Re: [VOTE] Web Services Reorg Part 1 : Axis2 TLP

2009-11-09 Thread Ruchith Fernando 
+1

Thanks,
Ruchith

On Fri, Nov 6, 2009 at 12:20 PM, Glen Daniels  wrote:
> Greetings, everyone.
>
> A bunch of us here at ApacheCon were talking about the Axis2 TLP idea, and
> how to move this forward in the simplest and most effective way.  We came up
> with *exactly* the same structure that we had proposed a year ago. :)  So,
> having only altered the page in order to remove a step (the promotion of
> WS-Commons sub-sub-projects to WS subprojects - this isn't really necessary
> as we can still decide what to do about each sub-sub-project individually
> later), I'd like to bring the following proposal up for a VOTE of the Web
> Services PMC.  If this passes, I plan to submit this resolution to the board
> as soon as possible.
>
> http://wiki.apache.org/ws/FrontPage/Proposals/Axis2TLPProposal
>
> Note that I added just the first few people in the current PMC roster as
> examples.  I also nominated myself as the Axis2 chair for now - if anyone
> else would like to volunteer to do this, please let me know.  Eventually I'd
> like to drop one or the other PMC chair role, but for now I'm OK doing both.
>
> So if you would, please:
>
> 1) VOTE
> 2) Add yourself to the list of project members on the wiki page if you are an
> existing PMC member and would like to be on the new Axis2 PMC
>
> Here is my +1 for this proposal.
>
> Thanks,
> --Glen
>



-- 
http://ruchith.org

Re: [VOTE] Axis2 1.5.1 - final vote (I hope :) )

2009-10-21 Thread Ruchith Fernando 
+1

Thanks,
Ruchith

On Tue, Oct 20, 2009 at 10:48 AM, Glen Daniels  wrote:
> OK, after adding the default 30-second timeout for connection starvation
> issues, and confirming that Rampart now works fine with 1.5.1, let's try this
> one more time.  Please VOTE on releasing 1.5.1 - then we can get moving on 
> 1.6!
>
>
> You can find the distribution files in here:
>
> http://people.apache.org/~gdaniels/stagingRepo/org/apache/axis2/distribution/1.5.1/
>
> And the M2 repository with everything is at:
>
> http://people.apache.org/~gdaniels/stagingRepo
>
> The SVN tag is:
>
> http://svn.apache.org/repos/asf/webservices/axis2/tags/java/v1.5.1RC3
>
> ...and I'll add a proper "v1.5.1" tag as soon as this release goes final.
>
> Please offer your VOTE (and indicate binding/non-binding).
>
> Here's my +1 (binding).
>
> Many thanks,
> --Glen
>



-- 
http://ruchith.org

Re: [Axis2] Add XmlSchema, Neethi, Axiom to TLP Proposal

2008-11-03 Thread Ruchith Fernando 
On Mon, Nov 3, 2008 at 12:51 PM, Glen Daniels <[EMAIL PROTECTED]> wrote:
> I don't think that we should AUTOMATICALLY grant access to every Synapse/CXF
> (or Axis2 for that matter, into the future) committer, no. But I do think

+1

> the barrier to entry for those folks should be a lot lower (pretty much if
> they ask - but I do think there should be a formal separation).

Yeah ... if someone really needs to do a lot of work on these  we
can handle those
appropriately at that point right? Otherwise anyway our usual way of
getting changes in
still works!

Thanks,
Ruchith

>
> What do you think?
>
> --Glen
>
> Davanum Srinivas wrote:
>>
>> So, should all synapse and cxf folks have access to all these
>> projects? What say you?
>>
>> -- dims
>>
>> On Mon, Nov 3, 2008 at 12:11 PM, Glen Daniels <[EMAIL PROTECTED]>
>> wrote:
>>>
>>> Daniel Kulp wrote:

 On Monday 03 November 2008 10:14:30 am Davanum Srinivas wrote:
>
> Glen,
>
> Was looking at
> http://wiki.apache.org/ws/FrontPage/Proposals/Axis2TLPProposal
>
> Any thoughts on why leave behind XmlSchema, Neethi, Axiom?

 Because they are used by several other projects that have nothing to do
 with Axis 2?
>>>
>>> Exactly.  I do NOT think (re: the other thread) that Axiom should be a
>>> TLP,
>>> and I do think that all of these libraries make sense as "Web Services"
>>> components with a shared committer-base working on them.
>>>
>>> Thanks,
>>> --Glen
>>>
>>
>>
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Fwd: [DISCUSS] Axis2 as TLP

2008-10-31 Thread Ruchith Fernando 
IMHO Axis2 project as a TLP should be both Java and C.

Thanks,
Ruchith

On Sat, Nov 1, 2008 at 1:14 AM, Manjula Peiris <[EMAIL PROTECTED]> wrote:
>
> On Sat, 2008-11-01 at 09:23 +0530, Samisa Abeysinghe wrote:
>> It looks to me that the amount of confusion and frustration demonstrated
>> in this thread is due to the mix of topics that we are discussing under
>> the single topic, namely TLP.
>>
>> Some of the matters are not really TLP related.
>>
>> On one hand, there is talk about dropping C out of the picture, while
>> making Axis2 a TLP. So natural tenancy from the C folks is a big NO.
>> So is that equivalent to saying, no we do not need a TLP? Not really.
>
> Yes as a contributor to Axis2/C project my main concern is also on
> dropping out Axis2/C out of the picture. If we separate out these two
> projects it may affect Axis2/C project, and I don't think Axis2 will
> benefited from that either.
>
>>
>> Then there are questions related to activeness. And I do agree that it
>> is a real problem, that needs to be solved. But IMHO I have doubts if a
>> TLP would solve it.
>>
>> We need a clear list of things that we might be doing, when we become a
>> TLP. And that list must obviously include the list of projects that will
>> go under that TLP etc.
>>
>> Then we also need a separate list, that outlines problems that we have
>> in the current setup. Including those that might be solved with TLP as
>> well as those that might not.
>>
>> And if we can agree on the above, then we have to identify a media to
>> collect those lists. A mailing list thread like this is distorting when
>> it comes to listing things IMHO, so we might need a Wiki that everyone
>> can edit.
>>
>> Thanks,
>> Samisa...
>>
>>
>> Ajith Ranabahu wrote:
>> > missed general@
>> >
>> >
>> > -- Forwarded message --
>> > From: Ajith Ranabahu <[EMAIL PROTECTED]>
>> > Date: Fri, Oct 31, 2008 at 12:04 PM
>> > Subject: Re: [DISCUSS] Axis2 as TLP
>> > To: axis-dev@ws.apache.org
>> >
>> >
>> > I should kick myself for not reading Axis2 mail frequently. I just
>> > spent 20 minutes reading the complete thread and just throwing my 2
>> > cents.
>> >
>> > 1. I am +1 (not a vote, a token of agreement) on making Axis2 a TLP.
>> > I have supported the decision in the PMC and I am still in support for
>> > it. As Deepal says I don't understand why people are so much worried
>> > about making Axis2 a TLP. We have kept all the major components as
>> > subprojects so far and what difference would it make if we house them
>> > in a different place ?
>> >
>> > 2. I have to agree to Dims that we have not been active as usual.
>> > There are open Jira's and I haven't had time to fix the few things
>> > that are pending in my niche projects (XMLSchema and tcpmon) let alone
>> > in Axis2. However I personally feel that it would be easier to do a
>> > better job (better than being done right now) if the teams are small
>> > and focused rather than generic and all over the place.  Again the
>> > volume and the size clearly warrants a break just for the ease of
>> > management. Mind you - it would not automatically fix the problem -
>> > the site would not get fixed by magic and the Jiras would not vanish.
>> > However it may make it easier to do so.
>> > For the sake of the argument if a disgruntled user goes on commenting
>> > about Axis2 he would be shooting at the ws pmc. But the WS pmc
>> > consists of many other innocent PMCers that have nothing to do with
>> > Axis2! if we have clear separation then the responsibilities are
>> > clear.
>> >
>> > 3. I've been told that (before my time in Apache) that it is
>> > discouraged to put projects in an umbrella of functionality, say like
>> > in ws* or xml*. Instead Apache has embraced the
>> > related-or-not-related-but-interesting type of project names with
>> > 'projects' and not umbrellas. Just to make it clear does the words
>> > jackrabbit, lucene, synapse, Mina or Lenya make any hint of what the
>> > project actually does ? So i don't see the point of keeping Axis2
>> > under the umbrella of ws* anymore. if the ws* argument to hold I would
>> > say all other Apache projects that provide the SOAP stack capability
>> > should come under ws* as well (such as CXF)
>> >
>> > 4. I don't suppose there is anyone with a secret (evil ;P) agenda of
>> > becoming the member of two PMC's supporting the split. But as I
>> > pointed out earlier ws has grown out of its bounds and its time we
>> > split things up for the sake of managing the complexity. Who we put as
>> > the chair is a different question and hopefully would be selected the
>> > democratic way (or by just looking at the mail count :D)
>> >
>> > For my final conclusion I am in support of this proposal.
>> >
>> > Ajith
>> >
>> > On Fri, Oct 31, 2008 at 10:59 AM, Paul Fremantle <[EMAIL PROTECTED]> wrote:
>> >
>> >> On Fri, Oct 31, 2008 at 1:51 PM, Davanum Srinivas <[EMAIL PROTECTED]> 
>> >> wrote:
>> >>
>> >>>  Though given Paul's and other people's

Re: [Axis2][VOTE] Axis2 1.4.1 - Take #4

2008-08-21 Thread Ruchith Fernando 
+1

Thanks,
Ruchith

On Thu, Aug 21, 2008 at 8:21 AM, Nandana Mihindukulasooriya
<[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I am calling fresh a vote again for Axis2 1.4.1 and only the source
> distribution is changed. Only change is removing some binaries that were
> accidentally included.
>
> New source distribution can be found here. Please review.
> http://people.apache.org/~nandana/axis2-1.4.1/dist/axis2-1.4.1-src.zip
>
> thanks,
> nandana
>
> Distributions:
> http://people.apache.org/~nandana/axis2-1.4.1/dist
>
> Maven2 repository:
> http://people.apache.org/~nandana/axis2-1.4.1/m2-repo/
>
> SVN Info:
> https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_4
> (Revision: 684402)
>
> Here's my +1 to declaring the above dist as Axis2 1.4.1.
>
> thanks,
> nandana
>
> Links to the individual Distribution/Tool files are listed below:
>
> Distributions :
> http://people.apache.org/~nandana/axis2-1.4.1/dist/axis2-1.4.1-bin.zip
> http://people.apache.org/~nandana/axis2-1.4.1/dist/axis2-1.4.1-docs.zip
> http://people.apache.org/~nandana/axis2-1.4.1/dist/axis2-1.4.1-src.zip
> http://people.apache.org/~nandana/axis2-1.4.1/dist/axis2-1.4.1-war.zip
>
> Tools :
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-aar-maven-plugin-1.4.1.jar
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-ant-plugin-1.4.1.jar
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-eclipse-codegen-wizard.zip
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-eclipse-service-archiver-wizard.zip
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-mar-maven-plugin-1.4.1.jar
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-idea-plugin-1.4.1.zip
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-java2wsdl-maven-plugin-1.4.1.jar
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-wsdl2code-maven-plugin-1.4.1.jar
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIrV3ZmA4ts7hLdV8RAsJPAJ9l2tuD6tbSBOxRbg1E9xNyPcq83ACgiVSo
> bKWm+W1YD5ZO1w8EZM+FEsQ=
> =Fx2j
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2][VOTE] Axis2 1.4.1 - Take #3

2008-08-19 Thread Ruchith Fernando 
+1

Thanks,
Ruchith

On Tue, Aug 19, 2008 at 2:28 AM, Nandana Mihindukulasooriya
<[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi Devs,
>
> Please review:
> http://people.apache.org/~nandana/axis2-1.4.1/dist
>
> Maven2 repository:
> http://people.apache.org/~nandana/axis2-1.4.1/m2-repo/
>
> SVN Info:
> https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_4
> (Revision: 684402)
>
> Here's my +1 to declaring the above dist as Axis2 1.4.1.
>
> thanks,
> nandana
>
> Links to the individual Distribution/Tool files are listed below:
>
> Distributions :
> http://people.apache.org/~nandana/axis2-1.4.1/dist/axis2-1.4.1-bin.zip
> http://people.apache.org/~nandana/axis2-1.4.1/dist/axis2-1.4.1-docs.zip
> http://people.apache.org/~nandana/axis2-1.4.1/dist/axis2-1.4.1-src.zip
> http://people.apache.org/~nandana/axis2-1.4.1/dist/axis2-1.4.1-war.zip
>
> Tools :
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-aar-maven-plugin-1.4.1.jar
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-ant-plugin-1.4.1.jar
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-eclipse-codegen-wizard.zip
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-eclipse-service-archiver-wizard.zip
>
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-mar-maven-plugin-1.4.1.jar
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-idea-plugin-1.4.1.zip
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-java2wsdl-maven-plugin-1.4.1.jar
> http://people.apache.org/~nandana/axis2-1.4.1/tools/axis2-wsdl2code-maven-plugin-1.4.1.jar
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIqmfymA4ts7hLdV8RAo3HAJ9CgBbKN7V5sBuGlyrWlaRrWDvKCwCbBKaM
> mPWSjef5I3O0bE4XgaMyn6E=
> =Wvk4
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2][1.4.1] Nandana as Release Manager (Re: Security hole in Axis2 1.4 + Rampart 1.4)

2008-07-09 Thread Ruchith Fernando 
IMHO when it comes to .mar files we should version them as "x.yz"

In the case of 1.4.1 release the mar file versions can be: 1.41

This confirms to the module version constraints of Axis2.

Thanks,
Ruchith

On Wed, Jul 9, 2008 at 3:33 PM, Saminda Abeyruwan <[EMAIL PROTECTED]> wrote:
> Guys, Axis2 module follow the version semantics of
>
> [major.minor]
>
> Thus, having addressing-1.4.1.mar will cause problem in version resolution.
>
> Am I making an absurd assumption here ?
>
> Saminda
>
> On Wed, Jul 9, 2008 at 12:26 PM, Deepal Jayasinghe <[EMAIL PROTECTED]>
> wrote:
>>
>> Hehe :)
>>
>> I was wondering why did Glen tell that , I even went and read old mails :)
>>
>> Davanum Srinivas wrote:
>>>
>>> s/Deepal/Dims/ ? :)
>>>
>>> Glen Daniels wrote:
>>> |
>>> | Deepal, what are you so worried about, exactly?  That it will take
>>> | forever to get the release out?
>>> |
>>> | IMHO, a point release is for fixing critical issues, and should not
>>> | necessarily be limited to one particular issue.  I think we should run
>>> | this basically just like a regular release but with a much shorter
>>> | timeframe.  My suggestion:
>>> |
>>> | - Let's aim to get 1.4.1 out the door at the end of next week, i.e.
>>> July
>>> | 18th (is that enough time, Nandana?).
>>> |
>>> | - As always it's good to go through at least one RC so people can kick
>>> | the tires, check the artifacts, etc.  So let's aim to get the RC out by
>>> | Tuesday the 15th.
>>> |
>>> | - Backing up, this allows a week (from today through next Monday) for
>>> | development work, during which time I think people should be able to
>>> fix
>>> | anything they consider critical (of course, with no new functionality).
>>> |
>>> | - As RM, Nandana gets the final say as to what gets checked in to the
>>> | branch and what does not.
>>> |
>>> | Thoughts?
>>> |
>>> | --Glen
>>> |
>>> | Davanum Srinivas wrote:
>>> | Exactly what i was afraid of :( Sigh! this is a *very* slippery slope.
>>> |
>>> | -- dims
>>> |
>>> | Amila Suriarachchi wrote:
>>> | | On Mon, Jul 7, 2008 at 6:03 PM, Davanum Srinivas <[EMAIL PROTECTED]>
>>> | wrote:
>>> | |
>>> | |> Nandana,
>>> | |>
>>> | |> +1 from me for you to be the Release Manager for 1.4.1
>>> | |
>>> | |
>>> | | + 1 from me.
>>> | |
>>> | |>
>>> | |> IMHO, we should use 1.4 branch. The *ONLY* change should be the
>>> | |> security change. Nothing more.
>>> | |
>>> | | I think we need to fix any possible other critical issues as well.
>>> | | eg. https://issues.apache.org/jira/browse/AXIS2-3870
>>> | | This is a memory leak and we need to fix this.
>>> | |
>>> | | thanks,
>>> | | Amila.
>>> | |
>>> | |
>>> | |
>>> | |>
>>> | |> thanks,
>>> | |> dims
>>> | |>
>>> | |> On Mon, Jul 7, 2008 at 6:50 AM, Nandana Mihindukulasooriya
>>> | |> <[EMAIL PROTECTED]> wrote:
>>> | |>> I would like to volunteer to be the release manager for Axis2
>>> 1.4.1.
>>> | |>>
>>> | |>> I think we can fix the critical issues in the 1.4 branch (or a
>>> 1.4.1
>>> | |> branch
>>> | |>> ) and do the 1.4.1 release. I don't think doing 1.4.1 from the
>>> | trunk is
>>> | |> the
>>> | |>> appropriate way as trunk is now java 1.5 and has lot of major
>>> changes
>>> | |> after
>>> | |>> Axis2 1.4 . However we can fix any issues that are not already
>>> | fixed in
>>> | |> the
>>> | |>> trunk at the same time when we fix those in the branch.
>>> | |>>
>>> | |>> Hope this is oky with Axis2 release guidelines.
>>> | |>>
>>> | |>> thanks,
>>> | |>> nandana
>>> | |>>
>>> | |>> On Tue, Jul 1, 2008 at 6:39 PM, Davanum Srinivas
>>> <[EMAIL PROTECTED]>
>>> | |> wrote:
>>> | |>>> IMHO, The logic is the same as for blockers. If there is a work
>>> | |>>> around, it's not a blocker. So i am +0 on a 1.4.1 since there is a
>>> | |>>> work around that can be documented.
>>> | |>>>
>>> | |>>> That said, If someone is willing to drive a 1.4.1 as the release
>>> | |>>> manager, please do go ahead.
>>> | |>>>
>>> | |>>> thanks,
>>> | |>>> dims
>>> | |>>>
>>> | |>>> On Tue, Jul 1, 2008 at 2:48 AM, Sanka Samaranayake
>>> | <[EMAIL PROTECTED]>
>>> | |>>> wrote:
>>> | | Hi,
>>> | |
>>> | | For the users who is already using 1.4 version, the workaround
>>> | would
>>> | |> be
>>> | | to
>>> | | define policies in services.xml without using
>>> | .
>>> | | Then
>>> | | the problem is that those policies will appear in 
>>> | |> which
>>> | | is
>>> | | not correct but security will apply for both format of service
>>> | URLs.
>>> | |
>>> | | Hence +1 for fixing that issue and do 1.4.1 release.
>>> | |
>>> | | Thanks,
>>> | | Sanka
>>> | |
>>> | |
>>> | | On Mon, Jun 30, 2008 at 8:59 PM, Nandana Mihindukulasooriya
>>> | | <[EMAIL PROTECTED]> wrote:
>>> | |> Hi,
>>> | |>There are few issues with Axis2 1.4 / Rampart 1.4 with the
>>> new
>>> | |> policy
>>> | |> configuration. The new policy configuration which allows us to
>>> | apply
>>> | |> policies to binding hierarchy is a great fea

Re: [Axis2][1.4.1] Nandana as Release Manager (Re: Security hole in Axis2 1.4 + Rampart 1.4)

2008-07-08 Thread Ruchith Fernando 
+1 for Nandana as the release manager.

