Re: Regarding validating SOAP responses against the WSDL

2009-03-25 Thread Sneha Nikum 
Hi,

The code in the below link is for Axis 2 can i have something similar for
Axis 1.4? I need to get it working with Axis 1.4.

Please help.

Thanks in advance.
Sneha

On Fri, Mar 20, 2009 at 11:09 AM, Dennis Sosnoski  wrote:

> Hi Sneha,
>
> Validating against a schema definition is easy. I developed a validation
> module for Axis2 to demonstrate how this can be done using a handler, which
> you can find at http://www.sosnoski.co.nz/validation.zip
>
> Doing this against a WSDL is a little more difficult, in that you need to
> extract the schema (or schemas, which may import each other) from the WSDL.
> If you're not working with a lot of different WSDLs it's probably easiest to
> just extract stand-alone schemas from the WSDLs you're using and then
> reference those directly for validation processing.
>
>  - Dennis
>
> Dennis M. Sosnoski
> SOA and Web Services in Java
> Training and Consulting
> http://www.sosnoski.com - http://www.sosnoski.co.nz
> Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117
>
>
>
> Sneha Nikum wrote:
>
>> Hi All,
>>
>> Any updates on findings on how this could be achieved. I am really stuck
>> up at this and need urgent help for the same.
>>
>> I am using a WSDL file and invoking a method of the web service.
>>
>> What I want to do is validate the obtained SOAP response message against
>> the WSDL file.
>>
>> Pleasee do help me. I am stuck at this and am not able to
>> proceed further.
>>
>> Thanks
>> Sneha
>>
>> On Tue, Mar 17, 2009 at 5:19 PM, Sneha Nikum > snehani...@gmail.com>> wrote:
>>
>>Hi Dhanush,
>>
>>Yes i do make a call to te service.
>>
>>You are right I would need some APIs for it.. but ,y question is
>>are there such APIs and if there are such APIs please let me know
>>which APIs can be used to achieve this.
>>
>>Thanks
>>Sneha
>>
>>
>>On Tue, Mar 17, 2009 at 4:51 PM, Dhanush Gopinath
>>mailto:dhanush.gopin...@altair.com>>
>>wrote:
>>
>>Hi Sneha,
>>
>>
>>I assume when you say that you are injecting some attack
>>patterns , you make a call to the service after that, right ?
>>
>>
>>If the attack pattern is not a valid input then the WS will
>>throw faults, otherwise it will return back a response or
>>fault depending upon the WS implementation. You can get hold
>>of this SOAP Message in any of the client handlers and then
>>validate the SOAP Message against a WSDL since you know the
>>WSDL and also the operation. Of course I think this needs to
>>be done by using the WSDL API’s and recursing through each
>>soap elements.
>>
>>
>>Hope this helps
>>
>>
>>Thanks
>>
>>Dhanush
>>
>>
>>*From:* Sneha Nikum [mailto:snehani...@gmail.com
>>]
>>*Sent:* Tuesday, March 17, 2009 4:03 PM
>>
>>*To:* axis-user@ws.apache.org 
>>*Subject:* Re: Regarding validating SOAP responses against the
>>WSDL
>>
>>
>>Hi Guys,
>>
>>Thanks for your replies.
>>
>>My use case is as follows:
>>
>>I get a WSDL (I know it before hand) and using Axis 2.0 i get
>>the various operations that the WSDL supports.
>>
>>The further I select a operation out of the various operations
>>the WSDL supports and create a request for the same and send
>>it to the service with the input parameters filled.
>>
>>When I fill the parameters, I might inject some attack
>>patterns to test the service for vulnerabilities.
>>
>>When I get the response, I would like to validate it with the
>>given WSDL, to see the effect the injected attack pattern
>>created on the service.
>>
>>For this particular use case I want to do a validation of the
>>SOAP response against the WSDL file.
>>
>>Hope the use case is clear now.
>>
>>Please do let me know if there are ways to achieve the same.
>>
>>Thanks
>>Sneha
>>
>>On Tue, Mar 17, 2009 at 3:38 PM, Dhanush Gopinath
>>>> wrote:
>>
>>Hi,
>>
>>
>>I am not sure if there are any Axis API’s for the same (I do
>>not think so).
>>
>>
>>I can tell you a similar way in which I constructed a
>>predefined SOAP response after parsing the WSDL and Schema.
>>
>>
>>What I will get as input is the operation name and target
>>namespace.
>>
>>
>>From that I get the wsdl from my DB and the parse it
>>(including the schemas) and then construct the SOAP Message
>>Response.
>>
>>
>>To fill this soap message I have output parameters of the
>>operation already populated.
>>
>>
>>So similarly you can do something of this sort to validate the
>>SOAP response. But I am afraid there are any single API’s in Axis.
>>
>>
>>

