RE: Axis2 - Rampart: Clientside Policy Configuration
Ok, great. Thanks for your reply Nandana! Regards, Nicolas From: Nandana Mihindukulasooriya [mailto:nandana@gmail.com] Sent: Wednesday, February 25, 2009 10:46 AM To: axis-user@ws.apache.org Subject: Re: Axis2 - Rampart: Clientside Policy Configuration Yes, this is correct. You can also do this programatically in the client like this. https://wso2.org/library/3415 Client side : step 6 But if you don't have any specific requirement do this programatically ( such as values are only available at runtime), I think your approach is fine. thanks, nandana On Tue, Feb 24, 2009 at 7:08 PM, Berner, Nicolas wrote: Hi everybody, I´m playing around with Axis2 (1.41) and Rampart (1.4). The Policy Configuration works fine. I attach a Policy to my Axis2-Service and generate the client from wsdl. So my client is already configured for my desired security operations. Until now I configured the clientside rampart-module (crypto-settings, user-settings) either static in the client-axis2.xml or dynamically in the Service-Sourcecode. The configuration-part of the client-axis2.xml looks like that: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> http://ws.apache.org/rampart/policy";> client ClientPWCallbackHandler service JKS client.jks test Is this the right way to configure the client in a static way or is there another possibility? Maybe a better one? Thanks a lot in advance for your answers! Regards, Nicolas
Axis2 - Rampart: Clientside Policy Configuration
Hi everybody, I´m playing around with Axis2 (1.41) and Rampart (1.4). The Policy Configuration works fine. I attach a Policy to my Axis2-Service and generate the client from wsdl. So my client is already configured for my desired security operations. Until now I configured the clientside rampart-module (crypto-settings, user-settings) either static in the client-axis2.xml or dynamically in the Service-Sourcecode. The configuration-part of the client-axis2.xml looks like that: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> http://ws.apache.org/rampart/policy";> client ClientPWCallbackHandler service JKS client.jks test Is this the right way to configure the client in a static way or is there another possibility? Maybe a better one? Thanks a lot in advance for your answers! Regards, Nicolas
Rampart: Encryption - Alias is null
Hi! My Client ist trying to decrypt an encrypted message. It doesn´t work because the result of (PasswordCallbackHandler) pc.getIdentifier() is null. You can see this in the stacktrace. org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:214) at org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86) at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at test.flex.client.FlexSimpleStub.getStudent(FlexSimpleStub.java:202) at test.flex.client.ServiceClient.holeStudent(ServiceClient.java:65) at test.flex.client.ServiceClient.main(ServiceClient.java:20) Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid; nested exception is: java.lang.Exception: alias is null at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:292) at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:92) at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:80) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228) at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:211) ... 12 more Caused by: java.lang.Exception: alias is null at org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:137) at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:290) ... 17 more I can´t find anything in the Internet. Does anybody know what the problem is? Here is the configuration for Rampart: (I´m using Axis1.41 with Rampart 1.4) --- For the client: Encrypt client.properties test.flex.client.ClientPWCallback And the service: Encrypt client crypto.properties -- Best regards, Nicolas Berner Secaron AG Ludwigstr. 45 85399 Hallbergmoos Tel. +49 811 9594 - 170 Fax +49 811 9594 - 220 __ Secaron AG, Hallbergmoos - Amtsgericht München - HRB130366 Aufsichtsratsvorsitzender: Jochen Speek - Vorstand: Michael Spreng (Vorsitzender), Herbert Pröll
[AXIS2] Repository Problem
Hi! I´m just learning to use Axis2 in combination with rampart. I have a service FlexSimple running and it is configured to include a timestamp into each outgoing SOAP-message. Wiring the message over tcpmon one can see that it works fine. On the client-side I have the consuming FlexSimpleClient which works without rampart (tested before engaging rampart on the server-side). Take a look at the code: public static Student holeStudent(String name){ Student studi = null; try { ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\Appserver\\apache-tomcat-6.0.18\\webapps\\axis2\\WEB-INF", "conf/client.axis2.xml" ); FlexSimpleStub.GetStudentResponse response; System.out.println(ctx.getAxisConfiguration().isEngaged("rampart")); FlexSimpleStub stub = new FlexSimpleStub(ctx, TARGET_EPR); GetStudent getStudent = new GetStudent(); getStudent.setName(name); response = stub.getStudent(getStudent); studi = response.get_return(); } catch (AxisFault e) { e.printStackTrace(); } catch (RemoteException e) { e.printStackTrace(); } return studi; } This code works fine. My problem is the given repository. In the code above I use the repostiory of the axis2-web-application within the tomcat-container. Isn´t it possible to use an own repository? I thought it is possible to create a folder "repository" and use this folder as first argument when instantiating the ConfigurationContext. Repository |---modules |--addressing-1.4.1.mar |--rampart-1.4.mar Example: ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("repository", "conf/client.axis2.xml" ); When I try this I get the following Exception: org.apache.axis2.AxisFault: The system is attempting to engage a module that is not available: rampart at org.apache.axis2.engine.AxisConfiguration.engageModule(AxisConfiguration.java:464) at org.apache.axis2.engine.AxisConfiguration.engageGlobalModules(AxisConfiguration.java:591) at org.apache.axis2.deployment.DeploymentEngine.engageModules(DeploymentEngine.java:615) at org.apache.axis2.deployment.FileSystemConfigurator.engageGlobalModules(FileSystemConfigurator.java:142) at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:81) at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContextFromFileSystem(ConfigurationContextFactory.java:184) at test.flex.client.ServiceClient.holeStudent(ServiceClient.java:53) at test.flex.client.ServiceClient.main(ServiceClient.java:16) It seems that Axis2 finds the addressing-module but there is a problem with the rampart-module. Does anyone know why I can´t use my "own" repository? Best regards Nicolas Berner Secaron AG Ludwigstr. 45 85399 Hallbergmoos Tel. +49 811 9594 - 170 Fax +49 811 9594 - 220 __ Secaron AG, Hallbergmoos - Amtsgericht München - HRB130366 Aufsichtsratsvorsitzender: Jochen Speek - Vorstand: Michael Spreng (Vorsitzender), Herbert Pröll
Compliant to WS-I Specs?
Hi everybody! Is Axis2(Rampart) compliant to WS-I Basic Security Profile and/or WS-I Reliable Security Profile? Kind regards, Nicolas Berner Secaron AG Ludwigstr. 45 85399 Hallbergmoos Tel. +49 811 9594 - 170 Fax +49 811 9594 - 220 __ Secaron AG, Hallbergmoos - Amtsgericht München - HRB130366 Aufsichtsratsvorsitzender: Jochen Speek - Vorstand: Michael Spreng (Vorsitzender), Herbert Pröll