Thanks,
Ruchith

On Mon, Jul 7, 2008 at 6:03 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
> Nandana,
>
> +1 from me for you to be the Release Manager for 1.4.1
>
> IMHO, we should use 1.4 branch. The *ONLY* change should be the
> security change. Nothing more.
>
> thanks,
> dims
>
> On Mon, Jul 7, 2008 at 6:50 AM, Nandana Mihindukulasooriya
> <[EMAIL PROTECTED]> wrote:
>> I would like to volunteer to be the release manager for Axis2 1.4.1.
>>
>> I think we can fix the critical issues in the 1.4 branch (or a 1.4.1 branch
>> ) and do the 1.4.1 release. I don't think doing 1.4.1 from the trunk is the
>> appropriate way as trunk is now java 1.5 and has lot of major changes after
>> Axis2 1.4 . However we can fix any issues that are not already fixed in the
>> trunk at the same time when we fix those in the branch.
>>
>> Hope this is oky with Axis2 release guidelines.
>>
>> thanks,
>> nandana
>>
>> On Tue, Jul 1, 2008 at 6:39 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
>>>
>>> IMHO, The logic is the same as for blockers. If there is a work
>>> around, it's not a blocker. So i am +0 on a 1.4.1 since there is a
>>> work around that can be documented.
>>>
>>> That said, If someone is willing to drive a 1.4.1 as the release
>>> manager, please do go ahead.
>>>
>>> thanks,
>>> dims
>>>
>>> On Tue, Jul 1, 2008 at 2:48 AM, Sanka Samaranayake <[EMAIL PROTECTED]>
>>> wrote:
>>> > Hi,
>>> >
>>> > For the users who is already using 1.4 version, the workaround would be
>>> > to
>>> > define policies in services.xml without using .
>>> > Then
>>> > the problem is that those policies will appear in  which
>>> > is
>>> > not correct but security will apply for both format of service URLs.
>>> >
>>> > Hence +1 for fixing that issue and do 1.4.1 release.
>>> >
>>> > Thanks,
>>> > Sanka
>>> >
>>> >
>>> > On Mon, Jun 30, 2008 at 8:59 PM, Nandana Mihindukulasooriya
>>> > <[EMAIL PROTECTED]> wrote:
>>> >>
>>> >> Hi,
>>> >>There are few issues with Axis2 1.4 / Rampart 1.4 with the new
>>> >> policy
>>> >> configuration. The new policy configuration which allows us to apply
>>> >> policies to binding hierarchy is a great feature when in comes to ws
>>> >> security policy configuration. It allows security policies to be
>>> >> attached to
>>> >> the correct attachment points. But there are few issues that need to be
>>> >> fixed in Axis2 1.4. I will list them below.
>>> >> 1.) If we configure security using new configuration, service can
>>> >> be
>>> >> accessed without security.
>>> >>  In Axis2 1.4, a service is exposed in two EPRs (consider SOAP
>>> >> 1.1
>>> >> binding).
>>> >>eg.
>>> >>
>>> >>
>>> >> http://localhost:8080/axis2/services/SecureService.SecureServiceHttpSoap11Endpoint
>>> >>http://localhost:8080/axis2/services/SecureService
>>> >>   But if we you set the policies using the new configuration,
>>> >> if
>>> >> you do a web service call to the older EPR, you can access the service
>>> >> without any security even though it is secured using the binding
>>> >> hierarchy.
>>> >> This happens because if we call the old EPR, it is not dispatched to a
>>> >> binding. But this leaves the service vulnerable. I think we should
>>> >> dispatch
>>> >> to one of the bindings may be using soap envelope version if we have
>>> >> only
>>> >> one binding with that soap version. We should have a way to dispatch
>>> >> messages which comes to old EPR to one of the bindings else we should
>>> >> have
>>> >> an option to disable that EPR.
>>> >>
>>> >> 2.) In the out flow, policies are not set correctly in the binding
>>> >> message.
>>> >>   This is fixed in the trunk but this bug is there in Axis2
>>> >> 1.4.
>>> >>
>>> >>So the option we have is to configure security using the old
>>> >> configuration. But then the problem is policies are attached to the
>>> >> port
>>> >> type which is the correct way to do if we have policies using
>>> >> , tags. But this makes Axis2 not
>>> >> interoperable
>>> >> as security policies should be attached to binding hierarchy according
>>> >> WS
>>> >> Security policy specification. Ideally we should always use the new
>>> >> configuration to apply security. And code generation also doesn't work
>>> >> correctly when the policies attached to the port type (polices are not
>>> >> correctly attached to the stub).
>>> >>
>>> >>So I think it would be great if can consider a Axis2 1.4.1 with
>>> >> these
>>> >> things fixed.
>>> >>
>>> >> thanks,
>>> >> nandana
>>> >
>>> >
>>> > --
>>> > Sanka Samaranayake
>>> > WSO2 Inc.
>>> >
>>> > http://sankas.blogspot.com/
>>> > http://www.wso2.org/
>>>
>>>
>>>
>>> --
>>> Davanum Srinivas :: http://davanum.wordpress.com
>>>
>>> -
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>
>
>
>
> --
> Davanum Srinivas :: http://davanum

Re: Axis2 1.2 service to understand "mustUnderstand" attribute without using Rampart

2008-05-22 Thread Ruchith Fernando 
On Fri, May 23, 2008 at 12:11 AM, Srivastava, Abhay
<[EMAIL PROTECTED]> wrote:
> Well, after further testing I found that Axis2 service understands
> MustUnderstand=1 without the use of handlers but throws an exception
> when mustUnderstand=1 is passed in the SOAP request.

Which is the correct behaviour IMHO ... the error it thrown before the
request reaches the service by the engine.

You will need to have a handler to process the header and set the flag
indicating that the header is processed.

Thanks,
Ruchith

>
>
> Abhay Srivastava
> Reference Architecture
> Shared Services and Architecture | Smith Barney Technology | CitiGroup
> GWM | New York
> (212)  657 - 9358
>
> -Original Message-
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Thursday, May 22, 2008 2:38 PM
> To: axis-dev@ws.apache.org
> Subject: Re: Axis2 1.2 service to understand "mustUnderstand" attribute
> without using Rampart
>
> Hi,
>
> All soap headers with "mustUnderstand" attributes must be processed
> before the request reaches the service. If not Axis2 will throw an
> exception.
>
> Axis2 expects handlers to process SOAP headers and then set the
> "mustUnderstand" attribute.
>
> Thanks,
> Ruchith
>
> On Thu, May 22, 2008 at 2:38 AM, Srivastava, Abhay
> <[EMAIL PROTECTED]> wrote:
>>
>> Hello Folks,
>> Is their a way to make the Axis2 service understand the
>> "mustunderStand" attribute in SOAP header without using Rampart ?
>>
>> Abhay Srivastava
>> Reference Architecture
>> Shared Services and Architecture | Smith Barney Technology | CitiGroup
>
>> GWM | New York
>> (212)  657 - 9358
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
>
> --
> http://blog.ruchith.org
> http://wso2.org
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis2 1.2 service to understand "mustUnderstand" attribute without using Rampart

2008-05-22 Thread Ruchith Fernando 
Hi,

All soap headers with "mustUnderstand" attributes must be processed
before the request reaches the service. If not Axis2 will throw an
exception.

Axis2 expects handlers to process SOAP headers and then set the
"mustUnderstand" attribute.

Thanks,
Ruchith

On Thu, May 22, 2008 at 2:38 AM, Srivastava, Abhay
<[EMAIL PROTECTED]> wrote:
>
> Hello Folks,
> Is their a way to make the Axis2 service understand the
> "mustunderStand" attribute in SOAP header without using Rampart ?
>
> Abhay Srivastava
> Reference Architecture
> Shared Services and Architecture | Smith Barney Technology | CitiGroup
> GWM | New York
> (212)  657 - 9358
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2][VOTE] Axis2 1.4 FINAL

2008-04-24 Thread Ruchith Fernando 
+1

Thanks,
Ruchith

On Thu, Apr 24, 2008 at 10:09 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
>  Hash: SHA1
>
>  Folks,
>
>  After all the excitement of the past few days :) We almost forgot the
> release
>
>  Please review:
>  http://people.apache.org/~dims/axis2-1.4/FINAL/dist/
>
>  The m2 repository is here:
>  http://people.apache.org/~dims/axis2-1.4/FINAL/m2-repo/
>
>  SVN Info:
>  revision is 651268 on
> https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_4
>
>  Here's my +1 to declaring the above dist as Axis2 1.4 FINAL.
>
>  Thanks,
>  dims
>
>  PS: Here are links to the individual Zip/Jar/Mar files:
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/1_4/axis2-1.4-bin.zip
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/1_4/axis2-1.4-docs.zip
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/1_4/axis2-1.4-src.zip
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/1_4/axis2-1.4-war.zip
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/modules/addressing/1_4/addressing-1.4.mar
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/modules/soapmonitor/1_4/soapmonitor-1.4.mar
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/tools/1_4/axis2-aar-maven-plugin-1.4.jar
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/tools/1_4/axis2-ant-plugin-1.4.jar
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/tools/1_4/axis2-eclipse-codegen-wizard-1.4.zip
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/tools/1_4/axis2-eclipse-service-archiver-wizard-1.4.zip
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/tools/1_4/axis2-idea-plugin-1.4.zip
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/tools/1_4/axis2-java2wsdl-maven-plugin-1.4.jar
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/tools/1_4/axis2-mar-maven-plugin-1.4.jar
>
> http://people.apache.org/~dims/axis2-1.4/FINAL/dist/ws/axis2/tools/1_4/axis2-wsdl2code-maven-plugin-1.4.jar
>
>  -BEGIN PGP SIGNATURE-
>  Version: GnuPG v1.4.5 (Cygwin)
>
>  iD8DBQFIELfTgNg6eWEDv1kRAtDoAJ9xOJrbhAlQoSnVl7I79C3gDOEFDQCgi7Vy
>  gtoyG/P/Q3RWxIk1wwBphl0=
>  =QD87
>  -END PGP SIGNATURE-
>
>  -
>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE] XmlSchema-1.4.2 / Axiom-1.2.7 / Neethi-2.0.4

2008-04-18 Thread Ruchith Fernando 
+1 for all three.

Thanks,
Ruchith

On Thu, Apr 17, 2008 at 7:15 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
>  Hash: SHA1
>
>  Folks,
>
>  As promised (though a day late)...Here's are the dists:
>  http://people.apache.org/~dims/axis2-1.4-commons/
>
>  Please VOTE:
>
>  [ ] - Ship XmlSchema 1.4.2
>  [ ] - Don't Ship XmlSchema 1.4.2
>
>  [ ] - Ship Axiom 1.2.7
>  [ ] - Don't Axiom 1.2.7
>
>  [ ] - Ship Neethi 2.0.4
>  [ ] - Don't Ship Neethi 2.0.4
>
>  Here's my +1 for all 3 distributions.
>
>  thanks,
>  dims
>  -BEGIN PGP SIGNATURE-
>  Version: GnuPG v1.4.5 (Cygwin)
>
>  iD8DBQFIB1SBgNg6eWEDv1kRAlW/AKCqFFkWhDs/1kK7YCeIyRTHNT1FTgCg99Od
>  7J9XERSU1kmi+YyVnzwLqJI=
>  =w8+x
>  -END PGP SIGNATURE-
>
>  -
>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOYE][Axis2] Dims as 1.4 Release Manager

2008-03-09 Thread Ruchith Fernando 
+1

Thanks,
Ruchith

On Fri, Mar 7, 2008 at 11:43 AM, Deepal jayasinghe <[EMAIL PROTECTED]> wrote:
> Hi Dims,
>  >
>  >
>  > Deepal,
>  > Would you have time for Axis2? I can volunteer as Release Manager if
>  > you wish or we can share the responsibility as
>  > usual. Either works for me.
>  To be honest I was about to send a vote  mail to the list making you as
>  the release manager. So I am glad to see you as the release manager here
>  is my +1 for you.
>
>  And now it is your job to tell us the release plan and how we are going
>  to :) .
>
>  Thanks
>  Deepal
>
>  -
>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Topics for discussion at Microsoft re: Axis interop with .NET, Windows

2008-02-26 Thread Ruchith Fernando 
Hi Folks,

During the last WCF plugfest [1] at MSFT we were able to fix all
issues related to WS-Security 1.0, WS-Security 1.1 and
WS-SecureConversation.
All these fixes are available in the Rampart/Java trunk at the moment.

You can try the latest Rampart snapshots here: [2]

Thanks,
Ruchith

1. http://mssoapinterop.org/ilab/
2. http://people.apache.org/~ruchithf/rampart/SNAPSHOT/

On Mon, Feb 25, 2008 at 1:29 PM, Plamena Chongova <[EMAIL PROTECTED]> wrote:
> Hi Bjorn,
>
> Some time ago I have checked interoperability issues between Rampart 1.3 and
> MS Visual studio 2005/.Net3.0, MS Visual studio OrcasBeta/.Net3.5,
> MS Visual studio 2008/.Net3.5. I could run a sample with message level
> security
> (AsymmetricBinding) only with OrcasBeta. For SymmetricBinding I could not
> succeed in runing a sample. The transport level security worked fine.
>
> I'm not sure whether this information helps.
>
> Regards, Plamena
>
>
> On Fri, Feb 22, 2008 at 9:18 AM, Bjorn Townsend <[EMAIL PROTECTED]> wrote:
>
> >
> >
> >
> >
> > (crossposted on the user and dev lists)
> >
> > I'm heading to Microsoft next week along with a number of other Apache
> > folks to meet with them about improving compatibility between Apache
> > projects and Windows Server 2008. I'd like to get input from the
> > community as far as what people would like me to talk to them about.
> > I'm especially looking for test cases you'd like me to try out to make
> > sure compatibility is maintained, and also to find out about any
> > existing interop problems you might be encountering in current versions.
> >
> > If you could provide your feedback some time before Monday morning
> > Pacific time (GMT -8), I'd be most grateful. I'll be there through
> > Wednesday, so if you're not able to provide feedback before Monday
> > there is some leeway.
> >
> > Thanks!
> >
> > Bjorn
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [AXIS2] Adding security phase to OutFaultFlow

2007-12-18 Thread Ruchith Fernando 
It will be great if we can get the dynamic phase support into Axis2-1.4...

BUT *until* someone really works on this feature and get it
implemented and tested with
rampart, sandesha, addressing etc...  I'd like to go ahead with what
we have right
now and simply add the "Security" phase to OutFaultFlow. As Nandana
mentioned we
already have this in all other flows. This will help us in Rampart to
continue our
implementations and testing.

Thanks,
Ruchith

On Dec 18, 2007 9:58 AM, Amila Suriarachchi <[EMAIL PROTECTED]> wrote:
>
>
>
> On Dec 14, 2007 3:31 PM, David Illsley <[EMAIL PROTECTED]> wrote:
> > +1 to dynamic phase support, and -0 to changing the axis2.xml to help
> > rampat in the short term
>
> hi david,
> Let me explain this bit more.
> Nandana is working with rampart and he is trying to solve the following
> issue.
> http://issues.apache.org/jira/browse/RAMPART-90
> According to the current Axis2 status he can not do this without changing
> the axis2.xml. Obviously Nadana can not change the axis2 kernal and add
> dynamic phase support.  Therefore I believe it is not fair to ask to hold
> rampart issues while axis2 changes when there is an alternative.
>
> And also he is quite agree to change the rampart module.xml once axis2 has
> this feature.
>
> with this reasoning I am putting +1 to do this change now. Since deepal has
> also put a +1 to this I think  he can proceed with this change. (you have
> put only -0)
>
> hope you agree with this.
>
> Thanks,
> Amila.
>
>
> > but I'm not happy about shipping an Axis2
> > release with a solution we've already agreed sucks, needs replaced,
> > and results in config file churn for users... so lets get the dynamic
> > phase support designed and implemented!
>
>
>
>
> >
> >
> > Do we have any requirements above modules defining a phase and its
> > relative location in the flow?
> > Cheers,
> > David
> >
> >
> >
> >
> > On Dec 13, 2007 5:30 AM, Ruchith Fernando <[EMAIL PROTECTED]>
> wrote:
> > > +1 ... I also believe we should be able to have module define/arrange
> > > phases without
> > > having to edit the axis2.xml file and the handlers themselves can take
> > > care of fault processing.
> > > Even in Rampart we use the same handler in the fault flows and we do
> > > the fault handling internally
> > > without really checking which flow it is in.
> > >
> > > But, as Amila mentioned, until we get those implemented lets go ahead
> > > with the changes to axis2.xml to
> > > help fix the Rampart fault handling issue.
> > >
> > > Thanks,
> > > Ruchith
> > >
> > >
> > > On Dec 12, 2007 7:15 PM, Amila Suriarachchi
> <[EMAIL PROTECTED]> wrote:
> > > > hi glen,
> > > >
> > > > I am agreeing with you for the two features you have mentioned. And
> also As
> > > > I remember these two features
> > > > were there in the list that came up after last Apache Con hacathon. So
> there
> > > > were no objections for this
> > > > features.
> > > >
> > > > But for the moment since axis2 do not have these features the only
> option
> > > > Nandana have is to edit the axis2.xml. So lets allow him to continue
> with
> > > > this change and later it can be changed once those features are there.
> > > >
> > > > thanks,
> > > > Amila.
> > > >
> > > >
> > > >
> > > > On Dec 12, 2007 6:39 PM, Glen Daniels < [EMAIL PROTECTED]> wrote:
> > > > > Hi Nandana!
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Nandana Mihindukulasooriya wrote:
> > > > > > Hi Devs,
> > > > > >Rampart is in the process of providing security in the
> fault
> > > > > > flows.  In order to do that,
> > > > > > we need to introduce security phase in to out fault flow. It is
> already
> > > > > > there in the in fault flow.
> > > > > > so the axis2.xml have to modified to include,
> > > > > >
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > 
> > > > > > **
> > > > > > 
> > > > >
> > >

Re: [AXIS2] Adding security phase to OutFaultFlow

2007-12-12 Thread Ruchith Fernando 
+1 ... I also believe we should be able to have module define/arrange
phases without
having to edit the axis2.xml file and the handlers themselves can take
care of fault processing.
Even in Rampart we use the same handler in the fault flows and we do
the fault handling internally
without really checking which flow it is in.

