > > > com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getIssuedTokenPoliciesFromBootstrapPolicy(SecurityTubeBase.java:458) > > > at > > > > > com.sun.xml.wss.jaxws.impl.SecurityTubeBase.constructPolicyHolder(SecurityTubeBase.java:1332) > > > at > > > > > com.sun.xml.wss.jaxws.impl.SecurityClientTube.addIncomingProtocolPolicy(SecurityClientTube.java:599) > > > at > > > > > com.sun.xml.wss.jaxws.impl.SecurityTubeBase.buildProtocolPolicy(SecurityTubeBase.java:1258) > > > at > > > > > com.sun.xml.wss.jaxws.impl.SecurityTubeBase.collectPolicies(SecurityTubeBase.java:752) > > > at > > > > > com.sun.xml.wss.jaxws.impl.SecurityTubeBase.<init>(SecurityTubeBase.java:284) > > > at > > > > > com.sun.xml.wss.jaxws.impl.SecurityClientTube.<init>(SecurityClientTube.java:131) > > > at > > > > > com.sun.xml.wss.provider.wsit.SecurityTubeAppender.appendTube(SecurityTubeAppender.java:189) > > > at > > > > > com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$WsitTubelineAssembler.createClient(TubelineAssemblerFactoryImpl.java:79) > > > at > > > > > com.sun.xml.ws.client.WSServiceDelegate.createPipeline(WSServiceDelegate.java:446) > > > at > > > > > com.sun.xml.ws.client.WSServiceDelegate.createEndpointIFBaseProxy(WSServiceDelegate.java:639) > > > at > > > > > com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:342) > > > at > > > > > com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:324) > > > at > > > > > com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:306) > > > at javax.xml.ws.Service.getPort(Service.java:92) > > > at > > > > > org.tempuri.OrderProcessor.getWSHttpBindingOrderProcessorService(OrderProcessor.java:78) > > > at > > > > > org.wso2.stocktrader.services.TradeOrderServiceClient.SubmitOrderTrasactedQueue(Unknown > > > Source) > > > at org.wso2.stocktrader.services.TradeOrderServiceClient.main(Unknown > > > Source) > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > > at > > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > > at > > > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > > > at java.lang.reflect.Method.invoke(Method.java:597) > > > at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90) > > > > > > Process finished with exit code 1 > > > -------------- > > > > > > After some digging by google, we found this article with the solution: > > > Interoperability Gotcha: SslContextToken Negotiation & WS-Policy ( > > > > > http://proxy88.com/index.php?hl=f5&q=uggc%3A%2F%2Fjrofreivprf20.oybtfcbg.pbz%2F2008%2F10%2Fvagrebcrenovyvgl-tbgpun-ffypbagrkggbxra.ugzy > > ) > > > > > > There the author provided a solution, we can turn the X.509 negotiation > > off > > > by updating wshttpbinding configuration like bellow > > > <security> > > > <message clientCredentialType="None" negotiateServiceCredential="false" > > > /> > > > </security> > > > > > > So, we updated the relevant configuration in > > > Trade.BusinessServiceConsole.exe.config as bellow: > > > > > > <binding name="OpsClient_WsHttpBinding_MSec" closeTimeout="00:01:00" > > > openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" > > > bypassProxyOnLocal="false" transactionFlow="false" > > > hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" > > > maxReceivedMessageSize="65536" messageEncoding="Text" > > textEncoding="utf-8" > > > useDefaultWebProxy="true" allowCookies="false"> > > > <readerQuotas maxDepth="32" maxStringContentLength="8192" > > > maxArrayLength="16384" maxBytesPerRead="4096" > > maxNameTableCharCount="16384" > > > /> > > > <reliableSession ordered="true" inactivityTimeout="00:10:00" > > > enabled="false" /> > > > <security mode="Message"> > > > <!--<transport clientCredentialType="Windows" > > > proxyCredentialType="None" realm="" />--><!--here we comment it out--> > > > <!--<message clientCredentialType="Certificate" > > > negotiateServiceCredential="true" algorithmSuite="Default" > > > establishSecurityContext="true" />--><!--here we comment it out--> > > > <message clientCredentialType="None" > > > negotiateServiceCredential="false"/> > > > </security> > > > </binding> > > > > > > However, the error message as former still occured. > > > > > > Here is our java client code: > > > > > > OrderProcessor processor = new OrderProcessor(new URL(" > > > http://localhost:8000/tradeorderprocessor";), new QName(" > > http://tempuri.org/";, > > > "OrderProcessor")); > > > //OrderProcessor class is generated by wsimport from > > > http://localhost:8000/tradeorderprocessor?wsdl > > > OrderProcessorService service = > > > processor.getWSHttpBindingOrderProcessorService(); > > > SubmitOrder param = new SubmitOrder(); > > > param.setOrder(order); > > > service.submitOrder(param); > > > > > > We've imported the certificate of CN OPS.Com into the keystore.jks for > > the > > > glassfish, and imported the certificate of alias 's1as' from glassfish > > into > > > mmc. > > > > > > We tried to find some examples about using WSIT to inter-operate the java > > > client and .net service provider via wsHttpBinding, but there are so few > > > materials or examples. > > > > > > Does anyone have any suggestion? Where can we find the examples that > > > represent the interoperability via wsHttpBinding? > > > > > > > > > > > > ---- > > > Ming Jin > > > > > > Consultant > > > Thoughtworks, Inc > > > > > > -- > Ming Jin > > Consultant > Thoughtworks, Inc
