Problem using WS-Security in proxy service(Invalid Security Exception)

[shradha.panigrahi]

Hi,

I  was trying out a sample  using ws security to be used in our project.

I dont want to encrypt the message, i just want it to be signed using
the username token supported by ws security.

I engaged the rampart module in my client side with the corresponding
policy file.

But when I invoke the service in synapse I get an invalid security
exception. (Message never reaches the inSequence)--

STACK TRACE--

2008-12-26 10:48:14,771 [10.207.70.56-EC4T16ES-169579]
[HttpServerWorker-8] ERROR AxisEngine InvalidSecurity
org.apache.axis2.AxisFault: InvalidSecurity
        at
org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDi
spatchVerificationHandler.java:148)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
        at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
        at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
        at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReques
t(HTTPTransportUtils.java:275)
        at
org.apache.synapse.transport.nhttp.ServerWorker.processPost(ServerWorker
.java:253)
        at
org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:19
4)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source)
        at java.lang.Thread.run(Unknown Source)
2008-12-26 10:48:14,771 [10.207.70.56-EC4T16ES-169579]
[HttpServerWorker-8] ERROR ServerWorker Error processing POST request
org.apache.axis2.AxisFault: InvalidSecurity
        at
org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDi
spatchVerificationHandler.java:148)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
        at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
        at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
        at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReques
t(HTTPTransportUtils.java:275)
        at
org.apache.synapse.transport.nhttp.ServerWorker.processPost(ServerWorker
.java:253)
        at
org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:19
4)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source)
        at java.lang.Thread.run(Unknown Source)

synapse.xml---
<localEntry key="server_policy"
src="file:repository/conf/sample/resources/policy/Test_policy_3.xml/>
<syn:proxy name="WSsecurityTest"  trace="enable">
        <syn:target>
            <syn:endpoint>
                <syn:address uri="
http://localhost:8080/ISV1/services/ISV1";>
                 </syn:address>
            </syn:endpoint>
            <syn:inSequence>
                <syn:log level="full" separator=","/>
                <syn:header xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
t-1.0.xsd" name="wsse:Security" action="remove"/>
            </syn:inSequence>
            <syn:outSequence>
                <syn:send/>
            </syn:outSequence>
        </syn:target>
        <syn:policy key="server_policy"/>
        <syn:enableSec/>
    </syn:proxy>



I have also attached the policy file I have used for synapse and the
client side and the trace messages exchanged between synapse and the
client.

Can someone provide me inputs on how to avoid this? Am I missing out
something?
 ---------------

 Regards,

 Shradha



Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com

TRACE MESSAGE (TCPMON)-----

Message sent to synapse
-------------------------------------------------------------------------------------------------
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";><soapenv:Header 
xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 soapenv:mustUnderstand="1"><wsu:Timestamp 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 
wsu:Id="Timestamp-9838079"><wsu:Created>2008-12-26T04:49:19.499Z</wsu:Created><wsu:Expires>2008-12-26T04:54:19.499Z</wsu:Expires></wsu:Timestamp>
<wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 
wsu:Id="UsernameToken-24446859"><wsse:Username>alice</wsse:Username><wsse:Password
 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password></wsse:UsernameToken></wsse:Security><wsa:To>http://localhost:1236/soap/WSsecurityTest.WSsecurityTestHttpEndpoint</wsa:To><wsa:MessageID>urn:uuid:FF64B43B5CE6261E7D1230266958854</wsa:MessageID><wsa:Action>http://localhost:8080/ISV1/getISV</wsa:Action></soapenv:Header><soapenv:Body><ns1:getISV
 xmlns:ns1="http://localhost:8080/ISV1/";><in>Severus 
Snape</in></ns1:getISV></soapenv:Body></soapenv:Envelope>


Message received from synapse
---------------------------------------------------------------------------------------------------
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";><soapenv:Header 
xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action><wsa:RelatesTo>urn:uuid:FF64B43B5CE6261E7D1230266958854</wsa:RelatesTo></soapenv:Header><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>InvalidSecurity</faultstring><detail
 /></soapenv:Fault></soapenv:Body></soapenv:Envelope>

<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
	<wsp:ExactlyOne>
	  <wsp:All>
		<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
		  <wsp:Policy>
			<sp:TransportToken>
			  <wsp:Policy>
				 <sp:HttpsToken RequireClientCertificate="false"/>
			  </wsp:Policy>
			</sp:TransportToken>
			<sp:AlgorithmSuite>
			  <wsp:Policy>
				<sp:Basic256/>
			  </wsp:Policy>
			</sp:AlgorithmSuite>
			<sp:Layout>
			  <wsp:Policy>
				<sp:Lax/>
			  </wsp:Policy>
			</sp:Layout>
			<sp:IncludeTimestamp/>
		  </wsp:Policy>
		</sp:TransportBinding>
		<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
			<wsp:Policy>
				<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; />
		  </wsp:Policy>
		</sp:SignedSupportingTokens>
		
		<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> 
			<ramp:user>alice</ramp:user>
			<ramp:passwordCallbackClass>com.wipro.sobay.saas.poc.client.PWCallback</ramp:passwordCallbackClass>
		</ramp:RampartConfig>
		
	  </wsp:All>
	</wsp:ExactlyOne>
</wsp:Policy>