But, as Amila mentioned, until we get those implemented lets go ahead
with the changes to axis2.xml to
help fix the Rampart fault handling issue.

Thanks,
Ruchith

On Dec 12, 2007 7:15 PM, Amila Suriarachchi <[EMAIL PROTECTED]> wrote:
> hi glen,
>
> I am agreeing with you for the two features you have mentioned. And also As
> I remember these two features
> were there in the list that came up after last Apache Con hacathon. So there
> were no objections for this
> features.
>
> But for the moment since axis2 do not have these features the only option
> Nandana have is to edit the axis2.xml. So lets allow him to continue with
> this change and later it can be changed once those features are there.
>
> thanks,
> Amila.
>
>
>
> On Dec 12, 2007 6:39 PM, Glen Daniels <[EMAIL PROTECTED]> wrote:
> > Hi Nandana!
> >
> >
> >
> >
> > Nandana Mihindukulasooriya wrote:
> > > Hi Devs,
> > >Rampart is in the process of providing security in the fault
> > > flows.  In order to do that,
> > > we need to introduce security phase in to out fault flow. It is already
> > > there in the in fault flow.
> > > so the axis2.xml have to modified to include,
> > >
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > **
> > > 
> >
> > I'd much rather that we bit the bullet and finally got dynamic phase
> > deployment working.  It is ridiculous to keep changing our default
> > axis2.xml (think about how many already deployed versions there are, and
> > even how many copies we have floating around in our tests etc) when the
> > whole point of Modules is that they should "drop in" to your system and
> > require minimal, if any, configuration.  I'm up for taking point on
> > this, and should hopefully be able to get started soon.
> >
> > That said, I also think we should dispense with Fault Flows as has been
> > discussed a few times.  They don't do much useful work and unnecessarily
> > complicate the configuration.  There should just be "in" and "out", and
> > if you have a handler which really cares whether a message is a fault or
> > not, it should just check that in invoke().
> >
> > There's my $0.02 - thoughts, devs?
> >
> > --Glen
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
>
> --
> Amila Suriarachchi,
> WSO2 Inc.



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: org.apache.axis2.AxisFault: Missing Timestamp

2007-11-16 Thread Ruchith Fernando 
Hi,

Seems like you have mixed Rampart-1.0 style parameter based
configuration with policy configuration.
If you are using parameter based config please *only* stick to the
configuration described in the article[1].
If not please you policy the way they are used in Rampart samples.

Thanks,
Ruchith

p.s. Please first subscribe to [EMAIL PROTECTED] mailing list
by sending a mail to
[EMAIL PROTECTED] and *then* post your rampart
related questions in
rampart-dev list.

1. http://wso2.org/library/240

On Nov 16, 2007 2:39 AM, Rajesh, Peter (CLAIMS, WIP)
<[EMAIL PROTECTED]> wrote:
>
>
> Hi
>
>
>  I read the article in http://wso2.org/library/240#digest and followed the
> steps, but now i get  below  error.
>
> [java] org.apache.axis2.AxisFault: Missing Timestamp
> [java] at
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
> [java] at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> [java] at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)
> [java] at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:508)
> [java] at
> org.apache.rampart.weblogic.sample.Client.main(Client.java:70)
> [java] Exception in thread "main"
> [java] Java Result: 1
>
>
> I have attached the services.xml from the webservice, policy.xml from client
> side & the soap request/response.  P lease go through these xml's and let me
> know what is the issue and reason for this error.
>  Thanks in advance for your help.
>
>
>
> Thanks & Regards,
>
> Peter Rajesh
>
>  *
>  This communication, including attachments, is
>  for the exclusive use of addressee and may contain proprietary,
>  confidential and/or privileged information. If you are not the intended
>  recipient, any use, copying, disclosure, dissemination or distribution is
>  strictly prohibited. If you are not the intended recipient, please notify
>  the sender immediately by return e-mail, delete this communication and
>  destroy all copies.
>  *
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Services.xml is wrong but when the WSDL queried is corrected somewhere?

2007-11-06 Thread Ruchith Fernando 
Hi Dobri,

Are you using rampart-policy-.jar to create and serialize this policy?
We fixed a lot of policy serialization issues in rampart-policy after
1.3. Can you please try using the rampart-policy-SNAPSHOT.jar from the
latest trunk?

Thanks,
Ruchith

p.s. Please subscribe ([EMAIL PROTECTED]) and post
rampart related issues to [EMAIL PROTECTED] list.

On 10/31/07, Dobri Kitipov <[EMAIL PROTECTED]> wrote:
> Hi everybody,
> I am using Axis2 1.3 and rampart2 1.2.
> I observed something interesting. I am using a custom tool to generate a
> services.xml. This tool is under development so it did not works perfect at
> the moment. I am testing the symmetric binding and have the following
> services.xml generated:
>
> 
> 
>   
> Web Service HelloPojo
>  name="ServiceClass">com.mycompany.wsstack.pojo.HelloPojo
> 
>   
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver "
> mep="http://www.w3.org/2004/08/wsdl/in-out"/>
> 
> 
> 
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
>   
> 
>   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> 
>   
>  
>   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> 
>
>   
>  
>   
>  
>   
>   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> 
>   
> 
>   
>   
> 
>   
> 
>   
>   
> 
>   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
>  
>   
>
> 
>
> 
>
> 
>   
>   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> 
>   
>   
> 
>   
>xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>  
>   
>xmlns:ramp="http://ws.apache.org/rampart/policy";>
> service
>
> client
>
> com.mycompany.wsstack.pwcb.PasswordCallbackHandler
> 
> 
>provider="org.apache.ws.security.components.crypto.Merlin">
> JKS
>  name="org.apache.ws.security.crypto.merlin.file">service.jks
>   name="org.apache.ws.security.crypto.merlin.keystore.password">openssl
>   
> 
> 
>provider="org.apache.ws.security.components.crypto.Merlin">
>  name="org.apache.ws.security.crypto.merlin.keystore.type
> ">JKS
>  name="org.apache.ws.security.crypto.merlin.file">service.jks
>  name="org.apache.ws.security.crypto.merlin.keystore.password
> ">openssl
>   
> 
>   
> 
>   
> 
> 
> 
>   
> 
>
> You can see in bold that  is not correctly formed. it
> has two opening and closing   tags. The second one
> should be replaced by  tag. Another problem is that
>  block is set twice into the file.
> THE interesting thing is that when I deploy the AAR at Tomcat 5.5.20 and
> query the ?wsdl the policy in the wsdl returned is correct and obviously
> fixed at some stage. Here is an excerpt from the wsdl that contains the
> policy:
>
>  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="User defined">
> 
> 
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> 
> 
> 
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
>  
>
> 
>
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> 
>  
> 
> 
> 
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> 
>

Re: Rampart 1.2 with Axis2 1.3 final release

2007-11-04 Thread Ruchith Fernando 
On 11/1/07, AP <[EMAIL PROTECTED]> wrote:
> After searching on wss4j mailing list I found that the following resolves my
> problem:
>
> 1.  Download the bouncycastle jar file from:  http://www.bouncycastle.org/
> and place it in your JRE's lib/ext directory java.security file:
>
> 2.  Add the following line to java.security file of your JRE:
>
> security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
>
> 3. restart server/client.
>
> After this, the error:
>
> No such algorithm: http://www.w3.org/2001/04/xmenc#rsa-1_5
>
> would be nice if this was noted in the readme.txt of Rampart.

Will make sure this is mentioned in the next release!

Thanks,
Ruchith

>
> Thanks,
> AP
>
>
> On 11/1/07, AP <[EMAIL PROTECTED]> wrote:
> > Hi all,
> >
> > After Installing rampart 1.3 and clean install of Axis2 1.3 the samples
> worked.  As I was going through the samples, I found the following issues,
> would be great if anyone can give me some tips on how to resolve these.
> >
> > 1.  All server samples in basic folder started without errors
> > 2.  When executing the clients the following was observed:
> >
> > a.  samples 1,2,3,4,8 worked perfectly!
> > b.  samples 5,6,7,10,11 all got the same error on the client side:
> >
> >  [java] Caused by:
> org.apache.ws.security.WSSecurityException: WSHandler: E
> > cryption: error during message
> processingorg.apache.ws.security.WSSecurityExcep
> > ion: An unsupported signature or encryption algorithm was used
> (unsupported key
> > transport encryption algorithm: No such algorithm:
> http://www.w3.org/2001/04/xm
> > enc#rsa-1_5)
> >
> > Any advice on how to resolve this?
> >
> > c.  sample 9 got the following error on client side:
> >
> >  [java] Caused by:
> org.apache.ws.security.WSSecurityException: WSHandler: En
> > cryption: error during message
> processingorg.apache.ws.security.WSSecurityExcept
> > ion: An unsupported signature or encryption algorithm was used; nested
> exception
> >  is:
> >  [java]
> org.apache.xml.security.encryption.XMLEncryptionException:
> Canno
> > t find any provider supporting AES/CBC/ISO10126Padding
> >  [java] Original Exception was
> java.security.NoSuchAlgorithmException: Canno
> > t find any provider supporting AES/CBC/ISO10126Padding
> >  [java] at
> org.apache.ws.security.action.EncryptionAction.execute(Encryp
> >
> >
> > Any advice would be grealy appreciated.
> >
> > Thank you very much,
> > AP
> >
> >
> >
> > On 10/31/07, Sanjiva Weerawarana < [EMAIL PROTECTED]> wrote:
> > > Have you tried with Rampart 1.3?
> > >
> > > Sanjiva.
> > >
> > > Andrew Puzankov wrote:
> > > > Hi,
> > > >
> > > > Is there a version of Rampart that works with Axis2 1.3 final release?
> > > > I saw posts in the forum that Rampart 1.2 has issues with Axis1.3 RC1
> > > > but does that issue also exist with Axis 1.3 final release?  I am
> trying
> > > > Rampart 1.2 sample01 (completed all the steps in readme.txt) and
> getting
> > > > this error when running server for sample01:
> > > >
> > > > org.apache.axis2.deployment.DeploymentException: The
> rampart module is
> > > > not valid or has not been deployed.
> > > >
> > > > Also if I hit the URL of the samples server:
> > > >
> > > > http://localhost:8080/axis2/services/
> > > >
> > > > I get the following error:
> > > >
> > > > Faulty Services
> > > > C:\tools\rampart-
> > > >
> 1.2\samples\basic\build\service_repositories\sample01\services\sample01.aar
> > > >
> > > > I've tried various versions of Rampart and all report the same error
> > > > with Axis2 1.3.  Is there a version that works with latest Axis?
> > > >
> > > > Thank you,
> > > > Andrew
> > >
> > > --
> > > Sanjiva Weerawarana, Ph.D.
> > > Founder & Director; Lanka Software Foundation; http://www.opensource.lk/
> > > Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
> > > Member; Apache Software Foundation; http://www.apache.org/
> > > Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/
> > >
> > >
> -
> > > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
>
>


-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart 1.2 with Axis2 1.3 final release

2007-10-30 Thread Ruchith Fernando 
Hi,

Please use rampart-1.3 with axis2-1.3 :

http://www.apache.org/dyn/closer.cgi/ws/rampart/1_3

Thanks,
Ruchith

Thilina Gunarathne wrote:
> Hi,
> Your question would be answered better in the rampart list..
> I'm cc'ing it... Make sure to join that list..
> 
> thanks,
> Thilina
> 
> On 10/30/07, Andrew Puzankov <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> Is there a version of Rampart that works with Axis2 1.3 final release?  I
>> saw posts in the forum that Rampart 1.2 has issues with Axis1.3 RC1 but does
>> that issue also exist with Axis 1.3 final release?  I am trying Rampart 1.2
>> sample01 (completed all the steps in readme.txt) and getting this error when
>> running server for sample01:
>>
>> org.apache.axis2.deployment.DeploymentException: The
>> rampart module is not valid or has not been deployed.
>>
>> Also if I hit the URL of the samples server:
>>
>> http://localhost:8080/axis2/services/
>>
>> I get the following error:
>>
>> Faulty Services
>> C:\tools\rampart-
>> 1.2\samples\basic\build\service_repositories\sample01\services\sample01.aar
>>
>> I've tried various versions of Rampart and all report the same error with
>> Axis2 1.3.  Is there a version that works with latest Axis?
>>
>> Thank you,
>> Andrew
>>
> 
> 




signature.asc
Description: OpenPGP digital signature

Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault Messages

2007-10-29 Thread Ruchith Fernando 
Hi Tim,

This is not fixed yet in the latest build ... Please keep an eye on
the JIRA [1] we'll update it as soon as we fix it and the fix will be
available in the latest build of the trunk.

Thanks,
Ruchith

1.  https://issues.apache.org/jira/browse/RAMPART-90

On 10/29/07, Tim Munro (myDIALS) <[EMAIL PROTECTED]> wrote:
> Thanks for following up Ruchith, really appreciated. I look forward to this
> fix - will this appear in the latest builds, or will it only appear in the
> next "release" build.
>
> Best,
> Tim.
> -Original Message-
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Monday, 29 October 2007 10:53 AM
> To: axis-dev@ws.apache.org
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
> Messages
>
> Hi,
>
> This is an issue in Rampart because it doesn't processes the security header
> of fault messages.
>
> https://issues.apache.org/jira/browse/RAMPART-90
>
> This will be fixed in the next release of Apache Rampart.
>
> Thanks,
> Ruchith
>
> On 10/12/07, Tim Munro (myDIALS) <[EMAIL PROTECTED]> wrote:
> > Hi All,
> >
> > I have developed an Axis2-1.3 client (with Rampart 1.3, using an
> > xmlbeans
> > proxy) that calls methods on a secured .NET web service service. I can
> > successfully communicate with the .NET service, however when the .NET
> > server returns a valid fault message the xmlbeans proxy client never
> > receives the returned fault string; instead all the client receives is
> > the following
> > message:
> > Must Understand check failed for header
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
> > 0.xsd : Security
> >
> > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy
> > received the correct/expected error string.
> >
> > So, for example, if I call a method on the .NET web service with an
> > invalid parameter in the request document, the .NET web service
> > returns an informative message containing details of the problem.
> > Below is an example of the xml response message received from the .NET
> > server, and to me it appears to be a valid response:
> >   > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/";
> > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> > urity-
> > utility-1.0.xsd">
> > 
> >  > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> > urity-
> > secext-1.0.xsd" s:mustUnderstand="1">
> > 
> >
> > 2007-10-12T01:02:16.796Z
> >
> > 2007-10-12T01:07:16.796Z
> > 
> > 
> > 
> > 
> > 
> > s:UnexpectedFault
> > An unexpected
> > error has occurred in the service.
> > System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva
> > lidReq
> > uestFault]: The dimension member 'Midlands' was included in a
> > dimension reference for the 'Products' dimension, but is not valid.
> > (Fault Detail is equal to
> MyDials.Common.ServiceFaults.InvalidRequestFault).
> > 
> > 
> > 
> >
> > When I interact with this returned message (through the xmlbeans
> > proxy), the error message I see is the "Must Understand check failed for
> header ..."
> > rather than the value contained in the faultstring elemrnt of the
> > returned document.
> >
> > The issue appears to be that the received message header contains a
> > (valid) timestamp, as indicated above, however the Axis2 response
> > handler never seems to to process this timestamp in the header,
> > meaning that when the
> > AxisEngine.checkMustUnderstand() performs the
> > headerBlock.isProcessed() test, the result is false and so the "Must
> understand check failed ..."
> > exception is thrown and my xmlbeans proxy never sees the real
> > faultstring message.
> >
> > I am struggling to understand what is going wrong here ... any
> > guidance on what to fault-find next would be greatly appreciated as
> > after a few days looking at this I am unsure if it is a problem in
> > returned document

Re: [Axis2] Question Axis2 maven modules

2007-10-29 Thread Ruchith Fernando 
> 5. Rahas, secpolicy, security was moved out to a separate sub-project
> within WS along with other security stuff right?
> (If yes
>  (why do we have them inside Axis2?)
>  (Ignore this ;) ))
>
hehe ... seems like we got a lisp fan :)
I should have ignored this :D

Anyway do an svn stat ... they are only in your local copy.

https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules

Thanks,
Ruchith

-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault Messages

2007-10-28 Thread Ruchith Fernando 
Hi,

This is an issue in Rampart because it doesn't processes the security
header of fault messages.

https://issues.apache.org/jira/browse/RAMPART-90

This will be fixed in the next release of Apache Rampart.

Thanks,
Ruchith

On 10/12/07, Tim Munro (myDIALS) <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I have developed an Axis2-1.3 client (with Rampart 1.3, using an xmlbeans
> proxy) that calls methods on a secured .NET web service service. I can
> successfully communicate with the .NET service, however when the .NET server
> returns a valid fault message the xmlbeans proxy client never receives the
> returned fault string; instead all the client receives is the following
> message:
> Must Understand check failed for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
> 0.xsd : Security
>
> Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy received
> the correct/expected error string.
>
> So, for example, if I call a method on the .NET web service with an invalid
> parameter in the request document, the .NET web service returns an
> informative message containing details of the problem. Below is an example
> of the xml response message received from the .NET server, and to me it
> appears to be a valid response:
> 
> http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
> utility-1.0.xsd">
> 
>  xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
> secext-1.0.xsd" s:mustUnderstand="1">
> 
>
> 2007-10-12T01:02:16.796Z
>
> 2007-10-12T01:07:16.796Z
> 
> 
> 
> 
> 
> s:UnexpectedFault
> An unexpected error
> has occurred in the service.
> System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.InvalidReq
> uestFault]: The dimension member 'Midlands' was included in a dimension
> reference for the 'Products' dimension, but is not valid. (Fault Detail is
> equal to MyDials.Common.ServiceFaults.InvalidRequestFault).
> 
> 
> 
>
> When I interact with this returned message (through the xmlbeans proxy), the
> error message I see is the "Must Understand check failed for header ..."
> rather than the value contained in the faultstring elemrnt of the returned
> document.
>
> The issue appears to be that the received message header contains a (valid)
> timestamp, as indicated above, however the Axis2 response handler never
> seems to to process this timestamp in the header, meaning that when the
> AxisEngine.checkMustUnderstand() performs the headerBlock.isProcessed()
> test, the result is false and so the "Must understand check failed ..."
> exception is thrown and my xmlbeans proxy never sees the real faultstring
> message.
>
> I am struggling to understand what is going wrong here ... any guidance on
> what to fault-find next would be greatly appreciated as after a few days
> looking at this I am unsure if it is a problem in returned document, or my
> policy.xml.
>
> Thanks,
> Tim Munro
> ===
>
> Below is my policy.xml document:
> 
>  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> 
> 
>  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> 
> 
> 
>  RequireClientCertificate="false"/>
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> 
>  sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
> eToken/AlwaysToRecipient">
> 
>
> 
> 
> 
> 
> 
>  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/secur

Re: [Axis2][Strawman] Re-organise AddressingInHandler Code to take account of Security Considerations

2007-10-18 Thread Ruchith Fernando 
Hi David,

I agree with the proposal!

