Hi Nate,
It seems that this fault happens in the server side. Can you
capture the SOAP response from the server and post it. It will contain
the exception details and the stack trace. Anyway as
you getting started with WS Security, I would recommend you to use WS
Security policy based configuration model. You can easily cater this
scenario in the security polciy based approach. Take a look at the
following policy which will suit you.
<wsp:Policy wsu:Id="SignUsernameToken"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>XXXX</ramp:user>
<ramp:encryptionUser>XXXXX</ramp:encryptionUser>
<ramp:passwordCallbackClass>XXXXX</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">xxxx.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">xxxx</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
thanks,
/nandana
On Fri, Mar 7, 2008 at 8:08 AM, Nate Roe <[EMAIL PROTECTED]> wrote:
> I am using Axis2 v1.3 and Rampart v1.3 on JBossAS v4.0.5 running on Java
> 1.6.0_03.
>
> I am learning to implement WS-Security. Both my service and my client run
> within the same JBoss server.
>
> I am trying to configure my client to sign outgoing messages. In the
> client's axis2.xml, I have the following snippet:
>
> <parameter name="OutflowSecurity">
> <action>
> <items>UsernameTokenSignature</items>
> <user>Client</user>
>
> <passwordCallbackClass>com.vegas.test.client.PasswordHandler</passwordCallbackClass>
> <signaturePropFile>WEB-INF/security.properties</signaturePropFile>
> <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
>
> <signatureParts>{content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</signatureParts>
> </action>
> </parameter>
>
> The client's security.properties looks like this:
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=nateroe
> org.apache.ws.security.crypto.merlin.file=WEB-INF/client.jks
>
> Meanwhile, the service's service.xml contains this snippet:
>
> <parameter name="InflowSecurity">
> <action>
> <items>UsernameTokenSignature</items>
> <passwordCallbackClass>
> com.vegas.test.PasswordHandler
> </passwordCallbackClass>
> <signaturePropFile>security.properties</signaturePropFile>
> </action>
> </parameter>
>
> And the service's security.properties is like so:
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=nateroe
> org.apache.ws.security.crypto.merlin.file=service.jks
>
> My password handlers are both implemented. The keystores are both in the
> classpath (I had different errors before I fixed that problem.)
>
> When my client calls the service, I get the following exception:
>
> 18:18:16,926 ERROR [STDERR] org.apache.axis2.AxisFault: WSDoAllReceiver:
> security processing failed
> 18:18:16,926 ERROR [STDERR] at
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
> 18:18:16,926 ERROR [STDERR] at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
> 18:18:16,926 ERROR [STDERR] at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
> 18:18:16,926 ERROR [STDERR] at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
> 18:18:16,926 ERROR [STDERR] at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> 18:18:16,942 ERROR [STDERR] at
> com.vegas.test.client.DoCalculateStub.add(DoCalculateStub.java:925)
> 18:18:16,942 ERROR [STDERR] at
> com.vegas.test.client.SoapTestClient.processSOAP(SoapTestClient.java:113)
> 18:18:16,942 ERROR [STDERR] at
> com.vegas.test.client.SoapTestClient.doPost(SoapTestClient.java:93)
> 18:18:16,942 ERROR [STDERR] at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> 18:18:16,942 ERROR [STDERR] at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
> 18:18:16,942 ERROR [STDERR] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> 18:18:16,942 ERROR [STDERR] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> 18:18:16,942 ERROR [STDERR] at
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
> 18:18:16,942 ERROR [STDERR] at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
> 18:18:16,942 ERROR [STDERR] at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> 18:18:16,957 ERROR [STDERR] at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> 18:18:16,957 ERROR [STDERR] at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> 18:18:16,957 ERROR [STDERR] at
> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
> 18:18:16,957 ERROR [STDERR] at
> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
> 18:18:16,957 ERROR [STDERR] at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> 18:18:16,957 ERROR [STDERR] at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> 18:18:16,957 ERROR [STDERR] at
> org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
> 18:18:16,957 ERROR [STDERR] at
> org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn.invoke(ClusteredSingleSignOn.java:637)
> 18:18:16,957 ERROR [STDERR] at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> 18:18:16,957 ERROR [STDERR] at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> 18:18:16,973 ERROR [STDERR] at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> 18:18:16,973 ERROR [STDERR] at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> 18:18:16,973 ERROR [STDERR] at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> 18:18:16,973 ERROR [STDERR] at
> org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
> 18:18:16,973 ERROR [STDERR] at java.lang.Thread.run(Thread.java:619)
>
>
> I'm not sure how to figure out why this is happening. I turned the log
> level up to DEBUG, but this didn't reveal any further information.
>
> Have I misconfigured something? How can I learn what security processing is
> failed (and thus learn the root of the problem?)
>
> Thanks,
> Nate Roe
>
--
Nandana Mihindukulasooriya
Software Engineer
WSO2 inc.
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
