Hi Joan,
I am also testing some code with a similar policy file. I have also
encountered the given error during my testing. This error normally
occurs when password callback is unable to set password for a given
user. In my case i got following stack trace;
Exception in thread "main" org.apache.axis2.AxisFault: *General security
error* *(WSSecurityEngine: Callback supplied no password for: initiator)*
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:523)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
org.apache.rampart.client.SecureServiceStub.add(SecureServiceStub.java:191)
at org.apache.rampart.client.Client.main(Client.java:56)
a...@aj-laptop:~/development/Tools/rampart-test/clients/client-general$
But, in my case things were fine when i set the password for signing
user "initiator". (Using pwcb.setPassword("password");).
In your case, due to some reason the user passed into Callback class is
"null". But in rampart configuration you have specified the signing user
as "mms". Therefore callback class should get called with the user
"mms". I am not clear why callback is getting called with a null user.
Nandana, do you have any idea about this ?
Note: I am using the code in trunk.
Hope this information is useful.
Thankx
AmilaJ
Nandana Mihindukulasooriya wrote:
Hi Joan,
What is the Rampart version you are using ? Can send the full
stack-trace ?
Best Regards,
Nandana
On Wed, Jul 7, 2010 at 8:54 PM, Joan Bellver Faus <[email protected]>wrote:
Hello,
I implementing a new web services with Rampart, the policy is singn and
encryption.
When i using the certificates createds in keytool command, the services
works correctly, but when i using Spanish National ID Card (
http://www.dnielectronico.es/) the web services returned this error:
org.apache.axis2.AxisFault: General security error (WSSecurityEngine:
Callback supplied no password for: null)
This error is because the rampart can not access to the public key??
The settings.xml is:
<module ref="rampart" />
<wsp:Policy wsu:Id="SignEncr"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
">
<wsp:Policy>
<sp:RequireThumbprintReference />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<sp:Body />
</sp:EncryptedParts>
<ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy";>
<ramp:user>mms</ramp:user>
<ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
<ramp:passwordCallbackClass>es.upv.dsic.gti_ia.MMService.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/joabelfa/Escritorio/pruebas_seguridad/qpidd/security/MMSkeystore.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password_mmskeystore</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
