I'm using wso2 for axis2 spring support: pom.xml (extract)
<dependency> <groupId>org.apache.rampart</groupId> <artifactId>rampart-core</artifactId> <version>1.4</version> </dependency> <dependency> <groupId>org.apache.axis2</groupId> <artifactId>axis2-kernel</artifactId> <version>1.4.1</version> </dependency> <dependency> <groupId>org.wso2.spring.ws</groupId> <artifactId>wsf-spring</artifactId> <version>1.5</version> </dependency> applicationContext.xml <!-- creamos un bean para la clase segura --> <bean id="emrauthws" class="pe.gob.hndac.ws.EmrServiceAuthImpl" /> <bean id="emrAuthService" class="org.wso2.spring.ws.SpringWebService"> <property name="serviceBean" ref="emrauthws"></property> <property name="serviceName" value="emrAuthWs"></property> <property name="serviceDescription" value="Provee de metodos para acceder a informacion detallada."></property> <property name="modules"> <list> <value>rampart</value> </list> </property> <property name="policyFiles"> <list> <!-- <value>policyNoSSL.xml</value> --> <value>policy.xml</value> </list> </property> <!-- Si incluimos un metodo que no le pertenece al bean que se expondra este se muestra en el wsdl <property name="operations"> <list> <ref local="operation" /> </list> </property> --> </bean> </list> </property> </bean> policy.xml <wsp:Policy wsu:Id="UsernameTokenOverHTTPS" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false" /> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256 /> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax /> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp /> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" /> </wsp:Policy> </sp:SignedSupportingTokens> <ramp:RampartConfig xmlns:ramp=" http://ws.apache.org/rampart/policy"> <ramp:passwordCallbackClass>pe.gob.hndac.ldap.PasswordCallbackHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> with rampart-1.3.mar in the classpath, after all, what is content-type action attribute for? On Wed, Oct 21, 2009 at 1:33 AM, Amila Suriarachchi < amilasuriarach...@gmail.com> wrote: > what is the axis2 version you use? > > thanks, > Amila. > > > On Tue, Oct 20, 2009 at 7:10 PM, Jaime Hablutzel Egoavil < > hablutz...@gmail.com> wrote: > >> Hi, I'm a newbie in web services and security, I'm using wso2 as an axis2 >> wrapper for making working with Spring easier, well >> >> I have published a service that requires user token authentication and SSL >> transport using this policy: >> >> <wsp:Policy wsu:Id="UsernameTokenOverHTTPS" >> xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> " >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> >> <wsp:ExactlyOne> >> <wsp:All> >> <sp:TransportBinding >> xmlns:sp=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> >> <wsp:Policy> >> <sp:TransportToken> >> <wsp:Policy> >> <sp:HttpsToken >> RequireClientCertificate="false" /> >> </wsp:Policy> >> </sp:TransportToken> >> <sp:AlgorithmSuite> >> <wsp:Policy> >> <sp:Basic256 /> >> </wsp:Policy> >> </sp:AlgorithmSuite> >> <sp:Layout> >> <wsp:Policy> >> <sp:Lax /> >> </wsp:Policy> >> </sp:Layout> >> <sp:IncludeTimestamp /> >> </wsp:Policy> >> </sp:TransportBinding> >> <sp:SignedSupportingTokens >> xmlns:sp=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> >> <wsp:Policy> >> <sp:UsernameToken >> sp:IncludeToken=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" >> /> >> </wsp:Policy> >> </sp:SignedSupportingTokens> >> <ramp:RampartConfig xmlns:ramp=" >> http://ws.apache.org/rampart/policy"> >> >> <ramp:passwordCallbackClass>pe.gob.hndac.ldap.PasswordCallbackHandler</ramp:passwordCallbackClass> >> </ramp:RampartConfig> >> </wsp:All> >> </wsp:ExactlyOne> >> </wsp:Policy> >> >> If i send this request (sniffed with TCPmon) >> >> POST >> http://172.17.0.24:8080/emrws/services/emrAuthWs.emrAuthWsHttpSoap12Endpoint/HTTP/1.1 >> User-Agent: Axis2C/1.5.0 >> Content-Type: application/soap+xml;charset=UTF-8 >> ;action="urn:getPatientDetails" >> Host: 172.17.0.24:8080 >> Content-Length: 310 >> >> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" >> xmlns:ws="http://ws.hndac.gob.pe"> >> <soap:Header/> >> <soap:Body> >> <ws:getPatientDetails> >> <!