Just one clarification though :
Are we going to include the SecuredAddressingDispatchValidator in the
addressing module? If so should we a property in the message context
to point to the AxisOperation used for security configuration?

Thanks,
Ruchith

On 10/9/07, David Illsley <[EMAIL PROTECTED]> wrote:
> As discussed a couple of months back, the current one-shot
> WS-Addressing header extraction isn't suited for use with security.
> This is because either:
> 1. Addressing runs before security and populates fields such as
> ReplyTo/FaultTo which, if later found to be invalid would not be
> un(de?)populated (which is a security risk).
> 2. Addressing runs after security, hence interoperable Operation-Level
> security is not possible as it relies on the WS-A Action/WS-A
> RelatesTo for operation identification.
>
> I've thought about this problem a fair bit and I'm of the opinion that
> security is important enough that we should break the WS-A headers
> apart and change the model slightly.
>
> The following proposal is very much open to change, but I do believe
> is in the right general direction.
>
> AddressingDispatchExtractor
>   -- Extracts wsa:Action and/or wsa:RelatesTo value
>   -- Determines the correct AxisOperation/OperationContext for security
> -- Does not set them in normal place on message context in case
> they are invalid
> -- Places them on message context as properties
>   -- Sets WS-A namespace on message context to allow security + later
> WS-A handers to proces the correct headers
>
> SecurityHandler(s)
>   -- Configured based on the AxisOperation extracted by the
> AddressingDispatchExtractor
>   -- Validates the WS-A headers with the selected namespace (if appropriate)
>
> AddressingRemainderInHandler
>   -- Extracts remaining WS-A headers and sets them on the MessageContext
>   -- Amalgem of AddressingFinalInHandler and AddressingSubmissionInHandler
> -- Namespace has already been selected so makes sense to combine
>
> General Dispatchers
>
> SecuredAddressingDispatchValidator
>   --  Verfies that the AxisOperation to be invoked matches the
> AxisOperation used for security configuration
>   -- Only required if security is engaged
>
> Backwards Compatibility
>   -- For users who haven't modified the WS-A Module  - no backwards copat 
> issues
>   -- For users who have, need to modify their custom module.xml to use
> the new handlers
>
> Anyone have any thoughts on this?
> Cheers,
> David
>
> --
> David Illsley - IBM Web Services Development
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[ANN] Apache Rampart 1.3 Released

2007-09-06 Thread Ruchith Fernando 
This is the 1.3 release of Apache Rampart.

Apache Rampart 1.3 is a toolkit that provides implementations of the
WS-Sec* specifications for Apache Axis2 1.3, based on Apache WSS4J 1.5.3
and the Apache AXIOM-DOOM 1.2.5 implementations.

You can download the releases from:
http://www.apache.org/dyn/closer.cgi/ws/rampart/1_3

There are two main Apache Axis2 modules provided with this release.

* rampart-1.3.mar
  This provides support for WS-Security and WS-SecureConversation
features.
* rahas-1.3.mar
  This module provides the necessary components to enable
SecurityTokenService functionality on a service.

Apache Rampart 1.3 uses a configuration model based on WS-Policy and
WS-Security Policy. It is important to note that the Apache Rampart 1.0
style configuration is also available even though being marked as
deprecated.

Apache Rampart 1.3 can be successfully used with the next Apache
Sandesha2 release targeted towards Apache Axis2 1.3 to configure
WS-SecureConversation + WS-ReliableMessaging scenarios.

The rampart module was successfully tested for interoperability with
other WS-Security implementations.

WS - Sec* specifications supported by Apache Rampart are as follows:

* WS - Security 1.0
* WS - Secure Conversation - February 2005
* WS - Security Policy - 1.1 - July 2005
* WS - Trust - February 2005
* WS - Trust - WS-SX spec - EXPERIMENTAL

Thank you for using Apache Rampart.

Apache Rampart team





signature.asc
Description: OpenPGP digital signature

Re: [Rampart] Availability of v1.3

2007-08-22 Thread Ruchith Fernando 
That was the idea at the beginning ... but Rampart to be held back a
little due some ongoing changes in the projects that it depends on at
that time ... We will try our best to release both at the same time in
the next release!

Thanks,
Ruchith

On 8/22/07, stlecho <[EMAIL PROTECTED]> wrote:
>
> Thanks for the supplied information. I think it would be great if future
> releases of Axis2 and the related modules - Rampart in this case - were
> released at the same time. Are there any plans to synchronize both releases
> ?
>
> Regards, Stefan Lecho.
>
>
> Ruchith Fernando wrote:
> >
> > We just started a vote to release 1.3 with the artefacts available here :
> >
> > http://people.apache.org/~ruchithf/rampart/1_3/
> >
> > If all goes well ... we will announce the release in 3 days from now :-)
> >
> > Thanks,
> > Ruchith
> >
> > On 8/22/07, stlecho <[EMAIL PROTECTED]> wrote:
> >>
> >> All,
> >>
> >> We are currently using Axis2 v1.1.1 with Rampart v1.1. We are planning to
> >> upgrade to Axis v1.3 and Rampart v1.3.
> >> I have found the Axis2 v1.3 release, but I was unable to find the Rampart
> >> v1.3 release. Rampart v1.3 is listed as module, but the download is not
> >> available on the download mirrors listed on the Axis2 website
> >> (http://ws.apache.org/axis2/modules/index.html) nor on the Rampart
> >> website
> >> (http://ws.apache.org/rampart/download.cgi).
> >>
> >> Is Rampart v1.3 already officially released ? If yes, where can I find it
> >> ?
> >> If no, when will it be available ?
> >>
> >> Regards, Stefan Lecho.
> >> --
> >> View this message in context:
> >> http://www.nabble.com/-Rampart--Availability-of-v1.3-tf4310097.html#a12270045
> >> Sent from the Axis - Dev mailing list archive at Nabble.com.
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >
> >
> > --
> > www.ruchith.org
> > www.wso2.org
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
> --
> View this message in context: 
> http://www.nabble.com/-Rampart--Availability-of-v1.3-tf4310097.html#a12273903
> Sent from the Axis - Dev mailing list archive at Nabble.com.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Rampart] Availability of v1.3

2007-08-22 Thread Ruchith Fernando 
We just started a vote to release 1.3 with the artefacts available here :

http://people.apache.org/~ruchithf/rampart/1_3/

If all goes well ... we will announce the release in 3 days from now :-)

Thanks,
Ruchith

On 8/22/07, stlecho <[EMAIL PROTECTED]> wrote:
>
> All,
>
> We are currently using Axis2 v1.1.1 with Rampart v1.1. We are planning to
> upgrade to Axis v1.3 and Rampart v1.3.
> I have found the Axis2 v1.3 release, but I was unable to find the Rampart
> v1.3 release. Rampart v1.3 is listed as module, but the download is not
> available on the download mirrors listed on the Axis2 website
> (http://ws.apache.org/axis2/modules/index.html) nor on the Rampart website
> (http://ws.apache.org/rampart/download.cgi).
>
> Is Rampart v1.3 already officially released ? If yes, where can I find it ?
> If no, when will it be available ?
>
> Regards, Stefan Lecho.
> --
> View this message in context: 
> http://www.nabble.com/-Rampart--Availability-of-v1.3-tf4310097.html#a12270045
> Sent from the Axis - Dev mailing list archive at Nabble.com.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Releases of Sandesha and Rampart for Axis2 1.3

2007-08-21 Thread Ruchith Fernando 
Hi,

Rampart release artifacts are ready ... sending the vote in a few mins :-)

Thanks,
Ruchith

Deepal Jayasinghe wrote:
> Hi all,
> 
> What is the status of the two releases  , I think its time to release
> Sandesha release candidate .
> I went though the jira list and seems ok to me.
> 
> Thanks
> Deepal
>> Hi Dims,
>>
>> Yes please .
>>
>> Thanks
>> Deepal
>>
>> Davanum Srinivas wrote:
>>   
>>> Ruchith, Folks,
>>>
>>> I was poking around Sandesha 1.3 branch. I can help with that if we
>>> are short handed and no one else volunteers :)
>>>
>>> -- dims
>>>
>>> On 8/6/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
>>>   
>>> 
>>>> We'll cut a  Rampart-RC that works with Axis2-RC3 today!
>>>>
>>>> Thanks,
>>>> Ruchith
>>>>
>>>> Davanum Srinivas wrote:
>>>> 
>>>>   
>>>>> Sorry for the x-post...
>>>>>
>>>>> Dear Rampart and Sandesha Folks,
>>>>> Now that we have cut 1.3RC3 and all the snapshots are finalized...Any
>>>>> ETA on releasing Rampart and Sandesha that would work with Axis2 1.3?
>>>>> Please note that we got *strong* feedback from the user community last
>>>>> time around for this.
>>>>>
>>>>> thanks,
>>>>> dims
>>>>>
>>>>>   
>>>>> 
>>>> 
> 
> 
> 




signature.asc
Description: OpenPGP digital signature

Re: [Axis2][VOTE]Axis2 1.3 release artifacts (#take3)

2007-08-12 Thread Ruchith Fernando 
+1

Thanks,
Ruchith

On 8/10/07, Deepal jayasinghe <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi all,
>
> I have uploaded Axis2 1.3 (take3) into my Apache home location [1]
> again . As a result of we found a few issues in 1.3 take2 I had to
> upload the artifacts again and call for a new vote. I will keep open
> the vote for 72 hrs from now and will do the Axis2 1.3 release on
> Monday 13th Aug 2007.
>
> You can find both IntelliJ idea and Eclipse plugin artifacts in the
> tools folder [2]
>
> Please try to cover the following areas when testing.
> - - Code generation
> - - Sessions
> - - Web application
> - - In different application servers
> - - Both JDK 1.5 and JDK 1.4
> - - Java2WSDL
> - - POJOs
> - - And whatever the JIRA we have marked as fixed.
>
> You can find maven2 repository under my home directory as well [3]. I
> have host the web site for 1.3 in [4] please have a look at that as well
>
> I will do the final release on Friday (10th Aug 2007), here is my +1
> for the release date as well as for release artifacts.
>
>
> [1] : http://people.apache.org/~deepal/axis2/1.3-take3/
> [2] : http://www-lk.wso2.com/~deepal/1.3-tools/
> [3] : http://people.apache.org/~deepal/axis2/1.3-take3/m2-repo/
> [4] : http://www-lk.wso2.com/~deepal/axis2/
>
>
> P.S : Please note that I need to have two more PMC vote to go ahead
> with the release, so please give us the support by voting for the release.
>
>
> Thanks
> Deepal
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGvFhvjOGcXNDx0CARAh+4AJ49M1d86/v39C6Z0WnMcxsK5RgF3QCdGD8d
> 43gXJ+tvuyHhc/nI1t1u1fw=
> =sqos
> -END PGP SIGNATURE-
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [axis2] Re: svn commit: r559011 - in /webservices/axis2/trunk/java/modules: addressing/src/META-INF/ integration/conf/ integration/test-resources/deployment/ integration/test-resources/mtom/ integ

2007-08-09 Thread Ruchith Fernando 
Got it! :-)

Thanks for the explanation David.

- Ruchith

On 8/9/07, David Illsley <[EMAIL PROTECTED]> wrote:
> The DoS is not against the service itself, but using the service to
> send messages to a victim indirectly. To prevent the use of your
> server in this way, the suggestion from the WS-A group is to require
> the ReplyTo is signed. However, given that we populate the ReplyTo
> field before the security handler now, Axis2+Rampart users get no such
> protection because when Rampart throws an exception, a fault will be
> sent to the victim, not the originator of the request message.
>
> Given that we don't have (and I see no appetite for) roll-back-able
> handlers, the solution I see is to split the reading of the addressing
> headers into 2. Part that runs before security and part that runs
> after. That way, anything which is security-sensitive (like ReplyTo
> processing) can run after security validation.
>
> Cheers,
> David
>
> On 09/08/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > Apologies for jumping in late! Please see my comments below:
> >
> > On 7/30/07, David Illsley <[EMAIL PROTECTED]> wrote:
> > > Ah, the perrenial ws-sec+ws-a problem.
> > > This is a really complex issue, and unfortunately I don't think it can
> > > be resolved this simply i.e. what happens if security rejects the ws-a
> > > headers as invalid? There isn't any code to roll-back the ws-a related
> > > fields in the message context, so suddenly one of the main reasons to
> > > require signed ws-a headers (preventing your server from being used to
> > > DoS via ReplyTo) is bypassed.
> > >
> > > I think we probably need to split the addressing processing itself
> > > into 2 parts - the first which provides a guess of the AxisOperation
> > > based onthe To/Action/RelatesTo and the second which does the full
> > > ws-a processing (afer the security handler).
> >
> > I'm trying to understand the various placements of the addressing
> > dispatcher and its affect on the DoS attack that David mentioned.
> > Please correct me if I have missed something.
> >
> > With the addressing dispatcher running before the security handler
> > - An attacker changes the signed ReplyTo header of a message to a service
> > - Addressing handled extracts this information and addressing
> > dispatcher finds the operation.
> > - Signature verification fails and the fault is sent to the *changed*
> > ReplyTo address
> >
> > Now with David's proposal (The way I understood it) the earlier three
> > steps happen anyway ... its true that the fault is sent to the changed
> > ReplyTo but the message never reaches the service in either case.
> >
> > Now ... In case of a aync message invocation, even if we do *not* do
> > any addressing processing/dispatch before security processing when
> > signature verification fails due to someone modifying an addressing
> > header we will not be able to send an asyc response anyway, since at
> > the point where processing fails we  do not know the ReplyTo address.
> >
> > David can you please explain how the DoS attack happen with the
> > current approach and how it can be prevented by splitting addressing
> > based dispatching?
> >
> > Thanks,
> > Ruchith
> >
> > >
> > > Do you have a list of use-cases you're trying to support?
> > > David
> > >
> > > On 27/07/07, Deepal jayasinghe <[EMAIL PROTECTED]> wrote:
> > > > In the case of WS-Security there are instance that the only way to
> > > > dispatch is using addressing , and service and operation must be found
> > > > before running the security handlers. If you take transport like SMTP
> > > > the only way to dispatch is using addressing so we need to run
> > > > addressing before security.
> > > >
> > > > May be Ruchith can add some more infor into this.
> > > >
> > > > Thanks
> > > > Deepal
> > > > > Um deepal, can you explain why we should have the
> > > > > AddressingBased*Dispatcher* running before the *Dispatch* phase?
> > > > > Thanks,
> > > > > David
> > > > >
> > > > > On 25/07/07, Deepal jayasinghe <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > >> Hi Glen,
> > > > >> Yes I have to agree with you , but let's do that for next release. I
> > > > >> would like to consider that as the first item to be

Re: Rampart - Access Control

2007-08-09 Thread Ruchith Fernando 
You can authenticate the user based on the signature ... but you will
have to implement your own access control based on the identified
users.

Thanks,
Ruchith

On 7/20/07, balaji hari <[EMAIL PROTECTED]> wrote:
>
> We are evaluating rampart for implementing web services security. Using
> digital signatures is it possible to do access control?
>
> thanks
> Balaji
>
> --
> View this message in context: 
> http://www.nabble.com/Rampart---Access-Control-tf4117283.html#a11708760
> Sent from the Axis - Dev mailing list archive at Nabble.com.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [axis2] Re: svn commit: r559011 - in /webservices/axis2/trunk/java/modules: addressing/src/META-INF/ integration/conf/ integration/test-resources/deployment/ integration/test-resources/mtom/ integ

2007-08-09 Thread Ruchith Fernando 
Apologies for jumping in late! Please see my comments below:

On 7/30/07, David Illsley <[EMAIL PROTECTED]> wrote:
> Ah, the perrenial ws-sec+ws-a problem.
> This is a really complex issue, and unfortunately I don't think it can
> be resolved this simply i.e. what happens if security rejects the ws-a
> headers as invalid? There isn't any code to roll-back the ws-a related
> fields in the message context, so suddenly one of the main reasons to
> require signed ws-a headers (preventing your server from being used to
> DoS via ReplyTo) is bypassed.
>
> I think we probably need to split the addressing processing itself
> into 2 parts - the first which provides a guess of the AxisOperation
> based onthe To/Action/RelatesTo and the second which does the full
> ws-a processing (afer the security handler).

I'm trying to understand the various placements of the addressing
dispatcher and its affect on the DoS attack that David mentioned.
Please correct me if I have missed something.

With the addressing dispatcher running before the security handler
- An attacker changes the signed ReplyTo header of a message to a service
- Addressing handled extracts this information and addressing
dispatcher finds the operation.
- Signature verification fails and the fault is sent to the *changed*
ReplyTo address

Now with David's proposal (The way I understood it) the earlier three
steps happen anyway ... its true that the fault is sent to the changed
ReplyTo but the message never reaches the service in either case.

Now ... In case of a aync message invocation, even if we do *not* do
any addressing processing/dispatch before security processing when
signature verification fails due to someone modifying an addressing
header we will not be able to send an asyc response anyway, since at
the point where processing fails we  do not know the ReplyTo address.

David can you please explain how the DoS attack happen with the
current approach and how it can be prevented by splitting addressing
based dispatching?

