Just to verify how this policy would work... So if I use this policy, I can just tell soapUI to add a User Name Token with username "alice" and password "bobPW", and I should receive an echo back (using the service in the samples) in the response? However, when I do this, for some reason I receive and error. The RAW messages are reprinted below:
REQUEST: Host: 192.168.1.247:8080 Content-Length: 803 User-Agent: Jakarta Commons-HttpClient/3.0.1 Content-Type: application/soap+xml;charset=UTF-8;action="urn:echo" <soap:Envelope xmlns:sam="http://sample01.policy.samples.rampart.apache.org"; xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> <soap:Header> <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:UsernameToken wsu:Id="UsernameToken-10518016" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <wsse:Username>alice</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>bobPW</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> <sam:echo> <!--Optional:--> <sam:param0>?</sam:param0> </sam:echo> </soap:Body> </soap:Envelope> RESPONSE: HTTP/1.1 500 Internal Server Error Date: Tue, 15 Jul 2008 18:05:24 GMT Transfer-Encoding: chunked Connection: close Content-Type: application/soap+xml; action="http://www.w3.org/2005/08/addressing/soap/fault";charset=UTF-8 Server: Apache-Coyote/1.1 <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Body> <soapenv:Fault> <soapenv:Code> <soapenv:Value>soapenv:Receiver</soapenv:Value> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">java.lang.NoSuchMethodError: org.apache.ws.security.message.WSSecHeader.isEmpty(Lorg/w3c/dom/Document;)Z</soapenv:Text> </soapenv:Reason> <soapenv:Detail /> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> Thanks. =>RY -----Original Message----- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Mon 7/14/2008 8:01 AM To: [email protected] Subject: Re: Newbie Basics: Security Policy Hi Roxane, This is the policy to be used. Hope you know how to attach this policy to services.xml and to a client. Please go through the Rampart policy samples and you will be able to see how that is done. If you have further questions, please feel free to throw them in. regards, nandana <wsp:Policy wsu:Id="UT" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; /> </wsp:Policy> </sp:SupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>username</ramp:user> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> On Mon, Jul 14, 2008 at 11:53 PM, Roxanne Yee <[EMAIL PROTECTED]> wrote: > If I simply wanted to implement a web service that used a User Name Token > authentication system with a Username and Password in Plaintext (no SSL for > now, cause I'm a little sketchy on how to actually set that up), what would > I need to do if using the Policy handler configuration? > > Thanks. > > => RY >
