Thanks for looking into this! Turns out my issue was related to that WS-Addressing matter we talked about a few days back. Namely, the security implementation for Synapse requires WS-Addressing, but the client tool I was using was not adding that. This resulted in the invalidSecurity error (not sure why that was the error message). You can this for yourself by trying the policy I referenced earlier in this thread with example 200, then remove the wsa:MessageID and was:Action headers.
Regards, jeff On Wed, Jun 11, 2008 at 10:26 PM, Nandana Mihindukulasooriya < [EMAIL PROTECTED]> wrote: > Hi Ruwan, > The policy looks oky. This policy is not recommended when we > consider the security aspects, as you can see the clear text password is > going over the wire in an unsecured transport but this should work. I > checked this policy with Axis2 1.4 / Rampart 1.4 and it worked fine for me. > , > > Jeff, > What is the error you are getting at the server side ? > > thanks, > nandana > > On Thu, Jun 12, 2008 at 10:35 AM, Ruwan Linton <[EMAIL PROTECTED]> > wrote: > > > Hi Jeff, > > > > Lets first get this policy validated from one of the security experts :-) > > > > Nandana, can you please help us on this? > > > > Thanks, > > Ruwan > > > > On Thu, Jun 12, 2008 at 12:46 AM, Jeff Davis <[EMAIL PROTECTED]> wrote: > > > > > Hi everyone, > > > > > > Example 200 shows how to engage security on a proxy that uses a x509 > > style > > > policy. That works great. However, I am trying to instead use > > UsernameToken > > > style with the following policy: > > > > > > <wsp:Policy wsu:Id="UTOverTransport" > > > xmlns:wsu=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > " > > > > > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > > > <wsp:ExactlyOne> > > > <wsp:All> > > > <sp:SignedSupportingTokens xmlns:sp=" > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > > > <wsp:Policy> > > > <sp:UsernameToken sp:IncludeToken=" > > > > > > > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > > > "> > > > </sp:UsernameToken> > > > </wsp:Policy> > > > </sp:SignedSupportingTokens> > > > <ramp:RampartConfig xmlns:ramp=" > http://ws.apache.org/rampart/policy > > "> > > > > > > > > > > > > <ramp:passwordCallbackClass>samples.userguide.PWCallback</ramp:passwordCallbackClass> > > > <ramp:user>alice</ramp:user> > > > </ramp:RampartConfig> > > > </wsp:All> > > > </wsp:ExactlyOne> > > > </wsp:Policy> > > > > > > My inbound SOAP message looks like: > > > > > > <soapenv:Envelope xmlns:hel="http://helloworld"; xmlns:soapenv=" > > > http://schemas.xmlsoap.org/soap/envelope/";> > > > <soapenv:Header> > > > <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > "> > > > <wsse:UsernameToken wsu:Id="UsernameToken-14134009" xmlns:wsu=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > "> > > > <wsse:Username>alice</wsse:Username> > > > <wsse:Password Type=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > > > ">password</wsse:Password> > > > </wsse:UsernameToken> > > > </wsse:Security> > > > </soapenv:Header> > > > <soapenv:Body> > > > <hel:getGreetings> > > > <hel:name>Hi!</hel:name> > > > </hel:getGreetings> > > > </soapenv:Body> > > > </soapenv:Envelope> > > > > > > However, I always get soap fault with a description of: InvalidSecurity > > > > > > I think my policy file is okay, cause when I use for engaging security > on > > > an > > > outbound message, it works fine (i.e., adds the WS-Security header). > > > > > > Any ideas? > > > > > > jeff > > > > > > > > > > > -- > > Ruwan Linton > > http://www.wso2.org - "Oxygenating the Web Services Platform" > > > > > > -- > Nandana Mihindukulasooriya > WSO2 inc. > > http://nandana83.blogspot.com/ >
