Tomek,
Thank you for your help.
Without your help i wouldn't have made it, despite of the increasing
stupidity of my questions (i was becoming desperate).
Anyway, the property missing on the server was:
<prop key="user">serveralias</prop>
If you want this example to include in the xfire distribution please
let me know.
Thanks,
António Lourinho
On 1/16/07, Antonio Lourinho <[EMAIL PROTECTED]> wrote:
Dear x,
Im sorry for insisting on this issue...but when i include the
configuration for signing the response all goes well (the service
class implementation is called) until the signature is tryed on the
server:
org.codehaus.xfire.fault.XFireFault: WSDoAllSender: Empty username for
specified action
at
org.codehaus.xfire.security.wss4j.WSS4JOutHandler.invoke(WSS4JOutHandler.java:113)
at
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at
org.codehaus.xfire.service.binding.PostInvocationHandler.invoke(PostInvocationHandler.java:36)
at
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at
org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
at
org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
at
org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:278)
at
org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:130)
at
org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
Is there something missing in the services.xml? (there isnt any
example of this - server signing).
<outHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler"
xmlns="">
<property name="properties">
<props>
<prop key="action">Encrypt UsernameToken Signature</prop>
<prop
key="encryptionPropFile">META-INF/xfire/server_outsecurity_enc.properties</prop>
<prop
key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop>
<prop
key="signaturePropFile">META-INF/xfire/server_outsecurity_sign.properties</prop>
</props>
</property>
</bean>
</outHandlers>
Thank you very much,
António Lourinho
On 1/16/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote:
> Sure
>
> On 1/16/07, Antonio Lourinho <[EMAIL PROTECTED]> wrote:
> > Hello,
> >
> > Please allow me to correct this information:
> >
> > I managed to configure security for the client do cypher and sign the
> > request and for the server to cypher the response. This works
> > correctly.
> >
> > Is it possible for the server to also sign the response?
> >
> > Thanks in advance,
> > Antonio Lourinho
> >
> >
> >
> > On 1/16/07, Antonio Lourinho <[EMAIL PROTECTED]> wrote:
> > > Hello,
> > >
> > > I did just that. I have two keystores, both containing the personal
> > > private key and the other participant public key certificate.
> > >
> > > I have configured in the server the following:
> > >
> > > <service>
> > > <name>ClientInformationListSec</name>
> > >
<namespace>http://pt.brisa.integration.viaverde/ClientInformationListWS</namespace>
> > >
<serviceClass>pt.brisa.clientinformationlist.integration.ws.ClientInformationListWS</serviceClass>
> > > <inHandlers>
> > > <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler"
/>
> > > <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler"
xmlns="">
> > > <property name="properties">
> > > <props>
> > > <prop key="action">Encrypt Signature
UsernameToken</prop>
> > > <prop
> > > key="decryptionPropFile">META-INF/xfire/insecurity_enc.properties</prop>
> > > <prop
> > > key="signaturePropFile">META-INF/xfire/insecurity_sign.properties</prop>
> > > <prop
> > > key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop>
> > > </props>
> > > </property>
> > > </bean>
> > >
> > > <handler
> > > handlerClass="org.codehaus.xfire.demo.ValidateUserTokenHandler" />
> > > </inHandlers>
> > >
> > > <outHandlers>
> > > <handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler"
/>
> > > <bean class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler"
> > > xmlns="">
> > > <property name="properties">
> > > <props>
> > > <prop key="action">Encrypt Signature</prop>
> > > <prop
> > >
key="encryptionPropFile">META-INF/xfire/server_outsecurity_enc.properties</prop>
> > > <prop
> > >
key="signaturePropFile">META-INF/xfire/server_outsecurity_sign.properties</prop>
> > > <prop
> > > key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop>
> > > </props>
> > > </property>
> > > </bean>
> > > </outHandlers>
> > > <properties>
> > > <property key="mtom-enabled">true</property>
> > > </properties>
> > > </service>
> > >
> > > and in the the client:
> > >
> > > properties.setProperty(WSHandlerConstants.ACTION,
> > > WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE + " "
> > > + WSHandlerConstants.USERNAME_TOKEN);
> > > // set user used to encrypt message
> > > properties.setProperty(WSHandlerConstants.ENCRYPTION_USER,
> > > "serveralias");
> > >
> > > //sender username for signature
> > > properties.setProperty(WSHandlerConstants.USER, "client-344-839");
> > >
> > > // Configuration of public key used to encrypt message goes to
> > > properties file.
> > > properties.setProperty(WSHandlerConstants.ENC_PROP_FILE,
> > >
> > > "org/codehaus/xfire/client/outsecurity_enc.properties");
> > >
> > > //properties file for signature
> > > properties.setProperty(WSHandlerConstants.SIG_KEY_ID,
"IssuerSerial");
> > > properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,
> > > "org/codehaus/xfire/client/outsecurity_sign.properties");
> > >
> > > // Specyfy callback class to retrive passwords
> > > properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
> > > PasswordHandler.class
> > > .getName());
> > >
> > >
> > > An error occurs:
> > >
> > > MIT: 345281 [http-8585-Processor23] INFO
> > > org.codehaus.xfire.handler.DefaultFaultHandler - Fault occurred!
> > > org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security
> > > processing failed(actions mismatch)
> > > at
org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:239)
> > > at
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
> > > at
org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
> > > at
org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
> > > at
org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:278)
> > > at
org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:130)
> > > at
org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> > > at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> > > at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> > > at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> > > at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> > > at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> > > at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> > > at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> > > at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> > > at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> > > at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> > > at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> > > at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> > > at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> > > at java.lang.Thread.run(Thread.java:595)
> > >
> > > The configuration is symetric. Is there an easy way to know what is the
problem?
> > >
> > > Thanks in advance,
> > > António Lourinho
> > >
> > > On 1/15/07, Tomek Sztelak <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > Is there any example of signature+cypher both ways available
(WS-Security)?
> > > > >
> > > >
> > > > No, but configurations of client and server are symmtric, so you can
> > > > just use example of signature + encryption and copy configuration on
> > > > other side.
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe from this list please visit:
> > > >
> > > > http://xircles.codehaus.org/manage_email
> > > >
> > > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this list please visit:
> >
> > http://xircles.codehaus.org/manage_email
> >
> >
>
>
> --
> -----
> When one of our products stops working, we'll blame another vendor
> within 24 hours.
>
> ---------------------------------------------------------------------
> To unsubscribe from this list please visit:
>
> http://xircles.codehaus.org/manage_email
>
>
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
