Werner,
Thanks for the tip. Now I have another problem. The engine don't signate a part
of the message. It stops with a Exception shown at the bottom of the Mail.
.NET with wse2.0 sp3 uses signature based on usernametoken for the
"wsa:Action", "wsa:MessageID", "wsa:ReplayTo", "wsa:To", "wsu:Timestamp" and
the "soap:Body wsu:Id" elements. I began with Timestamp, but it downs't work.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSDoAllSender: Error during Signatur with UsernameToken
secretorg.apache.ws.security.WSSecurityException: General security error
(WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd,
Timestamp)
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:WSDoAllSender: Error during
Signatur with UsernameToken secretorg.apache.ws.security.WSSecurityException:
General security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign
not found:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd,
Timestamp)
at
org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction(WSDoAllSender.java:512)
at
org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:336)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
at org.apache.axis.client.Call.invoke(Call.java:2748)
at org.apache.axis.client.Call.invoke(Call.java:2424)
at org.apache.axis.client.Call.invoke(Call.java:2347)
at org.apache.axis.client.Call.invoke(Call.java:1804)
at
net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterfaceStub.java:284)
at net.weg.service.client.main(client.java:95)
{http://xml.apache.org/axis/}hostname:brjgsd181091
WSDoAllSender: Error during Signatur with UsernameToken
secretorg.apache.ws.security.WSSecurityException: General security error
(WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd,
Timestamp)
at
org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction(WSDoAllSender.java:512)
at
org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:336)
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
at org.apache.axis.client.Call.invoke(Call.java:2748)
at org.apache.axis.client.Call.invoke(Call.java:2424)
at org.apache.axis.client.Call.invoke(Call.java:2347)
at org.apache.axis.client.Call.invoke(Call.java:1804)
at
net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterfaceStub.java:284)
at net.weg.service.client.main(client.java:95)
Here is my .wsdd-File:
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<globalConfiguration >
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameTokenSignature
Timestamp" />
<parameter name="passwordCallbackClass"
value="net.weg.service.PWCallback" />
<parameter name="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Timestamp";
/>
</handler>
</requestFlow>
</globalConfiguration>
<transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local"
pivot="java:org.apache.axis.transport.local.LocalSender"/>
</deployment>
Any idea?
Thanks!!!
Steve
-----Mensagem original-----
De: Werner Dittmann [mailto:[EMAIL PROTECTED]
Enviada em: sábado, 2 de julho de 2005 07:42
Para: Steve Behrendt
Cc: [email protected]
Assunto: Re: RES: How to configure UsernameTokenSignature
Steve,
just remove the action that you don't want from the scenarios, e.g
the encrypt.
On the Callback problem: as the deployment setup overwrights the
progeamatic setup the "passwordCallbackClass parameter"
will be used by the handler. As I can see you define a java
source file here - not a class. pls check your setup and fix
it.
Regards,
Werner
Steve Behrendt schrieb:
> Werner,
>
>
>>AFAIK the Secnario 3a (or 2a?) of the interop scenarios
>>show ho to use the stuff.
>
>
> The Problem is that the stuff is only shown with encryption etc. But I only
> want to use a signature base on the UsernameToken - for an implementation
> with Microsoft .NET.
> But when I call the method of the service, the handler
> (PasswordCallBackHandler) is not passed.
>
> My Handler:
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/";
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
>
> <globalConfiguration >
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="UsernameTokenSignature"
> />
> <parameter name="passwordCallbackClass"
> value="net.weg.service.PWCallback.java" />
> </handler>
> </requestFlow>
> </globalConfiguration>
>
> <transport name="java"
> pivot="java:org.apache.axis.transport.java.JavaSender"/>
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <transport name="local"
> pivot="java:org.apache.axis.transport.local.LocalSender"/>
>
> </deployment>
>
> and thats a part of my client:
>
> PWCallback pwCallback = new PWCallback();
> ServiceInterfaceStub axisPort = (ServiceInterfaceStub)service;
>
> axisPort._setProperty(WSHandlerConstants.USER, usuario); //fixe
> o usuario
>
> axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,pwCallback); //fixe
> a classe //do handler
>
> The Message is sent, but hasn't a Header with the UsenameToken or the
> Signature.
>
>
> For a little bit of help,
> i'm very gratefully.
>
> STEVE
>
>
> -----Mensagem original-----
> De: Dittmann, Werner [mailto:[EMAIL PROTECTED]
> Enviada em: quarta-feira, 29 de junho de 2005 11:33
> Para: Steve Behrendt; [email protected]
> Assunto: AW: How to configure UsernameTokenSignature
>
>
> Steve,
>
> AFAIK the Secnario 3a (or 2a?) of the interop scenarios
> show ho to use the stuff.
>
> We've not fully tested interop with Microsoft or others.
>
> Regards,
> Werner
>
>
>>-----Ursprüngliche Nachricht-----
>>Von: Steve Behrendt [mailto:[EMAIL PROTECTED]
>>Gesendet: Mittwoch, 29. Juni 2005 14:36
>>An: [email protected]
>>Betreff: RES: How to configure UsernameTokenSignature
>>
>>
>>Hi,
>>
>>Is there now an existing implementation of the
>>UsernameTokenSignature "Problem"?
>>Because my implementation is using only a UsernameToken and I
>>want to implement more security, but without using keys.
>>
>>Greets,
>>Steve
>>
>>-----Mensagem original-----
>>De: Davanum Srinivas [mailto:[EMAIL PROTECTED]
>>Enviada em: terça-feira, 21 de junho de 2005 10:53
>>Para: Dittmann, Werner
>>Cc: Granqvist, Hans; [email protected]
>>Assunto: Re: How to configure UsernameTokenSignature
>>
>>
>>Hi Werner,
>>
>>updated the specs directory. Please take a look and let me know if you
>>need something else.
>>
>>-- dims
>>
>>On 6/21/05, Dittmann, Werner <[EMAIL PROTECTED]> wrote:
>>
>>>Hans,
>>>
>>>are the drafts publicly available? Can't find
>>>them on the OASIS WSS pages.
>>>
>>>Regards,
>>>Werner
>>>
>>>
>>>>-----Ursprüngliche Nachricht-----
>>>>Von: Granqvist, Hans [mailto:[EMAIL PROTECTED]
>>>>Gesendet: Montag, 20. Juni 2005 17:31
>>>>An: [email protected]
>>>>Betreff: RE: How to configure UsernameTokenSignature
>>>>
>>>>
>>>>
>>>>><quote>
>>>>>The Username Token profile does not currently define a key
>>>>>derivation algorithm. The OASIS WSS TC is expected to address
>>>>>this issue in a subsequent specification. </quote>
>>>>
>>>>The latest (March 2005 and onward) WSS 1.1 draft of the
>>>>UsernameToken profile defines key derivation in section 4.
>>>>
>>>>Hans
>>>>
>>>
>>
>>--
>>Davanum Srinivas -http://blogs.cocoondev.org/dims/
>>
>
>
