Rampart automaticaly tries to load an "Encryption user" if the security policy
defines the use of a UsernameToken with a AsymmetricBinding
------------------------------------------------------------------------------------------------------------------------------------------
Key: RAMPART-300
URL: https://issues.apache.org/jira/browse/RAMPART-300
Project: Rampart
Issue Type: Bug
Environment: OS: Linux. Axis2, RAMPART 1.5
Reporter: cerbero
Assignee: Ruchith Udayanga Fernando
Rampart automaticaly tries to load an "Encryption user" if the security policy
defines the use of a UsernameToken with a AsymmetricBinding
I have a service implemented using Websphere Message Broker and I'm developing
an axis2 client for this service.
To use this service, the message's body must be signed, to sign the message I
created the following policy (based on rampart sample0le03):
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SupportingTokens>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<!--
<sp:RequireThumbprintReference /> -->
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<!-- <sp:IncludeTimestamp /> -->
<!-- <sp:OnlySignEntireHeadersAndBody
/> -->
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body />
</sp:SignedParts>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>client</ramp:user>
<ramp:userCertAlias>client</ramp:userCertAlias>
<!--
<ramp:encryptionUser>client</ramp:encryptionUser> -->
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/acbrasil/workspace/SMSJ27TesteXmlBeans/src/client.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">changeme</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
The problem is that rampart is trying to retrieve "Encryption user" to encrypt
the mesage, but I only wish sign the mesage.
org.apache.axis2.AxisFault: Encryption user not specified (The context is
created by the initiating party)
at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
org.example.www.echoservice.EchoServiceStub.send(EchoServiceStub.java:187)
at TesteSignOnly.main(TesteSignOnly.java:45)
Caused by: org.apache.rampart.RampartException: Encryption user not specified
(The context is created by the initiating party)
at
org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1254)
at
org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1242)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:536)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:95)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
... 8 more
the code works fine if I take out the snippet:
<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SupportingTokens>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