Thanks,
Ruchith

>
> Do you have a list of use-cases you're trying to support?
> David
>
> On 27/07/07, Deepal jayasinghe <[EMAIL PROTECTED]> wrote:
> > In the case of WS-Security there are instance that the only way to
> > dispatch is using addressing , and service and operation must be found
> > before running the security handlers. If you take transport like SMTP
> > the only way to dispatch is using addressing so we need to run
> > addressing before security.
> >
> > May be Ruchith can add some more infor into this.
> >
> > Thanks
> > Deepal
> > > Um deepal, can you explain why we should have the
> > > AddressingBased*Dispatcher* running before the *Dispatch* phase?
> > > Thanks,
> > > David
> > >
> > > On 25/07/07, Deepal jayasinghe <[EMAIL PROTECTED]> wrote:
> > >
> > >> Hi Glen,
> > >> Yes I have to agree with you , but let's do that for next release. I
> > >> would like to consider that as the first item to be  fixed.
> > >>
> > >> Thanks
> > >> Deepal
> > >>
> > >>> [Forward with correct prefix]
> > >>>
> > >>> Gosh.  If only Modules ...
> > >>>
> > >>> http://marc.info/?l=axis-dev&m=118117804705440&w=2
> > >>>
> > >>> ... could define their own Phases
> > >>>
> > >>> http://marc.info/?l=axis-dev&m=114404998012486&w=2
> > >>>
> > >>> this commit could have consisted of a simple change to the Addressing
> > >>> module's module.xml, and that would basically be it.  This demonstrates,
> > >>> once again, exactly the problem with the current overly-static design.
> > >>>
> > >>> I still stand by the position I wrote up last year:
> > >>>
> > >>> http://marc.info/?l=axis-dev&m=114417377917696&w=2
> > >>>
> > >>> This needs to be fixed after 1.3, folks.
> > >>>
> > >>> --Glen
> > >>>
> > >>>
> > >>> [EMAIL PROTECTED] wrote:
> > >>>
> >  Author: deepal
> >  Date: Tue Jul 24 04:41:00 2007
> >  New Revision: 559011
> > 
> >  URL: http://svn.apache.org/viewvc?view=rev&rev=559011
> >  Log:
> >  -Add a phase called Addressing as I mentioned in the mailing list -
> >  Move all the addressing handlers into Addressing phase
> >  - Had to modify a set of axis2.xml and test cases to cope this chang
> > 
> >  [This is a big commit but no need to worry :) ]
> > 
> >  Modified:
> > 
> >  webservices/axis2/trunk/java/modules/addressing/src/META-INF/module.xml
> >  webservices/axis2/trunk/java/modules/integration/conf/axis2.xml
> > 
> >  webservices/axis2/trunk/java/modules/integration/test-resources/deployment/deployment.both.axis2.xml
> > 
> > 
> >  webservices/axis2/trunk/java/modules/integration/test-resources/mtom/MTOM-enabled-axis2.xml
> > 
> > 
> >  webservices/axis2/trunk/java/modules/integration/test-resources/mtom/MTOM-fileCache-enabled-axis2.xml
> > 
> > 
> >  webservices/axis2/trunk/java/modules/integration/test-resources/swa/SwA-enabled-axis2.xml
> > 
> > 
> >  webservices/axis2/trunk/java/modules/integrati

Re: [Axis2] Axis2 1.3 RC3 released

2007-08-07 Thread Ruchith Fernando 
Hi Deepal,

Where can I find the addressing module of the RC3 release? It is not
in either http://people.apache.org/~deepal/axis2/1.3-RC3/m2-repo/ or
http://people.apache.org/repo/m2-snapshot-repository

Thanks,
Ruchith

On 8/7/07, Deepal jayasinghe <[EMAIL PROTECTED]> wrote:
> Jarek Gawor wrote:
> > On 8/6/07, Deepal jayasinghe <[EMAIL PROTECTED]> wrote:
> >
> >> I can upload RC3 into m2-snapshot-repository , and I will do that today,
> >> however if you can wait three more days you will be able to go with final.
> >>
> >
> > Please upload it. I know and our goal is to use an officially released
> > version of Axis2 but the timing might just not work out.
> >
> Done.
>
> Thanks
> Deepal
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [rampart] WCF interop - sample WSDLs

2007-08-07 Thread Ruchith Fernando 
The policies we have in the Rampart samples are similar to those we 
interop with WCF. Specifically we fully interop with WCF WS-Security-1.0 
scenarios[1][2].


Thanks,
Ruchith

[1] http://131.107.72.15/Security_WsSecurity_Service_Indigo/
[2] http://131.107.72.15/ilab/WSSecurity/WCFInteropPlugFest_Security.zip

Angel Todorov wrote:

Hi Ruchith,

Could you share some WSDLs that contain security-policy and that you have
tested to be inter-operable with WCF ? I have been trying to test security
enabled Axis2 services, by creating a service reference in dotnet giving 
the

URL (by doing ?wsdl on the secured service), but with no big success -:)
Thanks very much in advance.

Regards,
Angel




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis2 + Rampart + WS-Security

2007-08-07 Thread Ruchith Fernando 
IMHO this is out of the scope of WS-Security specification and
WS-SecureConversation will be able to help.

You can authenticate the user and create the security context. Now you
can use this context in sending the subsequent messages.

Thanks,
Ruchith

On 7/10/07, Kevin TierOne <[EMAIL PROTECTED]> wrote:
>
> I have a question about the capabilities of the rampart module.  I would
> like to create a client that sends several SOAP messages to the server.  The
> messages are currently authenticated using the UsernameToken in a PWCallback
> class.  Is it possible to create a session identifier when processing the
> first SOAP message so the remaining SOAP messages are not required to
> authenticate?
>
> Is there any built-in function in rampart or the callback class to help me
> keep track of a session identifier?  Or is this functionality out of the
> scope of rampart and WS-Security?
>
> Is this where WS-SecureConversation comes in to play?  If so, then is there
> an Axis2 module in the works for WS-SecureConversation?
>
> Thanks,
> Kevin
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[AXIS2] PROPOSAL : Options#setUsername() and Options#setPassword()

2007-08-03 Thread Ruchith Fernando 
Hi All,

There two widely used cases where the client will have to provide a
username and a password when accessing a service.

  - UsernameToken authentication
  - HTTP basic auth

Right now with Axis2 these two requires the user to provide the
username in different ways. It will be great if we can have a scenario
where we simply set these two values in the Options object and expect
the modules to use these values in applying the policy expressed by
the service (adding a UT or basic auth).

Thoughts?

Thanks,
Ruchith

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [rampart]rampart xsd schema change?

2007-07-11 Thread Ruchith Fernando 

The SSLConfig assertion is an optional assertion in the RampartConfig
assertion. It parsed using the
org.apache.rampart.policy.builders.SSLConfigBuilder class and we
create the SSLConfig object. If there are errors in the syntax of the
assertion then the SSLConfigBuilder should complain. Is this
validation sufficient?

We do not have an xml schema definition for RampartConfig assertion
and its child assertions at the moment and I don't see the requirement
of one for validation of the assertions since the model we have seems
to takes care of validation.

Am I missing something here?

Thanks,
Ruchith

On 7/11/07, Nencho Lupanov <[EMAIL PROTECTED]> wrote:

Hi Ruchith,

the sslConfig assertion is cutom - e.g. not presented in the xsd chema but
it still
processed without errorsso it is not validated?

Regards,
Nencho


2007/7/11, Ruchith Fernando <[EMAIL PROTECTED]>:
>
> Well ... I believe when we are parsing the assertion we automatically
> validate the assertions in the respective builders.
>
> Thanks,
> Ruchith
>
> On 7/11/07, Angel Todorov <[EMAIL PROTECTED]> wrote:
> > Hi Ruchith,
> >
> > The question is not only about documenting it, but also about validating
it.
> > Does rampart currently validate against the XSD ? Thanks.
> >
> > Regards,
> > Angel
> >
> >
> > On 7/10/07, Ruchith Fernando <[EMAIL PROTECTED] > wrote:
> > >
> > > Hmm ... This raises the issue of us not having documented the schema
> > > of RampartConfig :-) ... I'll create a JIRA on this !
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > On 6/27/07, Nencho Lupanov < [EMAIL PROTECTED]> wrote:
> > > > Hi all,
> > > >
> > > > recently i fixed a bug in rampart that prevented the usage of ssl
> > encyption
> > > > in a transport binding policy.That fix use a custom rampart
assertion
> > that
> > > > is new to the rampart configthis fix is already adopted - you
can
> > check
> > > > the jira request at:
> > > >
> >
https://issues.apache.org/jira/browse/RAMPART-42?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12496738
> > > >
> > > > My question is - do we need to change also the rampart policy
schema?
> > > >
> > > > Regards,
> > > > Nencho
> > >
> > >
> > > --
> > > www.ruchith.org
> > > www.wso2.org
> > >
> > >
> >
-
> > > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
>
-
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [rampart] PolicyBasedResultsValidator

2007-07-11 Thread Ruchith Fernando 

Yes ... this certainly can be improved to check whether we actually
received the parts that we expected or not!

Thanks,
Ruchith

On 6/28/07, Angel Todorov <[EMAIL PROTECTED]> wrote:

Hi all,

I've found this piece of code in the
RampartPolicyBasedResultsValidator.java:

  int refCount = 0;

refCount += encryptedParts.size();

if(encrRefs.size() != refCount) {
throw new
RampartException("invalidNumberOfEncryptedParts",
new String[]{Integer.toString(refCount)});
}


How can you be sure that if the number is the same, the parts themselves
aren't different? This can lead to a big security compromise IMO , maybe I
am mistaken -:)

Regards,
Angel




--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [rampart]rampart xsd schema change?

2007-07-11 Thread Ruchith Fernando 

Well ... I believe when we are parsing the assertion we automatically
validate the assertions in the respective builders.

Thanks,
Ruchith

On 7/11/07, Angel Todorov <[EMAIL PROTECTED]> wrote:

Hi Ruchith,

The question is not only about documenting it, but also about validating it.
Does rampart currently validate against the XSD ? Thanks.

Regards,
Angel


On 7/10/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
>
> Hmm ... This raises the issue of us not having documented the schema
> of RampartConfig :-) ... I'll create a JIRA on this !
>
> Thanks,
> Ruchith
>
> On 6/27/07, Nencho Lupanov < [EMAIL PROTECTED]> wrote:
> > Hi all,
> >
> > recently i fixed a bug in rampart that prevented the usage of ssl
encyption
> > in a transport binding policy.That fix use a custom rampart assertion
that
> > is new to the rampart configthis fix is already adopted - you can
check
> > the jira request at:
> >
https://issues.apache.org/jira/browse/RAMPART-42?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12496738
> >
> > My question is - do we need to change also the rampart policy schema?
> >
> > Regards,
> > Nencho
>
>
> --
> www.ruchith.org
> www.wso2.org
>
>
-
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r553898 - /webservices/axis2/trunk/java/modules/parent/pom.xml

2007-07-10 Thread Ruchith Fernando 

Hmm .. I think since the value just has to be a long value there's
another way to fix this :-)

Try using 1.21 if it is a version after 1.2

Thanks,
Ruchith


On 7/7/07, Chamikara Jayalath <[EMAIL PROTECTED]> wrote:

Hi David,

AFAIK the version number of a module must be a long value. I.e we cannot
have a module with a name such as addressing-1.3-RC1.mar. This seems like a
restriction to me. Think we should fix this.

Chamikara



On 7/6/07, David Illsley <[EMAIL PROTECTED]> wrote:
> Hi,
> Can you explain why we need separate version number for the mar files
please?
> Thanks.
> David
>
> On 06/07/07, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:
> > Author: sumedha
> > Date: Fri Jul  6 07:35:53 2007
> > New Revision: 553898
> >
> > URL: http://svn.apache.org/viewvc?view=rev&rev=553898
> > Log:
> > added properties for mar files
> >
> > Modified:
> > webservices/axis2/trunk/java/modules/parent/pom.xml
> >
> > Modified:
webservices/axis2/trunk/java/modules/parent/pom.xml
> > URL:
http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/parent/pom.xml?view=diff&rev=553898&r1=553897&r2=553898
> >
==
> > --- webservices/axis2/trunk/java/modules/parent/pom.xml
(original)
> > +++ webservices/axis2/trunk/java/modules/parent/pom.xml
Fri Jul  6 07:35:53 2007
> > @@ -79,7 +79,11 @@
> >element, and it will need to be changed manually before a
release,
> >as the maven-release-plugin will not update this value.
> >  -->
> > -SNAPSHOT
> > +SNAPSHOT
> > +   1.3
> > +   1.3
> > +   1.3
> > +   1.3
> >  0.1.0 
> >  1.7.0
> >  2.7.4
> >
> >
> >
> >
-
> > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> David Illsley - IBM Web Services Development
>
>
-
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



--
Chamikara Jayalath
WSO2 Inc.
http://wso2.com/
http://wso2.org/ - For your Oxygen needs



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [rampart]rampart xsd schema change?

2007-07-10 Thread Ruchith Fernando 

Hmm ... This raises the issue of us not having documented the schema
of RampartConfig :-) ... I'll create a JIRA on this !

Thanks,
Ruchith

On 6/27/07, Nencho Lupanov <[EMAIL PROTECTED]> wrote:

Hi all,

recently i fixed a bug in rampart that prevented the usage of ssl encyption
in a transport binding policy.That fix use a custom rampart assertion that
is new to the rampart configthis fix is already adopted - you can check
the jira request at:
https://issues.apache.org/jira/browse/RAMPART-42?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12496738

My question is - do we need to change also the rampart policy schema?

Regards,
Nencho



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [axis2] SOAP 1.1 default?

2007-07-10 Thread Ruchith Fernando 

Hi ... apologies about the delay in my response on this ... IMHO this
sort of behaviour is not possible and Rampart does NOT modify the SOAP
version (since we always use the appropriate factory to convert to
DOOM). Therefore I don't think rampart always spits out SOAP 1.1.

Angel, are you sure rampart always converts to soap 1.1? I just
checked with one of my clients and I was able to successfully send
secure messages with both soap 1.1 and soap 1.2

Thanks,
Ruchith

On 6/19/07, Angel Todorov <[EMAIL PROTECTED]> wrote:

Hi Dims,

I already talked to Ruchith, the problem seems to be the DOM <-> LLOM
conversion. In fact its fixing may turn out to be very easy, but i haven't
taken a look yet. I will file a jira.

Regards,
Angel


On 6/19/07, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
> Angel,
>
> "always using / converting to SOAP 1.1 no matter which soap version is
> chosen by the client" <== is a Very serious bug!!!
>
> please log a JIRA and any help to recreate the issue would be wonderful.
>
> thanks,
> dims
>
>
> On 6/19/07, Angel Todorov <[EMAIL PROTECTED]> wrote:
> > Defaulting to SOAP 1.2 will have more negative effects than positive,
in my
> > opinion -:) have in mind that SOAP 1.2 interop with other WS frameworks
is
> > very volatile at the moment (i.e. DotNET, and JAX-WS, more specifically
-
> > the wsimport tool) - that's what our experiences with soap 1.2 interop
> > testing have shown. In addition to that some Axis2 modules such as
Rampart
> > are always using / converting to SOAP 1.1 no matter which soap version
is
> > chosen by the client. Thanks.
> >
> > Regards,
> > Angel
> >
> >
> >
> > On 6/19/07, Tom Jordahl <[EMAIL PROTECTED]> wrote:
> > > Really?  You want to default to SOAP 1.2?  Really?
> > >
> > > Did you actually flip this switch?  I thought you were going to work
on
> > > stabilizing Axis2 for the 1.3 release.  This is going to rock the boat
> > > in a serious way.
> > >
> > > Tom Jordahl
> > >
> > > -Original Message-
> > > From: Sanjiva Weerawarana [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, June 08, 2007 12:36 PM
> > > To: axis-dev@ws.apache.org
> > > Subject: Re: [axis2] SOAP 1.1 default?
> > >
> > > Definitely +1! Can't remember why we default to 1.1 ..
> > >
> > > Sanjiva.
> > >
> > > Glen Daniels wrote:
> > > > Forgive me if this has been covered recently, but why are we
> > > defaulting
> > > > to SOAP 1.1 everywhere?  Shouldn't our default be SOAP 1.2?
> > > >
> > > > --Glen
> > > >
> > >
> > >
> > >
> >
-
> > > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
>
>
> --
> Davanum Srinivas :: http://davanum.wordpress.com
>
>
-
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Accessing properties set in options of the service client

2007-06-24 Thread Ruchith Fernando 

On 6/25/07, Glen Daniels <[EMAIL PROTECTED]> wrote:

David Illsley wrote:
> Yep, properties which are not copied to the operation context in the
> outflow will not be available on the inflow message context (unless
> you walk up the tree and find the related message context).

It might be nice to have a separate API for setting properties in an
OperationContext-accessible way, much as Options automatically makes
them available on the MessageContext.


+1 :-)


Thanks,
Ruchith



Er.. I just noticed that when you set properties on the MessageContext
they actually get set on the Options object??  This behavior has
apparently been there a while - I'm gonna go back and try to find the
threads around it, but this seems stunningly wrong to me(?).  I thought
the Options object was one you were supposed to be able to reuse between
calls, where you store the stuff that you, the application (client
usually), care about.  Right now it looks like if a Handler sets a "foo"
property on the MC, that property value is going to be persisted across
any invocation using that Options object (and also kept around
unnecessarily if it was a per-MC transient property)  Whaa?

--Glen

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Axis2] Accessing properties set in options of the service client

2007-06-24 Thread Ruchith Fernando 

Hi Devs,

Some of the Rampart tests are failing due the properties set in the
options object of the ServiceClient are not available in the inflow to
be accessed by a handler (out-in operation). The properties are
available in only the outflow.

Is this behavior correct?

Thanks,
Ruchith

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] locked=false

2007-06-17 Thread Ruchith Fernando 

http://mail-archives.apache.org/mod_mbox/ws-axis-dev/200703.mbox/[EMAIL 
PROTECTED]

- Ruchith

On 6/18/07, Ajith Ranabahu <[EMAIL PROTECTED]> wrote:

I remember a discussion but not sure what was the last decision. I'm
ok with it anyway :)

Ajith

On 6/17/07, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
> Team,
>
> Anyone remember if we decided to get rid of locked=false in the xml's
> in svn? since that's the default?
>
> thanks,
> dims
>
> --
> Davanum Srinivas :: http://davanum.wordpress.com
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
Ajith Ranabahu

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart download links

2007-06-09 Thread Ruchith Fernando 

This is intentional!
To use rampart we will have to copy all those dependent jars to the
main axis2 classpath all the time (Because the callback handler impl
will have to be supplied by a service and the WSPasswordCallback
interface required wss4j etc.).
Therefore there's no need to make the rampart.mar and rahas.mar
unnecessarily big.