--Optional:--> >> <ws:identificador>12</ws:identificador> >> </ws:getPatientDetails> >> </soap:Body> >> </soap:Envelope> >> >> I receive this answer: >> >> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope >> "> >> <soapenv:Body> >> <soapenv:Fault xmlns:axis2ns19=" >> http://www.w3.org/2003/05/soap-envelope"> >> <soapenv:Code> >> <soapenv:Value>axis2ns19:Sender</soapenv:Value> >> <soapenv:Subcode> >> <soapenv:Value xmlns:wsse=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> ">wsse:InvalidSecurity</soapenv:Value> >> </soapenv:Subcode> >> </soapenv:Code> >> <soapenv:Reason> >> <soapenv:Text xml:lang="en-US">Missing wsse:Security header >> in request</soapenv:Text> >> </soapenv:Reason> >> <soapenv:Detail/> >> </soapenv:Fault> >> </soapenv:Body> >> </soapenv:Envelope> >> >> >> Ok, this is an axis fault, it is ok, but if I send: >> >> POST >> http://172.17.0.24:8080/emrws/services/emrAuthWs.emrAuthWsHttpSoap12Endpoint/HTTP/1.1 >> User-Agent: Axis2C/1.5.0 >> Content-Length: 294 >> Content-Type: application/soap+xml;charset=UTF-8 >> Host: 172.17.0.24:8080 >> >> <soapenv:Envelope >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"><soapenv:Header/><soapenv:Body><ws:getPatientDetails >> xmlns:ws="http://ws.hndac.gob.pe"> >> <!--Optional:--> >> <ws:identificador>12</ws:identificador> >> </ws:getPatientDetails></soapenv:Body></soapenv:Envelope> >> >> Note the missing action attribute in the http content-type header, I >> receive this answer: >> >> HTTP/1.1 200 OK >> Server: Apache-Coyote/1.1 >> Content-Type: application/soap+xml; >> action="urn:getPatientDetailsResponse";charset=UTF-8 >> Transfer-Encoding: chunked >> Date: Tue, 20 Oct 2009 13:30:41 GMT >> >> 641 >> <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv=" >> http://www.w3.org/2003/05/soap-envelope"><soapenv:Header> >> <wsse:Security xmlns:wsse=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >> soapenv:mustUnderstand="true"><wsu:Timestamp xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >> wsu:Id="Timestamp-16078681"><wsu:Created>2009-10-20T13:30:41.184Z</wsu:Created><wsu:Expires>2009-10-20T13:35:41.184Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header><soapenv:Body><ns:getPatientDetailsResponse >> xmlns:ns="http://ws.hndac.gob.pe"><ns:return xmlns:ax23="http://model/xsd" >> type="model.Paciente"><ax23:apellidoMaterno>ALFARO</ax23:apellidoMaterno><ax23:apellidoPaterno>SAENZ</ax23:apellidoPaterno><ax23:direccion >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" >> /><ax23:documentoIdentidad xmlns:xsi=" >> http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" >> /><ax23:fechaAdmision xmlns:xsi=" >> http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" >> /><ax23:fechaNacimiento>1957-08-16T05:00:00.000Z</ax23:fechaNacimiento><ax23:identificador>12</ax23:identificador><ax23:nombres>CARMEN >> ROSA</ax23:nombres><ax23:sexo>F</ax23:sexo><ax23:telefono xmlns:xsi=" >> http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" >> /><ax23:ubigeoNacimiento xmlns:xsi=" >> http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" >> /><ax23:ubigeoResidencia xmlns:xsi=" >> http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" >> /></ns:return></ns:getPatientDetailsResponse></soapenv:Body></soapenv:Envelope> >> 0 >> >> >> Auchh, without user authentication neither SSL transport :S >> >> -- >> Jaime Hablutzel >> >> (tildes omitidas intencionalmente) 9 8964 0369 >> > > > > -- > Amila Suriarachchi > WSO2 Inc. > blog: http://amilachinthaka.blogspot.com/ > -- Jaime Hablutzel (tildes omitidas intencionalmente) 9 8964 0369