RE: [Axis2 1.4] WS-Policy in WSDL 1.1 vs WSDL2.0 using wsdl2java utility

2009-03-25 Thread Martin Gainty 

this discussion was initiated by WS-Policy embedded in WSDL from Dennis S
If memory serves he mentioned something about various transports not being 
handled?
Is this still the case?

Martin 
__ 
Disclaimer and confidentiality note 
This message is confidential and may be privileged. If you are not the intended 
recipient, we kindly ask you to  please inform the sender. Any unauthorised 
dissemination or copying hereof is prohibited. This message serves for 
information purposes only and shall not have any legally binding effect. Given 
that e-mails can easily be subject to manipulation, we can not accept any 
liability for the content provided.






> Date: Wed, 25 Mar 2009 16:01:18 -0500
> From: se...@ittc.ku.edu
> To: axis-user@ws.apache.org
> CC: k...@ittc.ku.edu
> Subject: Re: [Axis2 1.4] WS-Policy in WSDL 1.1 vs WSDL2.0 using wsdl2java  
> utility
> 
> Hi Pradeep,
> 
> That time frame is fantastic and works great for us! I look forward to
> hearing from you or seeing the JIRA status change.
> 
> Thank you very much.
> 
> leon
> 
> - Original Message -
> From: "Pradeep Fernando" 
> To: axis-user@ws.apache.org
> Sent: Wednesday, March 25, 2009 8:46:21 AM GMT -06:00 US/Canada Central
> Subject: Re: [Axis2 1.4] WS-Policy in WSDL 1.1 vs WSDL2.0 using wsdl2java  
> utility
> 
> Hi leon, 
> 
> I'm bit bussy with my GSOC & hopefully i would be able to fix this within 
> this week itself. I have gathered required info to 
> work on this issue & looks good. Sagara gave me some valuable info on woden 
> parser. 
> 
> thanks , 
> pradeep fernando. 
> 
> -- 
> Leon S. Searl, Software/Hardware Research Engineer
> Information and Telecommunication Technology Center, University of Kansas
> Nichols Hall, 2335 Irving Hill Road, Lawrence, KS 66045-7612
> Ph: 785-864-7820 Fax: 785-864-0387
> http://www.ittc.ku.edu
> 

_
Hotmail® is up to 70% faster. Now good news travels really fast.
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009

Re: [Axis2 1.4] WS-Policy in WSDL 1.1 vs WSDL2.0 using wsdl2java utility

2009-03-25 Thread Leon Searl 
Hi Pradeep,

That time frame is fantastic and works great for us! I look forward to
hearing from you or seeing the JIRA status change.

Thank you very much.

leon

- Original Message -
From: "Pradeep Fernando" 
To: axis-user@ws.apache.org
Sent: Wednesday, March 25, 2009 8:46:21 AM GMT -06:00 US/Canada Central
Subject: Re: [Axis2 1.4] WS-Policy in WSDL 1.1 vs WSDL2.0 using wsdl2java  
utility

Hi leon, 

I'm bit bussy with my GSOC & hopefully i would be able to fix this within this 
week itself. I have gathered required info to 
work on this issue & looks good. Sagara gave me some valuable info on woden 
parser. 

thanks , 
pradeep fernando. 

-- 
Leon S. Searl, Software/Hardware Research Engineer
Information and Telecommunication Technology Center, University of Kansas
Nichols Hall, 2335 Irving Hill Road, Lawrence, KS 66045-7612
Ph: 785-864-7820 Fax: 785-864-0387
http://www.ittc.ku.edu

Axis2 MTOM and WSSecurity (encryption)

2009-03-25 Thread Erwin Reinhoud 
Hello,
 
I am wondering if more users need to use mtom and ws-security. There is an 
issue (3407) since dec 2007, but is still not fixed. Isn;t it one of the 
benefits that mtom supports ws-security? 
 