Thanks,
Ruchith

On 6/9/07, George Stanchev <[EMAIL PROTECTED]> wrote:

Yeah, I found them from Ruchith's previous emails. I was just
letting you know so you can fix it.

Speaking of rampart, the modules that have been posted (rampart-1.2.mar
and rahas-1.2.mar)
are 2k and 3k respectively - all the jars are missing from it.

Is that normal?

Best Regards,
George

-Original Message-
From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
Sent: Friday, June 08, 2007 2:34 PM
To: axis-dev@ws.apache.org
Cc: [EMAIL PROTECTED]
Subject: Re: Rampart download links

Here's the direct links in the mean time:
http://www.apache.org/dist/ws/rampart/1_2/

On 6/8/07, George Stanchev <[EMAIL PROTECTED]> wrote:
> I think the download links are messed up:
>
> On
> http://ws.apache.org/axis2/modules/index.html
>
> In the "Rampart" table row, column "Download"
> All the links there ("Distro zip", "MD5", "PGP") are pointing to the
> rampart 1.1 release:
> [Distro zip]
> http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/rampart-1
> .1
> .zip
> [MD5]
> http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/rampart-1
> .1
> .zip.md5
> [PGP]http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_1/ramp
> ar
> t-1.1.zip.asc
>
>
> You might want to fix this.
>
> George
>
>
> **
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply e-mail and destroy all copies of the
original message.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
Davanum Srinivas :: http://davanum.wordpress.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Vote][Axis2] Charitha Kankanamge as a committer

2007-06-07 Thread Ruchith Fernando 

+1 from me !

Thanks,
Ruchith

On 6/6/07, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:

Hi All,

I would like to propose Charitha Kankanamge as an Apache Axis2/Java committer. 
He has helped us to improve Axis2 in many ways , he has created more than 80 
JIRAs [1] and send patches for some of them as well. In addition to that he is 
very active in the list as well. Therefore giving him a commitership will 
encourage him to contribute more and more in to Axis2.


Here is my +1 for making Charitha as a commiter.

[1] : 
https://issues.apache.org/jira/sr/jira.issueviews:searchrequest-fullcontent/temp/SearchRequest.html?&query=Charitha&summary=true&description=true&body=true&tempMax=1000

Thanks,
Deepal



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Apache Rampart 1.2 Released

2007-06-02 Thread Ruchith Fernando 
This is the 1.2 release of Apache Rampart.

Apache Rampart 1.2 is a toolkit that provides implementations of the
WS-Sec* specifications for Apache Axis2 1.2, based on Apache WSS4J 1.5.2
and the Apache AXIOM-DOOM 1.2.4 implementations.

There are two main Apache Axis2 modules provided with this release.

* rampart-1.2.mar
  This provides support for WS-Security and WS-SecureConversation
features.
* rahas-1.2.mar
  This module provides the necessary components to enable
SecurityTokenService functionality on a service.

Apache Rampart 1.2 uses a configuration model based on WS-Policy and
WS-Security Policy and it is important to note that Apache Rampart 1.0
style configuration is also available even though being marked as
deprecated.

Apache Rampart 1.2 can be successfully used with the next Apache
Sandesha2 release targeted towards Apache Axis2 1.2 to configure
WS-SecureConversation + WS-ReliableMessaging scenarios.

The rampart module was successfully tested for interoperability with
other WS-Security implementations.

WS - Sec* specifications supported by Apache Rampart are as follows:

* WS - Security 1.0
* WS - Secure Conversation - February 2005
* WS - Security Policy - 1.1 - July 2005
* WS - Trust - February 2005
* WS - Trust - WS-SX spec - EXPERIMENTAL

Thank you for using Apache Rampart.

Apache Rampart team





signature.asc
Description: OpenPGP digital signature

Apache WSS4J 1.5.2 Released

2007-05-31 Thread Ruchith Fernando 
Apache WSS4J Team is happy to announce the WSS4J-1.5.2 release.

You can download the releases from:
http://www.apache.org/dyn/closer.cgi/ws/wss4j/1_5_2

Apart from the binary and source distributions, We have an additional
ZIP file that contains other required JAR files to install and run WSS4J.

This release of wss4j uses Apache XML Security 1.4.0.

Please refer to the *readme.* files in the distribution for
further information regarding implemented features, additional
information, links to the Wiki pages, etc.

Enjoy !

The WSS4J team


signature.asc
Description: OpenPGP digital signature

Re: Axis2 Stack Comparison

2007-05-30 Thread Ruchith Fernando 

Savan module [1] supports WS-Eventing.

Thanks,
Ruchith

[1] https://svn.apache.org/repos/asf/webservices/savan/trunk/java/

On 5/30/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:





Hi



I have seen



http://wiki.apache.org/ws/StackComparison that Axis2 is supporting WS-Eventing 
and no modules is mentioned there.



Does that mean axis2 supports WS-Eventing by itself?



Thanks And Regards

Smitha Aldrin



 The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments.

 WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email.

 www.wipro.com





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Re: Problem with Addressing Security and ordering of phases.

2007-05-15 Thread Ruchith Fernando 

Hi,

On 5/15/07, David Illsley <[EMAIL PROTECTED]> wrote:

Hi Amila,
I've been working on a similar issue with a different WS-Sec
implementation on top of Axis2 in the last couple of weeks. I've had a
few discussions about potential vulnerabilites introduced by running
the addressing based dispatcher before the security handlers.

The potential vulnerability is that, given an unsecured operation A,
and a secured operation B, an attacker could add a relatesTo captured
from an insecure 'A' message and use it to get a message which the
other dispatchers would dispatch to 'B' past the security handler. If
a subsequent handler/dispatcher then redispatches the message based on
the contents of the message to 'B' then there is a successful attack.


I'm not sure this really happens with Axis2 right now with the
dispatchers that we already have.
IMHO once we dispatch the service and/or operation by a dispatcher
then the *subsequent dispatchers* will *not* try to dispatch again.
Please correct me if this fact is not true about the default
dispatchers.

If the above is true then the attack mentioned here will not be
possible since there will not be a "re-dispatch"

Thoughts?

Thanks,
Ruchith




Given the option of manual code verification of the full path between
the security handler and the final dispatch (for every release) or
adding a validation handler after the dispatch phase to ensure that
the operation on the message context just prior to invoke is the same
as the one the security used for config... I'm tending towards the
verification handler approach.

Does that make sense to you?
Thanks,
David

On 15/05/07, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:
> Hi Amila,
>
>
> > I wrote a sample client and a server to invoke a service using the
> > dual chanel mode (i.e I started a
> > separate listener in my client to get response). Obviously in this
> > scenario we have to use the addressing
> > to give the reply end point to the server. Every thing worked fine.
> >
> > Then I engaged the rampart at the client side (pragmatically ) and set
> > the security policy file in the following way
> > StAXOMBuilder builder = new StAXOMBuilder(SECURITY_POLICY_FILE);
> > Policy securityPolicy =
> > PolicyEngine.getPolicy(builder.getDocumentElement());
> >
> > clientOptions.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
> > securityPolicy);
> > and engaged the security to service at the service level by giving the
> > same security policy file.
> >
> > After that send the request as in earlier. But as I saw it never
> > invoked my call back handler.
> >
> > After lot of debugging (using tcp mon)I found that the server sends
> > the request back to the
> > client but for some reason security handler could not process the
> > request.
> > The problem is with the RampartMessageData class.
> >
> > there it tries to get the security policy file from the message
> > context and it is not there
> > if(msgCtx.getProperty(KEY_RAMPART_POLICY) != null) {
> > this.servicePolicy =
> > (Policy)msgCtx.getProperty(KEY_RAMPART_POLICY);
> > }
> >
> > then as I understood the problem with the client side Inflow
> >
> >
> > 
> > 
> >  > class="org.apache.axis2.engine.DispatchPhase">
> >  >
> > class="org.apache.axis2.engine.AddressingBasedDispatcher">
> > 
> > 
> >  >
> > class="org.apache.axis2.engine.RequestURIOperationDispatcher">
> > 
> > 
> >
> > As we can see Security phase in invoked before the
> > AddressingBasedDispatcher where we set those
> > message context details. So the solution should be to invoke that
> > phase before security.
> >
> > Then I changed the client_axis2.xml as follows
> >
> > 
> >  >
> > class="org.apache.axis2.engine.AddressingBasedDispatcher">
> > 
> > 
> > 
> > 
> >  > class="org.apache.axis2.engine.DispatchPhase">
> >  >
> > class="org.apache.axis2.engine.RequestURIOperationDispatcher">
> > 
> > 
> >
> I am +1 for going with this change.
> > And then it worked fine.
> > So shall we reorder the phases to support this scenario and will there
> > be any side effects?. I believe this is a very basic scenario.
> >
> > Secondly I saw  in RequestURIBasedDispatcher
> >
> >  public AxisOperation findOperation(AxisService service,
> > MessageContext messageContext)
> > throws AxisFault {
> > // This Dispatcher does not need to resolve the operation, as
> > that is handled
> > // by the RequestURIOperationDispatcher.
> > return null;
> > }
> >
> > basically it has commented out the findOperation method and that has
> > moved to Dispatched phase.
> > Could this make any problems with the Security when we have Operation
> > level policies?
> >
> I think if we have enough data at any level then we should do the full
> dispatching.

Re: Axis2 Rampart.mar FuncLoader' problems

2007-05-14 Thread Ruchith Fernando 

Can you please include xalan in the classpath and try.

Thanks,
Ruchith

On 4/5/07, Mark Badorrek <[EMAIL PROTECTED]> wrote:



No help from WSS4J - can anyone here advise?




Dear all,

I'me having a small problem with axis2/rampart that I hope you can help
with:

Environment:
JDK 1.5
Tomcat 5.0.28
Axis2 1.1.1
Rampart 1.1

I've deployed the standard Axis2 WAR to tomcat.
I've dropped the file 'rampart-1.1.mar' into the 'axis2/WEB-INF/modules'
directory.

*Since this is an out-of-the-box intall, xalan-2.7.0.jar is in the
'axis2/WEB-INF/lib' dir

Tomcat boots with the following problem:

SEVERE: Invalid module : rampart-1.1.mar caused
org/apache/xpath/compiler/FuncLoader
java.lang.NoClassDefFoundError:
org/apache/xpath/compiler/FuncLoader
at
org.apache.ws.security.WSSConfig.(WSSConfig.java:72)
at
org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:95)
at
org.apache.ws.security.WSSConfig.(WSSConfig.java:47)
at
org.apache.ws.security.WSSecurityEngine.(WSSecurityEngine.java:51)
at
org.apache.ws.security.handler.WSHandler.(WSHandler.java:62)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
.
.
.
.


I've noted other threads
http://marc.info/?l=wss4j-dev&m=114720403203239&w=2#1 that
explain that if you use the latest copy of Rampart, you will be using
version 1.3 of xmlsec.jar and all will be well.

Unfortunately it's not. xmlsec.jar version 1.3 is indeed in my
rampart-1.1.mar file and I'm still enjoying this issue.

Can anyone advise?

Cheers,

Mark B



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [axis2]WS Security Policy includeToken option problem

2007-05-12 Thread Ruchith Fernando 

"IncludeToken/Once" is not handled properly in Rampart. Please file a bug [1]

Thanks,
Ruchith

[1] https://issues.apache.org/jira/browse/RAMPART

On 5/2/07, Nencho Lupanov <[EMAIL PROTECTED]> wrote:

Hi All ,

I am trying the rampart sample that comes with the distro.
I am going with sample01, only that i wanted it to be slightly different:
I change the sp:IncludeToken attribute, so instead of:


http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>



http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/
AlwaysToRecipient" />







I have:

http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>



http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once"; />





I am saying that in both requests i can found the following soap with
tcpmon:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-1673653">my_usernamehttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
">my_password

Does this means that the username and password will be sent only the first
time?I tryed this but I still get the whole Usernametoken trasffered every
time?Is this supposed to work like this or is there a bug in the rampart
handling of the security policy?

Thanks,

Nencho




--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Axis2] [ANN] Training courses on Apache Axis2 and Apache Rampart

2007-04-27 Thread Ruchith Fernando 

Hi All,

I will be in Maryland, US in the second week of May. Is anybody
interested in attending tutorials on Apache Axis2 and Apache Rampart?
Both are 1/2 day programs.

This would be on Thursday the 10th of May.

Please drop me a note at [EMAIL PROTECTED] and let me know.

Thanks,
Ruchith

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: using policy references in services.xml

2007-04-23 Thread Ruchith Fernando 

I think Sanka updated axis2 policy handling to support something like
this ... Sanka can you please update us on this?

Thanks,
Ruchith

On 4/2/07, Johny Edu <[EMAIL PROTECTED]> wrote:

Hi all,

  I am trying to run the sample01 policy example that comes with
rampart1.1 release,
  but, i am trying to reference the policy in services.xml with a
policy reference element,
  like this:

  

   
  
 
 org.apache.rampart.samples.policy.sample01.SimpleService

 
 
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
URI="http://localhost:53307/policy.xml#UTOverTransport"; />



  Should axis2 be able to extract the policy information behind the URI
attribute and use the actual policy info behind this URI?

  I already try this with the client from the example but i got:

   [java] INFO: Deploying module : rampart-1.1
 [java] Exception in thread "main" org.apache.axis2.AxisFault:
java.lang.
 NullPointerException
 [java] at
org.apache.axis2.description.OutInAxisOperationClient.send
 (OutInAxisOperation.java:271)

  So can axis2(neethi) understand policy reference elements?

  Thanks.


 
Sucker-punch spam with award-winning protection.
 Try the free Yahoo! Mail Beta.





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Third party authentificaton with Callback Handler

2007-04-23 Thread Ruchith Fernando 

Right now you can't do this ... however there has been a number of
requests to make the MessageContext instance available to the callback
handler ... I'll try to look into the possibility of doing so before
the next release!

Thanks,
Ruchith

On 4/20/07, Nencho Lupanov <[EMAIL PROTECTED]> wrote:

Hi guys,

I am using a CallbackHandler instance to authentificate a user against a
third party system.
This is the same callback handler that is described in the rampart samples.
So, this third party system is returning a binary token after sucessfull
authentification.

I need to transfer somehow this token to the back end implementation of the
web service
(or in the message receiver for example).

Is there a way to do that?

Regards,
Nencho



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: The signature verification failed in Axis2

2007-04-18 Thread Ruchith Fernando 

BTW please subscribe to [EMAIL PROTECTED] and post rampart
related problems there.

Thanks,
Ruchith

On 4/18/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:

Hi Allen,

Can you please send a sample message which causes this error?

Thanks,
Ruchith

On 4/17/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <[EMAIL PROTECTED]> wrote:
>
>
>
> Hi,
>
> I am taking use of Axis2 to build a client to access a .net ws with X509
> certificate signature. All the steps are fine except when I receive the
> response from .net, the signature verification always failed.
>
> Warning: Verification failed for URI
> "#Id-c59b2f2c-9d10-4107-bea9-e8eb690dd67d"
> Exception in thread "main" org.apache.axis2.AxisFault: WSDoAllReceiver:
> security processing failed; nested exception is:
> org.apache.ws.security.WSSecurityException: The
> signature verification failed
> at
> 
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:259)
> at
> 
org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:91)
> at
> org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
> at
> org.apache.axis2.engine.Phase.invoke(Phase.java:382)
> at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
> at
> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:487)
> at
> 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:276)
> at
> 
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:579)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:508)
> at ws.axis2.DotNetWSRClient.main(DotNetWSRClient.java:45)
> Caused by: org.apache.ws.security.WSSecurityException: The
> signature verification failed
> at
> 
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
> at
> 
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
> at
> 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
> at
> 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
> at
> 
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:256)
> ... 10 more
>
> I am suspecting that's probably caused by some PrettyXML or
> NamespacePrefixOptimization mechanism when Axis modified the response body
> with new lines/breaks/spaces to let it looks better. And I found there was
> some specific parameter in Axis configuration for Axis1:
>
>  
>   
>value="false"/>
>   
>
>  
>
>
> But I didn't find there is corresponding parameters in Axis2. Has somebody
> faced the same problem? I have been struggling with it for over 2 days...
>
> Thanks,
> Allen


--
www.ruchith.org
www.wso2.org




--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: The signature verification failed in Axis2

2007-04-18 Thread Ruchith Fernando 

Hi Allen,

Can you please send a sample message which causes this error?

Thanks,
Ruchith

On 4/17/07, Liu, Xiao-Tao (Allen, HPIT-GADSC) <[EMAIL PROTECTED]> wrote:




Hi,

I am taking use of Axis2 to build a client to access a .net ws with X509
certificate signature. All the steps are fine except when I receive the
response from .net, the signature verification always failed.

Warning: Verification failed for URI
"#Id-c59b2f2c-9d10-4107-bea9-e8eb690dd67d"
Exception in thread "main" org.apache.axis2.AxisFault: WSDoAllReceiver:
security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: The
signature verification failed
at
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:259)
at
org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:91)
at
org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
at
org.apache.axis2.engine.Phase.invoke(Phase.java:382)
at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:487)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:276)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:579)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:508)
at ws.axis2.DotNetWSRClient.main(DotNetWSRClient.java:45)
Caused by: org.apache.ws.security.WSSecurityException: The
signature verification failed
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:256)
... 10 more

I am suspecting that's probably caused by some PrettyXML or
NamespacePrefixOptimization mechanism when Axis modified the response body
with new lines/breaks/spaces to let it looks better. And I found there was
some specific parameter in Axis configuration for Axis1:

 
  
  
  

 


But I didn't find there is corresponding parameters in Axis2. Has somebody
faced the same problem? I have been struggling with it for over 2 days...

Thanks,
Allen



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] using policy references in services.xml

2007-04-02 Thread Ruchith Fernando 

Hi,

Right now rampart policy samples demonstrates the case where policy it
self is specified in the services.xml file. However rampart simply
picks up the effective policy from the message context using
getEffectivePolicy(). Therefore once we have this mechanism
implemented we should be able to add such a sample where we just have
a reference to the policy in the services.xml rather than the policy
itself.

