On Thu, Jul 24, 2008 at 7:55 PM, Abraham Washington <[EMAIL PROTECTED]> wrote:
> hi all, please disregard. i forgot to add the requires="authentication" > attr to the reference element within the component. only added it to the > reference element declaration. > > thx abe (still not sure what PolicyHolder is for??) > > > > ----- Original Message ---- > From: Abraham Washington <[EMAIL PROTECTED]> > To: [email protected] > Sent: Thursday, July 24, 2008 12:16:44 PM > Subject: security on reference > > hi all, i have 2 composites. the first composite exposes a service ( > binding.ws) and the second composite references the first service. works > fine. they are both using spring/hibernate underneath and i'm able to > perform some operations reading the db. > > i added security the the first composite. using soapUI, i try to invoke > the service and i get a security exception. it's the same exception i get > when trying to invoke the helloworld-ws-service-secure service. so, that > end seems to be working fine. > > on the second composite, here's my definitions.xml file: > > > <? > xml version="1.0" encoding="ASCII"?> > > < > sca:definitions xmlns="http://www.osoa.org/xmlns/sca/1.0"; > > targetNamespace="http://www.osoa.org/xmlns/sca/1.0"; > > xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"; > > xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"; > > xmlns:soasecurity="http://org.soa.services";> > > <!-- WS Security POLICY SETS --> > > <sca:policySet name="soasecurity:wsClientAuthenticationPolicy" > > provides="authentication" > > appliesTo="sca:reference/sca:binding.ws"> > > <tuscany:wsConfigParam> > > <parameter name="OutflowSecurity"> > > <action> > > <items>UsernameToken</items> > > <user>TuscanyWsUser</user> > > <passwordCallbackClass>org.soa.services.security.ClientPWCBHandler</ > passwordCallbackClass>" + > > <passwordType>PasswordText</passwordType> > > </action> > > </parameter> > > </tuscany:wsConfigParam> > > </sca:policySet> > > <!-- Policysets for unit tests that use the testHelloworldws.composite > --> > > <!-- Since we use the helloworld-ws-service for the unit testing we need to > > > declare these policy sets and with the 'provides' set to the intents that > the > > composite in the helloworld-ws-service uses. --> > > <sca:policySet name="soasecurity:wsAuthenticationPolicy" > > provides="authentication" > > appliesTo="sca:service/sca:binding.ws" > > > > > <tuscany:wsConfigParam> > > <parameter name="InflowSecurity"> > > <action> > > <items>UsernameToken</items> > > <passwordCallbackClass>org.soa.services.security.ServerPWCBHandler</ > passwordCallbackClass> > > </action> > > </parameter> > > </tuscany:wsConfigParam> > > </sca:policySet> > > </sca:definitions> > > > > When i try to invoke the service, using a test runner in eclipse, i'm > getting a strange error (see below). i took a look at the > helloworld-ws-reference-secure example and that's where i got my > definitions.xml. just took out the calls for 'integrity'. I also noticed > there's a PolicyHolder file in META-INF/services, but I'm not sure what that > is for ?? maybe it's related to my problem, but not sure. neither the > ClientPWCBHandler nor the ServerPWCPHandler are invoked. > > > > In the second composite, I added the requires="authentication" to the > reference element as well. here's the error (seems misleading since it's > working fine without security): > > > > 1. Injected addressServiceClient -> $Proxy7 > > AddressServiceImpl -> Called getAddress > > Exception in thread "main" > *java.lang.IllegalArgumentException*: Pass-by-value is not supported for > the given object > > at org.apache.tuscany.sca.databinding.javabeans.JavaBeansDataBinding.copy( > *JavaBeansDataBinding.java:102*) > > at > org.apache.tuscany.sca.databinding.DefaultDataBindingExtensionPoint$LazyDataBinding.copy( > *DefaultDataBindingExtensionPoint.java:171*) > > at > org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.copy( > *PassByValueInterceptor.java:235*) > > at > org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.copyFault( > *PassByValueInterceptor.java:130*) > > at > org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.invoke( > *PassByValueInterceptor.java:115*) > > at org.apache.tuscany.sca.binding.sca.impl.SCABindingInvoker.invoke( > *SCABindingInvoker.java:61*) > > at > org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.invoke( > *PassByValueInterceptor.java:108*) > > at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke( > *JDKInvocationHandler.java:286*) > > at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke( > *JDKInvocationHandler.java:154*) > > at $Proxy7.getAddress(Unknown Source) > > at helloworld.DCRIOrganizationServiceCompositeRunner.main( > *DCRIOrganizationServiceCompositeRunner.java:44*) > > Caused by: > *java.io <http://java.io.no/>.NotSerializableException*: > org.apache.axiom.om > <http://org.apache.axiom.om.impl.llom.om/>.impl.llom.OMElementImpl > > > at java.io.ObjectOutputStream.writeObject0( > *ObjectOutputStream.java:1081*) > > at java.io <http://java.io.objectoutputstream.de/> > .ObjectOutputStream.defaultWriteFields( > *ObjectOutputStream.java:1375*) > > at java.io.ObjectOutputStream.writeSerialData( > *ObjectOutputStream.java:1347*) > > at java.io.ObjectOutputStream.writeOrdinaryObject( > *ObjectOutputStream.java:1290*) > > at java.io.ObjectOutputStream.writeObject0( > *ObjectOutputStream.java:1079*) > > at java.io.ObjectOutputStream.defaultWriteFields( > *ObjectOutputStream.java:1375*) > > at java.io.ObjectOutputStream.defaultWriteObject( > *ObjectOutputStream.java:391*) > > at java.lang.Throwable.writeObject( > *Throwable.java:649*) > > at sun.reflect.NativeMethodAccessorImpl.invoke0( > *Native Method*) > > at sun.reflect.NativeMethodAccessorImpl.invoke( > *NativeMethodAccessorImpl.java:39*) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > *DelegatingMethodAccessorImpl.java:25*) > > at java.lang.reflect.Method.invoke( > *Method.java:585*) > > at java.io <http://java.io.objectstreamclass.in/> > .ObjectStreamClass.invokeWriteObject( > *ObjectStreamClass.java:917*) > > at java.io.ObjectOutputStream.writeSerialData( > *ObjectOutputStream.java:1339*) > > at java.io.ObjectOutputStream.writeOrdinaryObject( > *ObjectOutputStream.java:1290*) > > at java.io.ObjectOutputStream.writeObject0( > *ObjectOutputStream.java:1079*) > > at java.io.ObjectOutputStream.defaultWriteFields( > *ObjectOutputStream.java:1375*) > > at java.io.ObjectOutputStream.defaultWriteObject( > *ObjectOutputStream.java:391*) > > at java.lang.Throwable.writeObject( > *Throwable.java:649*) > > at sun.reflect.NativeMethodAccessorImpl.invoke0( > *Native Method*) > > at sun.reflect.NativeMethodAccessorImpl.invoke( > *NativeMethodAccessorImpl.java:39*) > > at sun.reflect.DelegatingMethodAccessorImpl.invoke( > *DelegatingMethodAccessorImpl.java:25*) > > at java.lang.reflect.Method.invoke( > *Method.java:585*) > > at java.io.ObjectStreamClass.invokeWriteObject( > *ObjectStreamClass.java:917*) > > at java.io.ObjectOutputStream.writeSerialData( > *ObjectOutputStream.java:1339*) > > at java.io.ObjectOutputStream.writeOrdinaryObject( > *ObjectOutputStream.java:1290*) > > at java.io.ObjectOutputStream.writeObject0( > *ObjectOutputStream.java:1079*) > > at java.io.ObjectOutputStream.writeObject( > *ObjectOutputStream.java:302*) > > at org.apache.tuscany.sca.databinding.javabeans.JavaBeansDataBinding.copy( > *JavaBeansDataBinding.java:71*) > > ... 10 more > > > > thx abe > > > > > Hi Abe Where do you see the PlicyHolder file? Regards Simon
