Re: Axis2/Java 1.5.1 and Rampart

Tue, 10 Nov 2009 05:10:40 -0800 

Please create a JIRA on the issue.
Alternatively you can attach the policy file to the client to get the expected results. 

Thanks & regards.
-Prabath

SGE0 wrote:

Hi, 


we have following services.xml file (part):

<service name="Upload" scope="application">
     ...

        <module ref="rampart" />
<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=

   
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";

    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:SupportingTokens

         
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>

        <wsp:Policy>
          <sp:UsernameToken sp:IncludeToken=

             
"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
             
            <wsp:Policy>

              <sp:HashPassword/>
            </wsp:Policy>

           
          </sp:UsernameToken>

        </wsp:Policy>
      </sp:SupportingTokens>

      <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>

       
<ramp:passwordCallbackClass>...security.PWCBHandler</ramp:passwordCallbackClass>

      </ramp:RampartConfig>

    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>
</service>



When we generate  the client stub with Java2WSDL we see that the 
            <wsp:Policy>

              <sp:HashPassword/>
            </wsp:Policy>

is not correctly generated. 


When we look at the populateAxisService method in the generated stub we see:

  private void populateAxisService() throws org.apache.axis2.AxisFault {

...

	    
	   
(__operation).getMessage(org.apache.axis2.wsdl.WSDLConstants.MESSAGE_LABEL_OUT_VALUE).getPolicySubject().attachPolicy(getPolicy("<wsp:Policy

xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\";><wsp:ExactlyOne><wsp:All><sp:SupportingTokens
xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\";><wsp:Policy><sp:UsernameToken
xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\";
sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\";
/></wsp:Policy></sp:SupportingTokens><sp:SupportingTokens
xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\";><wsp:Policy><sp:UsernameToken
xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\";
sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\";
/></wsp:Policy></sp:SupportingTokens></wsp:All></wsp:ExactlyOne></wsp:Policy>"));

	    
...    
        
        }



The result is that we can send over a plain text userid/pwd but not a hashed
password.

Anyone experiencing the same problem ?

S.

  
























					Reply via email to