Thanks,
Ruchith

On 4/2/07, Davanum Srinivas <[EMAIL PROTECTED]> wrote:

Sanka, Ruchith,

Does rampart pick it up as well? We should definitely have a
(rampart?) sample where one writes a pojo and adds a policy in the
services.xml (if we don't have one already).

thanks,
dims

On 4/2/07, Sanka Samaranayake <[EMAIL PROTECTED]> wrote:
>
>
> On 4/2/07, Nencho Lupanov <[EMAIL PROTECTED]> wrote:
> >
> > Hi Sanka, can i use a statement like this in services.xml :
> >
> >
> >
> >  http://localhost/policy.xml#UTOverTransport />
> >
> > ,meaning that my actual policy expression resides in the policy.xml file
> referenced in the URI attribute.
> >
> > Can you deliver a working example of services.xml using policy references
> wheater at service or operation scope, since this does not work for me ?
>
>
>  Yes ..  Will do prior to Axis1.2 release.
>
>  Please Log a JIRA so that I can follow.
>
>  Thanks,
>  Sanka
>
> >
> >
> >
> > Thanks.
> >
> >
> >
> >
> > 2007/4/2, Sanka Samaranayake <[EMAIL PROTECTED]>:
> >
> > > This is available at the moment. AxisService should contain those
> policies that are declared at the service scope in the services.xml ( in the
> AxisOperation if the policy is declared in the operation scope .. etc.)
> > >
> > > Thanks,
> > > Sanka
> > >
> > >
> > >
> > > On 4/2/07, Sanjiva Weerawarana <[EMAIL PROTECTED] > wrote:
> > > > I think we need to do the attachment work for services.xml too ... I'm
> > > > definitely +1 for it.
> > > >
> > > > Sanka?
> > > >
> > > > Sanjiva.
> > > >
> > > > Saminda Abeyruwan wrote:
> > > > > Forwared with Axis2 prefix
> > > > >
> > > > >
> > > > > Hi All,
> > > > > I need to use policy references in services.xml,
> > > > > meaning that i do not need the actual policy info but a reference to
> it,
> > > > > so if i want to change the policy, i should not deal with
> services.xml but
> > > > > rather with the resource behind that uri, for example:
> > > > >
> > > > > 
> > > > > 
> > > > >> > > >
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver
> "/>
> > > > > 
> > > > >  > > > > locked="false">
> org.apache.rampart.samples.policy.sample01.SimpleService
> > > > >
> > > > > 
> > > > > 
> > > > >
> > > > >  > > > > xmlns:wsu="
> > > > >
> 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > > > >
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy
> > > > > "
> > > > > URI="
> http://localhost:53307/policy.xml#UTOverTransport"; />
> > > > > 
> > > > >
> > > > > Is that achievable in axis2 ?
> > > > > Thanks.
> > > > >
> > > > > -
> > > > >
> > > > > --
> > > > > Saminda Abeyruwan
> > > > >
> > > > > Software Engineer
> > > > > WSO2 Inc. - www.wso2.org 
> > > >
> > > > --
> > > > Sanjiva Weerawarana, Ph.D.
> > > > Founder & Director; Lanka Software Foundation;
> http://www.opensource.lk/
> > > > Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
> > > > Director; Open Source Initiative; http://www.opensource.org/
> > > > Member; Apache Software Foundation; http://www.apache.org/
> > > > Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/
> > > >
> > > >
> -
> > > > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Sanka Samaranayake
> > > WSO2 Inc.
> > >
> > > http://sankas.blogspot.com/
> > > http://www.wso2.org/
> >
> >
>
>
>
> --
> Sanka Samaranayake
> WSO2 Inc.
>
> http://sankas.blogspot.com/
> http://www.wso2.org/


--
Davanum Srinivas :: http://wso2.org/ :: Oxygen for Web Services Developers




--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[axis2] getMyEPR() when ws-addressing headers are missing

2007-03-28 Thread Ruchith Fernando 

Hi Devs,

I noticed that ServiceContext#getMyEPR() returns an incorrect EPR
value when addressing headers are missing in the request. I
experienced this with
org.apache.axis2.transport.http.SimpleHTTPServer.

For example if the service is "Foo" the getEPR().getAddress() returns
only "/axis2/services/Foo"

But when addressing headers are available it returns the correct value
( extracted from wsa:To, I guess) -
"http://localhost:8080/axis2/services/Foo";

Can we make this work even when the addressing headers are missing?

Thanks,
Ruchith

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Module description

2007-03-28 Thread Ruchith Fernando 

On 3/28/07, Sanjiva Weerawarana <[EMAIL PROTECTED]> wrote:

+1 to use a single convention .. I think Glen removed an incorrect use of
equalsIgnoreCase in Axiom ... which is probably what's causing breakage.

I suggest going with normal camelCase.


Are we going to do this for 1.2?

Thanks,
Ruchith



Sanjiva.

Saminda Abeyruwan wrote:
> Hi Devs,
>
> In module.xml, the description element was written as "Description"
> sometimes back. Now the description element name should be written as
> "description"  in order to get the description from AxisModule.
>
> If you look at the addressing module.xml; it is still "Description".
>
> Looking at the other elements that should appear in module.xml such as
> "InFlow", "OutFlow" have followed the Camel case convention.
>
> Modules such as Sandesha, Rampart etc have the description element as
> "Description".
>
> Why would suddenly change the description element name.
>
>
> single snapshot from addressing module.xml
>
>  class="org.apache.axis2.addressing.AddressingModule">
> This is WS-Addressing implementation on Axis2.
> Currently we have implemented Submission version (2004/08) and Proposed
> Recommendation.
> 
>  class="org.apache.axis2.handlers.addressing.AddressingFinalInHandler">
> 
> 
>  class="org.apache.axis2.handlers.addressing.AddressingSubmissionInHandler">
> 
> 
>  class="org.apache.axis2.handlers.addressing.AddressingValidationHandler">
> 
> 
> 
> ...
> 
>
>
> As you see some element names  are following the Camel case convention
> and some are not.  Shouldn't we need to have a single convention. {ex:
> Synapse configuration language format}.
>
> As a users point of view what would be the best solution.
>
> Thank you
>
> Saminda
>
> --
> Saminda Abeyruwan
>
> Software Engineer
> WSO2 Inc. - www.wso2.org 

--
Sanjiva Weerawarana, Ph.D.
Founder & Director; Lanka Software Foundation; http://www.opensource.lk/
Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
Director; Open Source Initiative; http://www.opensource.org/
Member; Apache Software Foundation; http://www.apache.org/
Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Interop with dotNet (WCF) userrname token

2007-03-25 Thread Ruchith Fernando 

Hi,

There are nonce and created elements in the request created by your
java client. Are you using a plain text password? Also are you using
Rampart or WSS4J to add the security header?

Thanks,
Ruchith

On 3/17/07, Ayman Yasin <[EMAIL PROTECTED]> wrote:





Hi all,



I am trying to write a client to a dot net service written in WCF. Here is an 
example of a soup request generated by a working dot net client:



http://www.w3.org/2003/05/soap-envelope"; 
xmlns:a="http://www.w3.org/2005/08/addressing"; 
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>



GetResidentDetailsByIqamaNumber

urn:uuid:91f458c9-b135-485b-91c0-d073baf87576



http://www.w3.org/2005/08/addressing/anonymous



https://somemachine/MuqeemIDK.Host/Resident.svc

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>



2007-03-12T14:09:03.319Z

2007-03-12T14:14:03.319Z





blabla

blabla









http://www.elm.com.sa/MuqeemIDK/2006/12";>

2554545445









The client I wrote with Axis2 gives AxisFault: An Error occurred when verifying 
security for the message. A sample soap request generated by my axis client 
follows:



http://www.w3.org/2005/08/addressing";

xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";

soapenv:mustUnderstand="true"> http://docs.oasis-

open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="Timestamp-19330907">

2007-03-17T08:29:21.890Z

2007-03-17T08:34:21.890Z http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";

wsu:Id="UsernameToken-31564808">

 


2007-03-17T08:29:21.875Z

https://somemachine/MuqeemIDK.Host/Resident.svc

http://www.w3.org/2005/08/addressing/anonymous

urn:uuid:EF475894BC15FFD4451174120161626

GetResidentDetailsByIqamaNumber 

http://MuqeemIDK.ServiceContracts/2006/12";>http://MuqeemIDK.ServiceContracts/2006/12";>2041043791





I would appreciate it if somebody looked at those two requests and told me what 
is missing in the axis message.



Thank you

















































--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Vote][Axis2] Sumedha Rubasinghe as a committer

2007-03-25 Thread Ruchith Fernando 

+1

Thanks,
Ruchith


On 3/20/07, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:

Hi All,

I would like to propose Sumedha Rubasinghe as an Apache Axis2/Java
committer. He has contributed Axis2 , AXIOM a lot specially implementing
SAAJ module. In addition to that he is very active in the community and
giving him a commitership will encourage him to contribute more and more
into the project.

Following are the list of JIRAs that he has summited patches.
https://issues.apache.org/jira/browse/SANDESHA2-50
https://issues.apache.org/jira/browse/WSCOMMONS-147
https://issues.apache.org/jira/browse/WSCOMMONS-152
https://issues.apache.org/jira/browse/WSCOMMONS-156
https://issues.apache.org/jira/browse/WSCOMMONS-157
https://issues.apache.org/jira/browse/WSCOMMONS-176
https://issues.apache.org/jira/browse/AXIS2-2199
https://issues.apache.org/jira/browse/AXIS2-2283
https://issues.apache.org/jira/browse/AXIS2-2331
https://issues.apache.org/jira/browse/AXIS2-1956


Here is my +1 for making Samudha as a commiter.

Thanks,
Deepal




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Google SoC 2007

2007-03-10 Thread Ruchith Fernando 

The wiki page to list project proposals is here :

http://wiki.apache.org/general/SummerOfCode2007

Thanks,
Ruchith

On 3/7/07, Eran Chinthaka <[EMAIL PROTECTED]> wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Did we discuss about $subject before?

The application deadlines is on 14th March and we better maintain a wiki
with project ideas for students to see what we wanna get from them.

- -- Chinthaka
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF7jcRjON2uBzUhh8RAomRAJ0dGjFVAkC3rVsZqyExjuRRz82E6gCfTQH1
Sqo3VripjSOLThggAJ0zyFM=
=5cS0
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[axis2] Re: svn commit: r516065 - /webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml

2007-03-08 Thread Ruchith Fernando 

resend with the axis2 prefix :-)

On 3/8/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:

Hi devs,

We had a build break in Rampart due to the "MessageId" addressing
header being absent in the response message. Is this behavior correct?

Thanks,
Ruchith

On 3/8/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Author: ruchithf
> Date: Thu Mar  8 07:00:53 2007
> New Revision: 516065
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=516065
> Log:
> Fixed the build break, there's no wsa:MessageId header in the response to sign
>
> Modified:
> 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml
>
> Modified: 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml
> URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml?view=diff&rev=516065&r1=516064&r2=516065
> ==
> --- 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml
 (original)
> +++ 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml
 Thu Mar  8 07:00:53 2007
> @@ -22,7 +22,7 @@
>  SKIKeyIdentifier
>  SKIKeyIdentifier
>  alice
> -
{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp
> +
{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp
>
>  
//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue
>
>
>
>


--
www.ruchith.org
www.wso2.org




--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: svn commit: r516065 - /webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml

2007-03-08 Thread Ruchith Fernando 

Hi devs,

We had a build break in Rampart due to the "MessageId" addressing
header being absent in the response message. Is this behavior correct?

Thanks,
Ruchith

On 3/8/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

Author: ruchithf
Date: Thu Mar  8 07:00:53 2007
New Revision: 516065

URL: http://svn.apache.org/viewvc?view=rev&rev=516065
Log:
Fixed the build break, there's no wsa:MessageId header in the response to sign

Modified:

webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml

Modified: 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml?view=diff&rev=516065&r1=516064&r2=516065
==
--- 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml
 (original)
+++ 
webservices/rampart/trunk/java/modules/rampart-integration/src/test/resources/security/complete.service.xml
 Thu Mar  8 07:00:53 2007
@@ -22,7 +22,7 @@
 SKIKeyIdentifier
 SKIKeyIdentifier
 alice
-
{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp
+
{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp

 
//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue
   






--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart build failing in the Continuum

2007-02-13 Thread Ruchith Fernando 

Hi Thlina,

How can I access the surefire reports?

Thanks,
Ruchith

On 2/13/07, Thilina Gunarathne <[EMAIL PROTECTED]> wrote:

Hi Ruchith,
Rampart build[1] in the continuum seems to be continuously failing.
AFAIK it might be an issue with the security restrictions or the key
strength..

Anyway I feel getting Rampart build correctly in the continuum as a
top priority, since it was the very idea of setting up continuum.

Thanks,
Thilina
[1] 
http://ws.zones.apache.org:1/continuum/servlet/continuum/target/ProjectBuilds.vm/view/ProjectBuilds/id/96
--
Thilina Gunarathne
WSO2, Inc.; http://www.wso2.com/
Home page: http://webservices.apache.org/~thilina/
Blog: http://thilinag.blogspot.com/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2-1.0] Rampart/Axoim Threading Issues

2007-02-09 Thread Ruchith Fernando 

Hi,

This issue is fixed in Rampart-1.1 which can be used with Axis2-1.1
and Axis2-1.1.1

We are not using the setDOOMRequired(). Instead we figured that we do
NOT have to change the document builder factory at all to work with
XML-Security.

Please try out Rampart-1.1 with any of the applicable Axis2 versions
and let us know if you are still having issues.

Right now the only place where we change the dom impl is situations
where we use SAML in the WS-Trust implementation. This is because of
opensaml. We should be able to send a patch to opensaml before the
next release of Rampart to rectify this as well.

Thanks,
Ruchith


On 2/9/07, Yevgeny Rouban <[EMAIL PROTECTED]> wrote:

Hello.

The threading fix committed to the Axiom DOM by Ruchith Fernando [1]
seems to not resolve the problem.

1. Imagine two threads enter the method setDOOMRequired(true).
The faster one calls System.setProperty(systemKey,
DocumentBuilderFactoryImpl.class.getName()).
Then the slower thread executes originalDocumentBuilderFactory =
DocumentBuilderFactory.newInstance(). This time the
originalDocumentBuilderFactory gets lost, because it becomes
org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl.

2. Another way to break the application for two threads is to call
setDOOMRequired(false) by one thread while the other is in
DOOMRequired state and is going to get a DocumentBuilderFactory. The
later thread will get original Document Builder (probably Xerces)
rather than DOOM because the system wide property is reset by the
first thread.

I do not know a good fix for the problem other than thread synchronization.
Another way (a bit clumsy) I see is to remove system property and set
up a thread context class loader which overrides Jar Service Provider
Mechanism via getResourceAsStream for
META-INF/services/javax.xml.parsers.DocumentBuilderFactory. This class
loader should return
org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl in
DOOMRequired state and delegate to the parent class loader in
non-DOOMRequired state.

[1] http://marc.theaimsgroup.com/?l=axis-user&m=116237867100030&w=2

--
Yevgeny Rouban
INTEL Middleware Products Division

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Vote][Axis2] Isuru Eranga Suriarachchi as a committer

2007-01-31 Thread Ruchith Fernando 

+1

Thanks,
Ruchith

On 1/31/07, Thilina Gunarathne <[EMAIL PROTECTED]> wrote:

Hi All,
   I would like to propose Isuru Eranga Suriarachchi as an Apache
Axis2/java committer.

   Isuru started with improving and contributing to Axis2
documentation. Later he implemented JSON support for Axis2  and has
been adding more and more features. I  am confident that he will
contribute to more and more areas in Axis2. His knowledge  on Axiom &
Axis2 (Specially the transport layers) would help us a lot in the
future.

Following are his contributions so far,
http://marc.theaimsgroup.com/?l=axis-dev&w=2&r=1&s=Isuru+Eranga+Suriarachchi&q=b

Here is my vote: +1

Thanks,
Thilina...

--
Thilina Gunarathne
WSO2, Inc.; http://www.wso2.com/
Home page: http://webservices.apache.org/~thilina/
Blog: http://thilinag.blogspot.com/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[ANN] [Axis2] Training course on Axis2

2007-01-31 Thread Ruchith Fernando 

Hi All,

A few of us are traveling to Phoenix AZ in two weeks and are wondering
whether anyone would be interested in joining a 1/2 day course /
tutorial on Axis2  (A 1/2 day Synapse course will also be available
for those interested)

This would be on Wednesday the 14th of February

Please drop me a note at [EMAIL PROTECTED] and let us know if you're
interested.

Thanks,
Ruchith

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: coding conventions (was: Re: [Axis2] Issues with the current code base)

2007-01-29 Thread Ruchith Fernando 

FYI : http://wiki.apache.org/ws/FrontPage/Axis2/CodeQuality

Thanks,
Ruchith

On 1/30/07, Sanjiva Weerawarana <[EMAIL PROTECTED]> wrote:

On Mon, 2007-01-29 at 13:37 -0800, Bill Nagy wrote:
>
> I was unable to find them on the wiki (I looked at both the current as
> well as the old root pages.)  The JAX-WS proposal only speaks in the
> abstract about code organization -- it says nothing about the formatting
> of Java source files.  Certainly you can't expect people to adhere to
> coding guidelines that only appear in email messages from almost 2 years
> ago or even know that they exist in the first place.

Absolutely; fair enough.

The basic rule was that we're following the Sun Java coding conventions
(http://java.sun.com/docs/codeconv/) except for the number of columns
used. I argued hard for 80 col but was voted down .. we settled at 100,
which was the middle between 80 and 120 ;(.

Does anyone need more details? If not please conform.

(Old timers: if you remember the thread and can give a ref that maybe
useful.)

If someone volunteers to put this in the Wiki in big bold letters
that'll be great.

Thanks Bill for pushing this to closure!

Sanjiva.
p.s.: Don't take this to mean that only new folks are guilty of
violating the conventions .. everyone is :(. But we need to try to do
better .. and its easier to get folks to get in line as they start
rather than later. Still, if you find offenders please jump on them! (In
a nice warm, fuzzy kinda way ;-))
--
Sanjiva Weerawarana, Ph.D.
Founder & Director; Lanka Software Foundation; http://www.opensource.lk/
Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
Director; Open Source Initiative; http://www.opensource.org/
Member; Apache Software Foundation; http://www.apache.org/
Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: rahas v1.1 capabilities..

2007-01-29 Thread Ruchith Fernando 

You can post rampart/rahas related questions to
rampart-dev@ws.apache.org list :-)

Thanks,
Ruchith

On 1/30/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:

Hi,


On 1/30/07, Wynn, Jackson E. <[EMAIL PROTECTED]> wrote:
>
>
> Apologies to all if this is posted to the wrong group...
>
> I am developing a prototype using Axis 2 and would like to learn more about
> what WS-Trust capabilities rahas v1.1 supports. After reviewing the rampart
> 1.1 code base, it appears that the STS implemented with rahas v1.1 supports
> issuance and cancellation of SAML v1.1 and SCT tokens only. STS token
> renewal and challenge/response are not supported.
>
> Is this a correct assessment?  Is  or Key Exchange Tokens
> supported?

