somewhere in your client code you have a reqest for a security token
Token responseToken = stsClient.requestSecurityToken(loadPolicy("policy.xml"),
"http://localhost:8080/axis2/services/STS";, loadPolicy("sts_policy.xml"), null);
as the policy.xml is located locally we can examine the namespace assignments
from policy.xml
<wsp:Policy wsu:Id="SgnOnlyAnonymous"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:IssuedToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<Issuer
xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<Address
xmlns="http://www.w3.org/2005/08/addressing";>http://localhost:8080/axis2/services/STS</Address>
</Issuer>
<sp:RequestSecurityTokenTemplate>
<t:TokenType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
<t:KeyType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
<t:KeySize
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>256</t:KeySize>
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
</wsp:Policy>
</sp:SupportingTokens>
<sp:SignedParts>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Body/>
</sp:SignedParts>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
notice the namespace assignment for the encompassing Policy element is
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
if we looked at the policy.xml you are referencing in client code would we see
a non-null namespace assignment?
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
Subject: issue with Rampart
Date: Fri, 26 Oct 2012 05:49:58 -0500
From: [email protected]
To: [email protected]
Hi I am facing this error on client side.
Not able to invoke Rampart correctly
My policy is attached herewith .
I am using Rampart 1.6.0 and Axis2 version 1.5
I am runing it on IBM Websphere 7 and getting this error
[10/22/12 2:41:32:909 CDT] 00000033
SystemErr R java.lang.RuntimeException: Undefined
'Security policy namespace cannot be null.' resource property
[10/22/12 2:41:32:910 CDT] 00000033
SystemErr R at
org.apache.rampart.RampartException.getMessage(RampartException.java:81)
[10/22/12 2:41:32:910 CDT] 00000033
SystemErr R at
org.apache.rampart.RampartException.<init>(RampartException.java:41)
[10/22/12 2:41:32:910 CDT] 00000033
SystemErr R at
org.apache.rampart.RampartException.<init>(RampartException.java:57)
[10/22/12 2:41:32:911 CDT] 00000033
SystemErr R at
org.apache.rampart.RampartMessageData.setWSSecurityVersions(RampartMessageData.java:373)
[10/22/12 2:41:32:911 CDT] 00000033
SystemErr R at
org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:261)
[10/22/12 2:41:32:911 CDT] 00000033
SystemErr R at
org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61)
[10/22/12 2:41:32:911 CDT] 00000033
SystemErr R at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
[10/22/12 2:41:32:911 CDT] 00000033
SystemErr R at
org.apache.axis2.engine.Phase.invoke(Phase.java:318)
[10/22/12 2:41:32:911 CDT] 00000033
SystemErr R at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:347)
[10/22/12 2:41:32:912 CDT] 00000033
SystemErr R at
org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:512)
[10/22/12 2:41:32:912 CDT] 00000033
SystemErr R at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)
[10/22/12 2:41:32:912 CDT] 00000033
SystemErr R at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
[10/22/12 2:41:32:912 CDT] 00000033 SystemErr
R at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
[10/22/12 2:41:32:912 CDT] 00000033
SystemErr R at
searchregionplanmediation.searchregionplan.SearchRegionPlanExport_SearchRegionPlanHttpServiceStub.searchRegionPlan(SearchRegionPlanExport_SearchRegionPlanHttpServiceStub.java:190)
[10/22/12 2:41:32:912 CDT] 00000033
SystemErr R at
com.uhg.uhc.employerportal.transactions.gps.esb.serviceimpl.SearchRegionPlanService.prepareSearchRegionPlanResponse(SearchRegionPlanService.java:139)
[10/22/12 2:41:32:913 CDT] 00000033
SystemErr R at
com.uhg.uhc.employerportal.transactions.gps.esb.serviceimpl.SearchRegionPlanService.getSearchRegionPlan(SearchRegionPlanService.java:110)
[10/22/12 2:41:32:913 CDT] 00000033
SystemErr R at
com.uhg.uhc.employerportal.transactions.gps.GPSSearchRegionPlan.invoke(GPSSearchRegionPlan.java:165)
[10/22/12 2:41:32:913 CDT] 00000033
SystemErr R at
com.uhg.uhc.employerportal.transactions.tools.AuditService.doAudit(AuditService.java:361)
Is it a bug in Rampart or some compatibility issue with
Websphere 7.5???
Regards
Anurag Sahni
This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
