> Yes, It's quite exactly what we do. We have a component
> "delegate port"
> that add security and custom headers to the outgoing messages
> and another called "application port" that check (calling
> authorization
> module) and then remove the WSS header. The only difference
> is that we use WSDoAllSender and WSDoAllReceiver
> programmatically because we have only one Axis service for a
> port type and an external XML configuration file for every
> "delegate" and "application" ports.
>
Hello Luciano,
I have considered implementing this programmatically, but have resisted
since I'd like to do everything through the configuration files.
If there is no other way to accomplish this, then I will switch to using
the APIs.
> > This does not appear to work correctly with version 1.1.0.
> > Does anyone know if this has been corrected in a later version?
>
> Can you better explain the problem, send you configuration
> files? We are now using 1.5.0 but it worked also with 1.1.0
>
Sure. My deploy.wsdd file is:
<deployment
xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<!-- Services from WSSEchoService WSDL service -->
<service name="WSSEchoPort" provider="java:RPC" style="document"
use="literal"
>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="action" value="Encrypt Signature"/>
<parameter name="signaturePropFile"
value="crypto.properties"/>
<parameter name="signatureKeyIdentifier"
value="DirectReference"/>
<parameter name="samlPropFile" value="saml.properties"/>
<parameter name="user" value="wsstest"/>
<parameter name="encryptionUser" value="wsstest"/>
<parameter name="encryptionPropFile"
value="wsstest.properties"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
</handler>
</requestFlow>
<parameter name="wsdlTargetNamespace"
value="http://example.com/WSSEcho"/>
<parameter name="wsdlServiceElement" value="WSSEchoService"/>
<parameter name="schemaUnqualified"
value="http://example.com/WSSEcho"/>
<parameter name="wsdlServicePort" value="WSSEchoPort"/>
<parameter name="className"
value="wss.test.echo.WSSEchoSoapBindingImpl"/>
<parameter name="wsdlPortType" value="WSSEchoPortType"/>
<parameter name="typeMappingVersion" value="1.2"/>
<operation name="generateEcho" qname="GenerateEcho"
returnQName="retNS:Ech
oReply" xmlns:retNS="http://example.com/WSSEcho";
returnType="rtns:>EchoReply" xm
lns:rtns="http://example.com/WSSEcho"; soapAction="" >
<parameter qname="pns:EchoRequest"
xmlns:pns="http://example.com/WSSEcho
" type="tns:>EchoRequest" xmlns:tns="http://example.com/WSSEcho"/>
</operation>
<parameter name="allowedMethods" value="generateEcho"/>
<typeMapping
xmlns:ns="http://example.com/WSSEcho";
qname="ns:>EchoReply"
type="java:wss.test.echo.EchoReply"
serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"
deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"
encodingStyle=""
/>
<typeMapping
xmlns:ns="http://example.com/WSSEcho";
qname="ns:>EchoRequest"
type="java:wss.test.echo.EchoRequest"
serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"
deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"
encodingStyle=""
/>
</service>
</deployment>
There is no client_deploy.wsdd file being used as I am sending the
initial request to the server via clear text. However, if I use a
client_deploy.wsdd file, the results are the same (e.g. MustUnderstand
exception).
> This error generally means that Axis is receiving a SOAP
> header it can't understand, for example a WSS header. For
> instance, as we are using WSDoAllReceiver programmatically,
> it will be called after Axis intercept the message, and to
> avoid the MustUnderstand error I had to create an Axis
> handler to say Axis the header was already "processed" (even
> if it'snt true)
>
Interesting. I've not run across that situation yet, but I also haven't
done anything programmatically.
> Can you post you server-config.wsdd. How did you define in
> it, your server is also a client?
>
The relevant portion of the server-config.wsdd file is:
<service name="WSSEchoPort" provider="java:RPC" style="document"
use="literal">
<operation name="generateEcho" qname="GenerateEcho"
returnQName="ns1:EchoReply
" returnType="ns1:EchoReply" soapAction=""
xmlns:ns1="http://example.com/WSSEcho
">
<parameter qname="ns1:EchoRequest" type="ns1:EchoRequest"/>
</operation>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="user" value="wsstest"/>
<parameter name="signatureKeyIdentifier" value="DirectReference"/>
<parameter name="signaturePropFile" value="crypto.properties"/>
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="encryptionUser" value="wsstest"/>
<parameter name="samlPropFile" value="saml.properties"/>
<parameter name="action" value="Encrypt Signature"/>
<parameter name="encryptionPropFile" value="wsstest.properties"/>
</handler>
</requestFlow>
<parameter name="allowedMethods" value="generateEcho"/>
<parameter name="typeMappingVersion" value="1.2"/>
<parameter name="wsdlPortType" value="WSSEchoPortType"/>
<parameter name="className"
value="wss.test.echo.WSSEchoSoapBindingImpl"/>
<parameter name="wsdlServicePort" value="WSSEchoPort"/>
<parameter name="wsdlTargetNamespace"
value="http://example.com/WSSEcho"/>
<parameter name="wsdlServiceElement" value="WSSEchoService"/>
<parameter name="schemaUnqualified"
value="http://example.com/WSSEcho"/>
<typeMapping
deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactor
y" encodingStyle="" qname="ns2:>EchoReply"
serializer="org.apache.axis.encodi
ng.ser.BeanSerializerFactory" type="java:wss.test.echo.EchoReply"
xmlns:ns2="htt
p://example.com/WSSEcho"/>
<typeMapping
deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactor
y" encodingStyle="" qname="ns3:>EchoRequest"
serializer="org.apache.axis.enco
ding.ser.BeanSerializerFactory" type="java:wss.test.echo.EchoRequest"
xmlns:ns3=
"http://example.com/WSSEcho"/>
</service>
The above mods were added using the java
org.apache.axis.client.AdminClient functionality (after tomcat is
successfully running) by submitting the deploy.wsdd file above.
Yes, my server can become a client to another web service. However,
even when it no longer has the ability to become a client, the
MustUnderstand exception is still being thrown.
It would appear that if you add the
java:org.apache.ws.axis.security.WSDoAllSender handler to a server
through a WSDD file, it causes the MustUnderstand exception when a
message is sent to it (this is true whether the message is clear text or
if the client has used WSS4J with an identical action).
If you see anything amiss, please let me know. I'll keep pounding on
this and maybe I'll upgrade to 1.5 as well. I'll post if I figure out
what is wrong.
Thanks for looking/helping me with this!
Regards,
Steven
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
