Re: AW: Setting the username token dynamically at runtime

Tue, 24 May 2005 08:54:50 -0700 

I get the impression that many people are trying to do the same thing I am:
Implement web service security using the UsernameToken and then rely on transport security to hide the cleartext password. This approach is simple and analogous to other widely used services.
.NET and Bea support this type of basic functionality, and this may be where WSS4J users are getting confused with the slightly different approach for the basic UsernameToken with Axis+WSS4J. It seems that it would be feasible to add the password text (or digest) to the UsernameToken programatically (already able to add the text of the username), and then continue down the Axis pipeline. 

Matt Pavlovich

Dittmann Werner wrote:


Hi,

First of all I would emphasize that WSS4J falls into two parts

- one part that is (should be) independent of Axis or any other
 SOAP implementation. This part handles all the necessary
 signing, encryption, certificate stuff. This part makes heavy
 use of the Apache XML security lib (xmlsec), also quite some DOM
is involved because WSS4J needs to re-create the SOAP message that was created by Axis (or another SOAP implementation) firsthand. 

- the second part consists of Axis (also a JAX-RPC) handlers that
 plugin into the message path both on the client and the server
side. These handlers use the functions of the independent part of WSS4J to get the sign/encyrption done. 

Thus the message flow is as follows (client part):

Axis kernel  --> WSS4J specific Axis handler --> WSS4J security modules --> wire
Between the Axis kernel and the WSS4J Axis handler there may be some other handlers. It is however necessary that the WSS4J handler 
is the last one in the chain because after WSS handling the
message _must_ not be altered if the message was signed (at least
those parts which were signed must not be chanaged). Also it is
somewhat difficult to modify the message after it was encrypted.

The message flow at the receiver is mirrored (WSS4J shall be the
first handler in the chain). 
The use of handlers is part of the overall Axis concept and is
not specific to WSS4J. WSS4J just uses this concept. Thus if
you use Axis and WSS4J to sign/encrypt SOAP message then you
should be familiar with the Axis concepts how to use handlers
and their deployment. I'm not a specialist for this topic. Maybe
you can ask at the Axis user list how to set up an Axis client
fully dynamically without static deployment files if specific handlers are required. Again, this is not a WSS4J topic but an Axis topic. 

Regards,
Werner



-----Urspr�ngliche Nachricht-----
Von: Ashok Shah [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 24. Mai 2005 15:58 
An: Emanuel Haisiuc; [email protected]
Betreff: Re: Setting the username token dynamically at runtime
It looks like the WSDoAllReciever got the SOAP request and tried to process the security header, but the request didnt have any security header.
Make sure you deploy client side so that the WSDoAllSender is called to add the security header. Also you didnt specify the action property. 

Cheers,

--as
On Tue, 24 May 2005 15:56:05 +0300, Emanuel Haisiuc <[EMAIL PROTECTED]> wrote: 


Hello!
I'm a newbie with WSS4J. I'm going through the first 
tutorial, and I'm

trying to set the username token at runtime.
I've generated the stubs with WSDL2Java. Attached are the 2 
classes I've
made, beside the generated classes and interfaces. I'm 
trying to connect
to the StockQuoteService web service. Running the example 
with external

config file works fine. But running the client using the dynamical
setting of the username return the following message:

Exception in thread "main" AxisFault
faultCode:
{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllReceiver: Request does not contain required
Security header
faultActor:
faultNode:
faultDetail:
       {http://xml.apache.org/axis/}hostname:manu.rogrid.pub.ro

WSDoAllReceiver: Request does not contain required Security header
       at


org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFault
Builder.java:221)

       at


org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultB
uilder.java:128)

       at


org.apache.axis.encoding.DeserializationContext.endElement(Des
erializationContext.java:1087)

       at


org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)

       at


org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown

Source)
       at


org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$Fragment
ContentDispatcher.dispatch(Unknown

Source)
       at


org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocu
ment(Unknown

Source)
at 
org.apache.xerces.parsers.XML11Configuration.parse(Unknown

Source)
at 
org.apache.xerces.parsers.XML11Configuration.parse(Unknown

Source)
       at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at
org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown 
Source)
       at javax.xml.parsers.SAXParser.parse(SAXParser.java:375)
       at


org.apache.axis.encoding.DeserializationContext.parse(Deserial
izationContext.java:227)
at 
org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)

       at org.apache.axis.Message.getSOAPEnvelope(Message.java:424)
       at


org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(Mus
tUnderstandChecker.java:62)
at 
org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)

       at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
       at org.apache.axis.client.Call.invoke(Call.java:2748)
       at org.apache.axis.client.Call.invoke(Call.java:2424)
       at org.apache.axis.client.Call.invoke(Call.java:2347)
       at org.apache.axis.client.Call.invoke(Call.java:1804)
       at


samples.stock.client.StockWss01SoapBindingStub.getQuote(StockW
ss01SoapBindingStub.java:106)

       at


samples.stock.client.StockServiceClient.main(StockServiceClien
t.java:61)

Can anyone help me?

Thank you a lot!

Best regards,
Emanuel Haisiuc



--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/

Reply via email to