Thanks for your advice, Nandana. Here is the SAOP response. Unfortunately, it doesn't seem to reveal greater detail:
<?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"; xmlns:wsa="http://www.w3.org/2005/08/addressing";> <soapenv:Header> <wsa:Action> urn:addException</wsa:Action> <wsa:RelatesTo> urn:uuid:39F4CCE4E72C7604A81204911799251</wsa:RelatesTo> </soapenv:Header> <soapenv:Body> <soapenv:Fault> <soapenv:Code> <soapenv:Value>soapenv:Receiver</soapenv:Value> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">WSDoAllReceiver: security processing failed</soapenv:Text> </soapenv:Reason> <soapenv:Detail /> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> I will look into the policy-based configuration model, but I would still like to see the reason for this fault. Thank you, Nate Roe -----Original Message----- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2008 8:08 PM To: [email protected] Subject: Re: "security processing failed" Hi Nate, It seems that this fault happens in the server side. Can you capture the SOAP response from the server and post it. It will contain the exception details and the stack trace. Anyway as you getting started with WS Security, I would recommend you to use WS Security policy based configuration model. You can easily cater this scenario in the security polciy based approach. Take a look at the following policy which will suit you. <wsp:Policy wsu:Id="SignUsernameToken" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:SignedParts> <sp:SignedSupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SignedSupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>XXXX</ramp:user> <ramp:encryptionUser>XXXXX</ramp:encryptionUser> <ramp:passwordCallbackClass>XXXXX</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">xxxx.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">xxxx</ramp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> thanks, /nandana On Fri, Mar 7, 2008 at 8:08 AM, Nate Roe <[EMAIL PROTECTED]> wrote: > I am using Axis2 v1.3 and Rampart v1.3 on JBossAS v4.0.5 running on Java > 1.6.0_03. > > I am learning to implement WS-Security. Both my service and my client run > within the same JBoss server. > > I am trying to configure my client to sign outgoing messages. In the > client's axis2.xml, I have the following snippet: > > <parameter name="OutflowSecurity"> > <action> > <items>UsernameTokenSignature</items> > <user>Client</user> > > <passwordCallbackClass>com.vegas.test.client.PasswordHandler</passwordCallbackClass> > <signaturePropFile>WEB-INF/security.properties</signaturePropFile> > <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier> > > <signatureParts>{content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</signatureParts> > </action> > </parameter> > > The client's security.properties looks like this: > > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.password=nateroe > org.apache.ws.security.crypto.merlin.file=WEB-INF/client.jks > > Meanwhile, the service's service.xml contains this snippet: > > <parameter name="InflowSecurity"> > <action> > <items>UsernameTokenSignature</items> > <passwordCallbackClass> > com.vegas.test.PasswordHandler > </passwordCallbackClass> > <signaturePropFile>security.properties</signaturePropFile> > </action> > </parameter> > > And the service's security.properties is like so: > > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.password=nateroe > org.apache.ws.security.crypto.merlin.file=service.jks > > My password handlers are both implemented. The keystores are both in the > classpath (I had different errors before I fixed that problem.) > > When my client calls the service, I get the following exception: > > 18:18:16,926 ERROR [STDERR] org.apache.axis2.AxisFault: WSDoAllReceiver: > security processing failed > 18:18:16,926 ERROR [STDERR] at > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486) > 18:18:16,926 ERROR [STDERR] at > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343) > 18:18:16,926 ERROR [STDERR] at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) > 18:18:16,926 ERROR [STDERR] at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211) > 18:18:16,926 ERROR [STDERR] at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > 18:18:16,942 ERROR [STDERR] at > com.vegas.test.client.DoCalculateStub.add(DoCalculateStub.java:925) > 18:18:16,942 ERROR [STDERR] at > com.vegas.test.client.SoapTestClient.processSOAP(SoapTestClient.java:113) > 18:18:16,942 ERROR [STDERR] at > com.vegas.test.client.SoapTestClient.doPost(SoapTestClient.java:93) > 18:18:16,942 ERROR [STDERR] at > javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > 18:18:16,942 ERROR [STDERR] at > javax.servlet.http.HttpServlet.service(HttpServlet.java:810) > 18:18:16,942 ERROR [STDERR] at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) > 18:18:16,942 ERROR [STDERR] at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) > 18:18:16,942 ERROR [STDERR] at > org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) > 18:18:16,942 ERROR [STDERR] at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) > 18:18:16,942 ERROR [STDERR] at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) > 18:18:16,957 ERROR [STDERR] at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) > 18:18:16,957 ERROR [STDERR] at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) > 18:18:16,957 ERROR [STDERR] at > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) > 18:18:16,957 ERROR [STDERR] at > org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) > 18:18:16,957 ERROR [STDERR] at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) > 18:18:16,957 ERROR [STDERR] at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) > 18:18:16,957 ERROR [STDERR] at > org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) > 18:18:16,957 ERROR [STDERR] at > org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn.invoke(ClusteredSingleSignOn.java:637) > 18:18:16,957 ERROR [STDERR] at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) > 18:18:16,957 ERROR [STDERR] at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) > 18:18:16,973 ERROR [STDERR] at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) > 18:18:16,973 ERROR [STDERR] at > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) > 18:18:16,973 ERROR [STDERR] at > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) > 18:18:16,973 ERROR [STDERR] at > org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) > 18:18:16,973 ERROR [STDERR] at java.lang.Thread.run(Thread.java:619) > > > I'm not sure how to figure out why this is happening. I turned the log > level up to DEBUG, but this didn't reveal any further information. > > Have I misconfigured something? How can I learn what security processing is > failed (and thus learn the root of the problem?) > > Thanks, > Nate Roe > -- Nandana Mihindukulasooriya Software Engineer WSO2 inc. http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/
