Hi,
Firstly, sorry about posting on this issue twice, but I didn't get a response
last time, and I could really do with getting this going.
I simply cannot make Tuscany driven webservices require security - even when I
run the samples which use policies, security is not engaged. The simplest
sample for this is helloworld-ws-service-secure. If I build directly from the
1.4 src distro, and then ant run, I get:
C:\src\tuscany-sca-1.4\samples\helloworld-ws-service-secure>ant run
Buildfile: build.xml
run:
[java] 09-Feb-2009 09:33:59 org.apache.tuscany.sca.node.impl.NodeImpl
<init>
[java] INFO: Creating node: helloworldws.composite
[java] 09-Feb-2009 09:33:59 org.apache.tuscany.sca.node.impl.NodeImpl
configureNode
[java] INFO: Loading contribution:
file:/C:/src/tuscany-sca-1.4/samples/helloworld-ws-service-secure/target/sample-helloworld-ws-service-secure.jar
[java] >>>Initializing WSPolicyProcessor
[java] 09-Feb-2009 09:34:00 org.apache.tuscany.sca.node.impl.NodeImpl
configureNode
[java] INFO: Loading composite:
jar:file:/C:/src/tuscany-sca-1.4/samples/helloworld-ws-service-secure/target/sample-helloworld-ws-service-secure.jar!/helloworldws.composite
[java] 09-Feb-2009 09:34:00 org.apache.tuscany.sca.node.impl.NodeImpl start
[java] INFO: Starting node: helloworldws.composite
[java] - Module validation failed: The system is attempting to engage a
module that is not available: rampart
[java] - Module validation failed: The system is attempting to engage a
module that is not available: rampart
[java] - No JMS connection factories are defined.Will not listen for any
JMS messages
[java] - No JMS connection factories are defined.Will not listen for any
JMS messages
[java] 09-Feb-2009 09:34:01 org.apache.tuscany.sca.http.jetty.JettyServer
addServletMapping
[java] - No JMS connection factories are defined.Will not listen for any
JMS messages
[java] - No JMS connection factories are defined.Will not listen for any
JMS messages
[java] INFO: Added Servlet mapping:
http://CZC8191YB0:8085/HelloWorldService
[java] 09-Feb-2009 09:34:01 org.apache.tuscany.sca.http.jetty.JettyServer
addServletMapping
[java] HelloWorld server started (press enter to shutdown)
[java] INFO: Added Servlet mapping:
http://CZC8191YB0:8085/HelloWorldWsPolicyService
If I then call the webservice (using soapUI) I don't need to provide any sort
of security information, and yet the service responds. Even a bare request
like:
POST http://192.168.2.232:8085/HelloWorldWsPolicyService HTTP/1.1
Content-Type: text/xml;charset=UTF-8
SOAPAction: "urn:getGreetings"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: 192.168.2.232:8085
Content-Length: 277
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:hel="http://helloworld";>
<soapenv:Header/>
<soapenv:Body>
<hel:getGreetings>
<hel:name>phil</hel:name>
</hel:getGreetings>
</soapenv:Body>
</soapenv:Envelope>
Is accepted.
The main application I need security for acts the same way, using tomcat
instead of jetty, and I've found the same result on Linux as on Windows, so I'm
sure it isn't system dependent. I've also tried 1.4 branch head and 1.x branch
with no success.
I will gratefully try anything suggested, and can provide any logs etc. Thanks
in advance.
Philip Housley
