[
https://issues.apache.org/jira/browse/RAMPART-300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
cerbero updated RAMPART-300:
----------------------------
Description:
Rampart automaticaly tries to load an "Encryption user" if the security policy
defines the use of a UsernameToken with a AsymmetricBinding
I have a service implemented using Websphere Message Broker and I'm developing
an axis2 client for this service.
To use this service, the message's body must be signed, to sign the message I
created the following policy (based on rampart sample0le03):
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SupportingTokens>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<!--
<sp:RequireThumbprintReference /> -->
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<!-- <sp:IncludeTimestamp /> -->
<!-- <sp:OnlySignEntireHeadersAndBody
/> -->
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body />
</sp:SignedParts>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>client</ramp:user>
<ramp:userCertAlias>client</ramp:userCertAlias>
<!--
<ramp:encryptionUser>client</ramp:encryptionUser> -->
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/acbrasil/workspace/SMSJ27TesteXmlBeans/src/client.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">changeme</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
The problem is that rampart is trying to retrieve "Encryption user" to encrypt
the mesage, but I only wish sign the mesage.
org.apache.axis2.AxisFault: Encryption user not specified (The context is
created by the initiating party)
at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
org.example.www.echoservice.EchoServiceStub.send(EchoServiceStub.java:187)
at TesteSignOnly.main(TesteSignOnly.java:45)
Caused by: org.apache.rampart.RampartException: Encryption user not specified
(The context is created by the initiating party)
at
org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1254)
at
org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1242)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:536)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:95)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
... 8 more
the code works fine, the message is signed, if I take out the snippet:
<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SupportingTokens>
was:
Rampart automaticaly tries to load an "Encryption user" if the security policy
defines the use of a UsernameToken with a AsymmetricBinding
I have a service implemented using Websphere Message Broker and I'm developing
an axis2 client for this service.
To use this service, the message's body must be signed, to sign the message I
created the following policy (based on rampart sample0le03):
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SupportingTokens>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<!--
<sp:RequireThumbprintReference /> -->
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<!-- <sp:IncludeTimestamp /> -->
<!-- <sp:OnlySignEntireHeadersAndBody
/> -->
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body />
</sp:SignedParts>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>client</ramp:user>
<ramp:userCertAlias>client</ramp:userCertAlias>
<!--
<ramp:encryptionUser>client</ramp:encryptionUser> -->
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/acbrasil/workspace/SMSJ27TesteXmlBeans/src/client.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">changeme</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
The problem is that rampart is trying to retrieve "Encryption user" to encrypt
the mesage, but I only wish sign the mesage.
org.apache.axis2.AxisFault: Encryption user not specified (The context is
created by the initiating party)
at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
org.example.www.echoservice.EchoServiceStub.send(EchoServiceStub.java:187)
at TesteSignOnly.main(TesteSignOnly.java:45)
Caused by: org.apache.rampart.RampartException: Encryption user not specified
(The context is created by the initiating party)
at
org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1254)
at
org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1242)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:536)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:95)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
... 8 more
the code works fine if I take out the snippet:
<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SupportingTokens>
> Rampart automaticaly tries to load an "Encryption user" if the security
> policy defines the use of a UsernameToken with a AsymmetricBinding
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-300
> URL: https://issues.apache.org/jira/browse/RAMPART-300
> Project: Rampart
> Issue Type: Bug
> Environment: OS: Linux. Axis2, RAMPART 1.5
> Reporter: cerbero
> Assignee: Ruchith Udayanga Fernando
>
> Rampart automaticaly tries to load an "Encryption user" if the security
> policy defines the use of a UsernameToken with a AsymmetricBinding
> I have a service implemented using Websphere Message Broker and I'm
> developing an axis2 client for this service.
> To use this service, the message's body must be signed, to sign the message I
> created the following policy (based on rampart sample0le03):
> <?xml version="1.0" encoding="UTF-8"?>
> <wsp:Policy wsu:Id="SigOnly"
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
> />
> </wsp:Policy>
> </sp:SupportingTokens>
> <sp:AsymmetricBinding
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
>
> <sp:RequireThumbprintReference />
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> <wsp:Policy>
> <!--
> <sp:RequireThumbprintReference /> -->
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic128Rsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <!-- <sp:IncludeTimestamp /> -->
> <!-- <sp:OnlySignEntireHeadersAndBody
> /> -->
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> </wsp:Policy>
> </sp:Wss10>
> <sp:SignedParts
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body />
> </sp:SignedParts>
> <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy";>
> <ramp:user>client</ramp:user>
> <ramp:userCertAlias>client</ramp:userCertAlias>
> <!--
> <ramp:encryptionUser>client</ramp:encryptionUser> -->
>
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">/home/acbrasil/workspace/SMSJ27TesteXmlBeans/src/client.jks
> </ramp:property>
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.password">changeme</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> The problem is that rampart is trying to retrieve "Encryption user" to
> encrypt the mesage, but I only wish sign the mesage.
> org.apache.axis2.AxisFault: Encryption user not specified (The context is
> created by the initiating party)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> at
> org.example.www.echoservice.EchoServiceStub.send(EchoServiceStub.java:187)
> at TesteSignOnly.main(TesteSignOnly.java:45)
> Caused by: org.apache.rampart.RampartException: Encryption user not specified
> (The context is created by the initiating party)
> at
> org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1254)
> at
> org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1242)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:536)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:95)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
> ... 8 more
> the code works fine, the message is signed, if I take out the snippet:
> <sp:SupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
> />
> </wsp:Policy>
> </sp:SupportingTokens>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