Kind regards,
Erwin  
<>

Re: Question about WSSecurity in Axis2

2009-03-25 Thread Nandana Mihindukulasooriya 
Hi Sudhir,

On Wed, Mar 25, 2009 at 8:58 PM, Sudhir Mongia wrote:

> Hi,
> We need to secure our web service. We got to know about rampart module to
> implement. Before looking into any kind of documentation for rampart, We
> were in impression that we need to do changes on server side and the client
> will come to know about the security related information through WSDL only.
>
> When we looked into that rampart, It changed our basic perception.Rampart
> documentation says "when using Rampart with Axis2, it must be engaged at
> both ends".Why so ?? If my client is Java  based then we can engage rampart
> module on client side. What if our client is .Net client and needs to access
> the web service?
>

 Nope, you can use WCF, Axis2/C, WSF/PHP or any other client. If you use
Axis2/Java client then you need to engage Rampart module at the client
side.

Is it the way it works? Then, How the policy and keys related information
> will be communicated to client?
>

The policy is annotated in the WSDL of the service. Key information has to
be configured through Rampart configuration.

I suggest you to take a look at following tutorials.

http://wso2.org/library/3190
http://wso2.org/library/3415

thanks,
Nandana

-- 
Nandana Mihindukulasooriya
WSO2 inc.

http://nandana83.blogspot.com/
http://www.wso2.org

Question about WSSecurity in Axis2

2009-03-25 Thread Sudhir Mongia 
Hi,
We need to secure our web service. We got to know about rampart module to
implement. Before looking into any kind of documentation for rampart, We
were in impression that we need to do changes on server side and the client
will come to know about the security related information through WSDL only.

When we looked into that rampart, It changed our basic perception.Rampart
documentation says "when using Rampart with Axis2, it must be engaged at
both ends".Why so ?? If my client is Java  based then we can engage rampart
module on client side. What if our client is .Net client and needs to access
the web service?

Is it the way it works? Then, How the policy and keys related information
will be communicated to client?

Is there any other way we can implement WSSecurity in Axis2 ? So that we'll
be doing changes on server side and client will need to look into wsdl only.

I know I am putting questions marks after each sentence. But I can't help
it, this is what I think as of now and expecting you people to throw some
light on the issue.

Thanks,
Sudhir

Re: [Axis2 1.4] WS-Policy in WSDL 1.1 vs WSDL2.0 using wsdl2java utility

2009-03-25 Thread Pradeep Fernando 
Hi leon,

I'm bit bussy with my GSOC & hopefully i would be able to fix this within
this week itself. I have gathered required info to
work on this issue & looks good. Sagara gave me some valuable info on woden
parser.

thanks ,
pradeep fernando.

"Content id is null" for MTOM attachment

2009-03-25 Thread Chinmoy Chakraborty 
Hi,
I am returning a .doc file as an MTOM attachment for a service. When I do
  OMElement ele = retVal.getFirstElement();
  OMText binaryNode = (OMText) ele.getFirstOMChild();
  DataHandler dh = (DataHandler)binaryNode.getDataHandler();

it gives error "content id is null".the content-type is not binary and
it should be "application/msword". How do get the correct content-type from
this returned datahandler?


Chinmoy

DataHandler.getName() always returns 'MyByteArrayDataSource' if the ds is ByteArrayDataSource

2009-03-25 Thread Chinmoy Chakraborty 
Hi All,

I noticed DataHandler.getName() always returns 'MyByteArrayDataSource' if
the data source is ByteArrayDataSource from which the DataHandler has been
created. Please look at the code below:

FileItem file = (FileItem) value;
ByteArrayDataSource bads = new ByteArrayDataSource(file.getInputStream(),
"application/msword");
bads.setName("abc.doc");
DataHandler dh = new DataHandler(bads);

Now if I do, dh.getName(), it always returns 'MyByteArrayDataSource". I
guess this is a bug. Whats your opinion?


Chinmoy