Yes the statement is correct! We do not support challange/response
protocol and we don't have any renewers by default with rahas *yet*.

>
> When I enable rahas for a web service, the ?wsdl for that services does not
> include STS request functions - is there a wsdl specification for the STS
> service that a web client application would use to request security tokens?

This is another issue that we will have to improve. Please raise a
JIRA issue [1] on this.

However this2] is the wsdl for the STS defined by the WS-Trust spec.
Thanks,
Ruchith

[1] https://issues.apache.org/jira/browse/RAMPART
[2] http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.wsdl

>
> Thanks,
>
> Jackson Wynn
>
> Lead INFOSEC Engineer
> The MITRE Corporation
> Bedford, MA
>
> (781) 271-3419


--
www.ruchith.org
www.wso2.org




--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: rahas v1.1 capabilities..

2007-01-29 Thread Ruchith Fernando 

Hi,


On 1/30/07, Wynn, Jackson E. <[EMAIL PROTECTED]> wrote:



Apologies to all if this is posted to the wrong group...

I am developing a prototype using Axis 2 and would like to learn more about
what WS-Trust capabilities rahas v1.1 supports. After reviewing the rampart
1.1 code base, it appears that the STS implemented with rahas v1.1 supports
issuance and cancellation of SAML v1.1 and SCT tokens only. STS token
renewal and challenge/response are not supported.

Is this a correct assessment?  Is  or Key Exchange Tokens
supported?


Yes the statement is correct! We do not support challange/response
protocol and we don't have any renewers by default with rahas *yet*.



When I enable rahas for a web service, the ?wsdl for that services does not
include STS request functions - is there a wsdl specification for the STS
service that a web client application would use to request security tokens?


This is another issue that we will have to improve. Please raise a
JIRA issue [1] on this.

However this2] is the wsdl for the STS defined by the WS-Trust spec.
Thanks,
Ruchith

[1] https://issues.apache.org/jira/browse/RAMPART
[2] http://schemas.xmlsoap.org/ws/2005/02/trust/WS-Trust.wsdl



Thanks,

Jackson Wynn

Lead INFOSEC Engineer
The MITRE Corporation
Bedford, MA

(781) 271-3419



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[axis2] Rampart project info

2007-01-25 Thread Ruchith Fernando 

Hi All,

Apache Rampart SVN, mailing list and JIRA is now ready !

Mailing list : rampart-dev@ws.apache.org

JIRA : http://issues.apache.org/jira/browse/RAMPART

SVN : https://svn.apache.org/repos/asf/webservices/rampart/trunk/java

Thanks,
Ruchith

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to get all dependant jars

2007-01-25 Thread Ruchith Fernando 

Correction : this is another way to create the project files required
to create the eclipse project. NOT for getting the dependant jars.

Thanks,
Ruchtih

On 1/25/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:

BTW there's another way to do this mentioned here [1]

$ maven multiproject:goal -Dgoal=eclipse

Thanks,
Ruchith

[1] http://issues.apache.org/jira/browse/AXIS2-1503

On 1/25/07, Dimuthu Leelaratne <[EMAIL PROTECTED]> wrote:
> Hi Hailong Wang,'
>
> The exact list of required dependancies and their versions can be
> found here 
"http://svn.apache.org/repos/asf/webservices/axis2/trunk/java/etc/project.properties";
>
> Getting all the dependant jars can be done in couple of ways. Run
> maven  create-lib online for axis2. This will download all the
> required jars  into target/lib folder.  Or else if you have run the
> maven build at least once all the required libraries will be available
> in your local maven repository (for linux this is ~/.maven).
> But I find it easier to do the first method.
>
> Regards,
> Dimuthu.
> ---
> www.wso2.org
>
> On 1/25/07, Wang, Hailong (NIH/CIT) [C] <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >
> > Hi ruchith,
> >
> >
> >
> > I read your article about how to set up apache axis2 in
> > eclipse(http://www.wso2.org/library/67 ), it is very useful article. But I
> > have trouble to get all dependant jars. Could you help me on this? Thanks.
> >
> >
> >
> >
> >
> >
> >
> > Hailong Wang
> >
> > National Database for Autism Research(NDAR)
> >
> > NIH/CIT/DECA
> >
> > 9000 Rockville Pike, Bld 12A/Room 2027
> >
> > Bethesda, MD 20892
> >
> > Phone:  301-402-3045
> >
> > Fax:   301-480-0028
> >
> > Email:   [EMAIL PROTECTED]
> >
> > URL:   http://ndar.nih.gov
> >
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
www.ruchith.org
www.wso2.org




--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to get all dependant jars

2007-01-25 Thread Ruchith Fernando 

BTW there's another way to do this mentioned here [1]

$ maven multiproject:goal -Dgoal=eclipse

Thanks,
Ruchith

[1] http://issues.apache.org/jira/browse/AXIS2-1503

On 1/25/07, Dimuthu Leelaratne <[EMAIL PROTECTED]> wrote:

Hi Hailong Wang,'

The exact list of required dependancies and their versions can be
found here 
"http://svn.apache.org/repos/asf/webservices/axis2/trunk/java/etc/project.properties";

Getting all the dependant jars can be done in couple of ways. Run
maven  create-lib online for axis2. This will download all the
required jars  into target/lib folder.  Or else if you have run the
maven build at least once all the required libraries will be available
in your local maven repository (for linux this is ~/.maven).
But I find it easier to do the first method.

Regards,
Dimuthu.
---
www.wso2.org

On 1/25/07, Wang, Hailong (NIH/CIT) [C] <[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hi ruchith,
>
>
>
> I read your article about how to set up apache axis2 in
> eclipse(http://www.wso2.org/library/67 ), it is very useful article. But I
> have trouble to get all dependant jars. Could you help me on this? Thanks.
>
>
>
>
>
>
>
> Hailong Wang
>
> National Database for Autism Research(NDAR)
>
> NIH/CIT/DECA
>
> 9000 Rockville Pike, Bld 12A/Room 2027
>
> Bethesda, MD 20892
>
> Phone:  301-402-3045
>
> Fax:   301-480-0028
>
> Email:   [EMAIL PROTECTED]
>
> URL:   http://ndar.nih.gov
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2]axis2-mar-maven-plugin

2007-01-24 Thread Ruchith Fernando 

Hi David,

Yep ! SNAPSHOT will be fine for us.

Thanks,
Ruchith

On 1/24/07, David Illsley <[EMAIL PROTECTED]> wrote:

Hi Dimuthu,
I'm working on the axis2 maven2 bits, which will probably include
decoupling the mar plugin release from the main releases. However,
that's not quite ready. Would a published SNAPSHOT be good enough for
you for the moment?

If so, I'll try to do that in the next day or so.
David

On 24/01/07, Dimuthu Leelaratne <[EMAIL PROTECTED]> wrote:
> Hi devs,
>
> We are working on maven2 build of rampart. We decided to use
> "axis2-mar-maven-plugin" for the build. So will it be possible make
> this plugin available in a public repository?
>
> Thanks,
> Dimuthu
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
David Illsley - IBM Web Services Development

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [VOTE][Axis2] Move Savan module out of the Axis2 into a new Apache WS subproject

2007-01-23 Thread Ruchith Fernando 

+1 from me !

Thanks,
Ruchith

On 1/19/07, Sanka Samaranayake <[EMAIL PROTECTED]> wrote:

Hi,

Savan is a WS-Eventing implementation on top Axis2 and currently lives as a
module inside Axis2.

 I propose we move it into a separate Apache WS sub project which will make
Axis2 codebase clean
 and also to do separate releases of Savan.

 Here is my +1 !!

 Thanks,
 Sanka


--
Sanka Samaranayake
WSO2 Inc.

http://sankas.blogspot.com/
http://www.wso2.org/



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Rampart] Client-side configuration for specific operation

2007-01-23 Thread Ruchith Fernando 

Hi Thilo,

Apologies about the delay in the response.

On 1/23/07, Thilo Frotscher <[EMAIL PROTECTED]> wrote:


Hi!

Does anyone have information on this issue, please?

Thanks,
Thilo


Thilo Frotscher wrote:
>
> Hello,
>
> On the server side, Rampart configuration is done in service.xml.
> In this file, you can specify the behavior of Rampart either for
> the entire service or for a specific operation, depending on
> where in the file you insert the configuration.
>
> I wonder how an operation-based configuration of Rampart can be done
> on the client side. For example, I want that my client application
> uses different Rampart configurations for service operation A and B.
>
> The only options for client configuration I know are the following:
>
> 1) Insert parameters in axis2.xml of the client's repository.
>-> This however means that the configuration is global, i.e. for all
>services and all operations. Is there a way to configure a different
>Rampart behavior for a particular service or operation in the client's
>axis2.xml file?


This is not possible in Axis2 :-(


>
> 2) Load specific configuration using ConfigurationContextFactory
>-> This way I can load a different configuration per Stub or
> ServiceClient,
>i.e. per service, but again I can't configure Rampart based on
> operations,
>just for the entire service.
>
> 3) Use code to configure Rampart on client-side
>(classes OutflowConfiguration, InflowConfiguration)
>-> same problem like with 2)
>
> The only solution I could think of is to load my ServiceClient with
> a different set of options, depending on the operation I will invoke
> next. This doesn't sound very appealing to me. Is there another way?


Actually right now the only way to handle this is to deal with
different operations by your self and to make sure that the
appropriate configuration is used for each operation.

Maybe we have to improve the axis2 service client API  or the
structure of the axis2.xml to be able to specify configuration
parameters at service and operation scopes for the client side.

Thanks,
Ruchith


>
> Any hints are very welcome.
>
> Thanks,
> Thilo
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Request to set AXIS2-1643/AXIS2-1955 to "Blocker"

2007-01-14 Thread Ruchith Fernando 

Ok ... I updated the issue.

When we fix this [1] in OM the issue will be resolved.

I'll take a crack at it.

Thanks,
Ruchith

[1] https://issues.apache.org/jira/browse/WSCOMMONS-104

On 1/15/07, Sanjiva Weerawarana <[EMAIL PROTECTED]> wrote:

+1 but for 1.2. Unless we find some problems with 1.1.1 I'd prefer to
release a 1.2 from the svn head next.

Sanjiva.

On Mon, 2007-01-15 at 10:00 +1300, Thilo Frotscher wrote:
> Hi guys,
>
> in the current situation, Rampart cannot handle SOAP faults when
> using SOAP 1.1. I know that it works with SOAP 1.2, but as SOAP 1.1
> is still widely used, this is IMHO a big blocker. I think it is
> essential for a security module that it can handle faults properly.
>
> Wouldn't this be a nice feature for Axis2 1.1.2? :-)
>
> Thanks,
> Thilo
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
Sanjiva Weerawarana, Ph.D.
Founder & Director; Lanka Software Foundation; http://www.opensource.lk/
Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
Director; Open Source Initiative; http://www.opensource.org/
Member; Apache Software Foundation; http://www.apache.org/
Visiting Lecturer; University of Moratuwa; http://www.cse.mrt.ac.lk/


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [AXIS2] MTOM Policy assertion

2007-01-08 Thread Ruchith Fernando 

IMHO we don't need a new project for this ... Can this be a new maven
module within Neethi (I think its just a couple of classes)? And
neethi can have new modules for this sort of assertions in the future.

Now this way one will be able to get the neethi.jar along with jars
what ever other assertions they need out of the neethi project.

thoughts?

Thanks,
Ruchith

On 1/8/07, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:

How about new ws-commons project ?

Thanks
Deepal

David Illsley wrote:

> IMO this 'feels' like something that could quite possibly be of wider
> use than Axis2 - i.e. another web services engine which uses neethi
> which is why I'm all for putting things in neethi (which is imo a more
> resuable place) when reasonable. Of course, if there's axis2 specific
> code in there then it can't. I'm happy for the assertion to live in
> Axis2 for the moment but I'd prefer axis2 doesn't fill up with policy
> code which has a broader scope.
>
> David
>
> On 08/01/07, Thilina Gunarathne <[EMAIL PROTECTED]> wrote:
>
>> I'm +1 for seperating out Savan and to keep the Axis2 core clean.
>>
>> But IMHO this is something which is quite different to Savan.. Also
>> this might need to be coupled with Axis2 more than Savan.. IMO this is
>> something which we can consider as part of Axis2 core..
>>
>> Also I do not think this has the potential to become a seperate project..
>>
>> Just my 2 cents..
>>
>> ~Thilina
>>
>> On 1/8/07, Eran Chinthaka <[EMAIL PROTECTED]> wrote:

> Dimuthu Leelaratne wrote:
> > Hi,
>
> > Then we'll put it in Axis2 tree.
>
> +1 from me too, but only for the time being, for Dimuthu to go ahead
> with development.
>
> Seems like it is the time to re-structure Axis2 as well. See we have
> things like this and Savan, inside Axis2, which are optional. I think we
> should leave Axis2 project, only with core components and create
> separate projects to hold modules and extensions. It is just like Apache
> Server and its module projects.
>
> -- Chinthaka

>> >
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>>
>>
>> --
>> Thilina Gunarathne
>> WSO2, Inc.; http://www.wso2.com/
>> Home page: http://webservices.apache.org/~thilina/
>> Blog: http://thilinag.blogspot.com/
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>

--
Thanks,
Deepal

"The highest tower is built one brick at a time"



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [jira] Created: (AXIS2-1955) Rampart 1.1 causes ClassCastException

2007-01-08 Thread Ruchith Fernando 

I have already made a request:

http://issues.apache.org/jira/browse/INFRA-1090

Thanks,
Ruchith

On 1/8/07, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:

Hi All;

How about creating a JIRA project for security and its related sub
projects ?
Then we can report this kind of JIRAs there in that project.

Thanks
Deepal

Thilo Frotscher (JIRA) wrote:

>Rampart 1.1 causes ClassCastException
>-
>
> Key: AXIS2-1955
> URL: https://issues.apache.org/jira/browse/AXIS2-1955
> Project: Apache Axis 2.0 (Axis2)
>  Issue Type: Bug
>  Components: modules
>Affects Versions: 1.1
> Environment: Axis2 1.1, Rampart 1.1
>Reporter: Thilo Frotscher
>Priority: Blocker
>
>
>
>When a client application uses Rampart 1.1 and receives a SOAP response that 
contains a SOAP fault, a ClassCastException occurs:
>
>Exception in thread "main" java.lang.ClassCastException: 
org.apache.axiom.om.impl.llom.OMElementImpl
>   at 
org.apache.axiom.soap.impl.llom.SOAPFaultImpl.getCode(SOAPFaultImpl.java:101)
>   at 
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:308)
>   at 
de.axishotels.booking.service.MyServiceStub.MakeXXX(MyServiceStub.java:729)
>
>To reproduce this bug do the following:
>- use a generated stub for an arbitrary service
>- let stub send a SOAP request to the service which causes a response 
containing a SOAP fault
>- the SOAP fault should be processed by Axis2 framework and stub without errors
>- now, globally engage rampart-1.1 in client's axis2.xml configuration file. 
No actions need to be defined for any service or operation. Just engage the module.
>- resend the same SOAP request
>- when SOAP fault is processed, the above exception occurs
>
>==> Rampart 1.1 breaks handling of SOAP faults by generated stubs
>
>
>
>

--
Thanks,
Deepal

"The highest tower is built one brick at a time"



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Rampart] Where can I find an example for SAML?

2007-01-08 Thread Ruchith Fernando 

We do have a bunch of WS-Trust integration tests where they requests
and obtains SAML tokens from an STS [1].

Thanks,
Ruchith

[1] 
https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_1/modules/integration/test/org/apache/rahas

On 1/8/07, Thilo Frotscher <[EMAIL PROTECTED]> wrote:


Well, how did you test your code :-)
Isn't there anything anywhere?



Dimuthu Leelaratne wrote:
> Hi Thilo
>
> I don't think we have a sample yet.
>
> Rgds,
> Dimuthu
>
>
> On 1/8/07, Thilo Frotscher <[EMAIL PROTECTED]> wrote:
>>
>> Hello,
>>
>> Where can I find a working example for SAMLTokenSigned and
>> SAMLTokenUnsigned, please?
>>
>> Thanks,
>> Thilo


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Rampart] Cumbersome library dependencies

2007-01-07 Thread Ruchith Fernando 

Hi Thilo,

On 1/8/07, Thilo Frotscher <[EMAIL PROTECTED]> wrote:


Hi!

If you want to make use of password callback classes, these always
depend on org.apache.ws.security.WSPasswordCallback, because the
Callback instances which are passed into the handle() method have
to be cast. WSPasswordCallback is contained in WSS4J, which depends
itself von XML Security.

This means, that when you develop client applications, you have to
have WSS4J and XML Security in your classpath. The same is true for
the server side: you must copy both JAR files to axis2/WEB-INF/lib,
otherwise your servlet container reports a ClassNotFoundException
for WSPasswordCallback.

What I don't understand about this is that the Rampart module actually
contains these jars. Why do I have to add them a second time to my
client project and/or Axis2 web application. Why can't Rampart use
the JARs in its own module archive?


The issue here is that service tries to load the callback handler
class packaged with the service archive using the service classloader.
The callback handler uses the WSPasswordCallback class and this
requires the wss4j to be visible in the service classloader.

Since these jars are required to be in the main classpath anyway ...
how about leaving them out of the rampart mar file and then shipping
an ant script that will copy the required jars (we already have this
file in the rampart-1.1 distro).

Thanks,
Ruchith



Am I missing something?

Thanks,
Thilo



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axix2] [Vote] Move rampart, rahas and secpolicy modules of axis2 out into a new project

2007-01-02 Thread Ruchith Fernando 

+1

Thanks,
Ruchith

On 1/2/07, Davanum Srinivas <[EMAIL PROTECTED]> wrote:

David/Team,

+1 to move security tests out of Axis2 build
+1 to setup continuum on ws.zones

thanks,
dims

On 1/2/07, David Illsley <[EMAIL PROTECTED]> wrote:
> I'm dead against moving security out of the axis2 build and leaving a
> substantial amount of security tests in the axis2 builds. The converse
> to an earlier argument is also true, namely that axis2 becomes
> dependant on rampart to build and that people working on rampart won't
> see the axis2 build failures.
>
> How about we (I'm willing to do this) set up a continuum instance on
> the ws zone to build axis2, rampart and sandesha at least once a day
> and have the success/fail messages sent to the dev lists. That should
> mean that we all see any failing security tests but it doesn't block
> work on axis2 (and speeds up the axis2 build :-)
>
> Incidentally, anything that could persuade more people to run *any* of
> the integration tests regularly would be a positive step forward and I
> think moving the security ones could do just that.
>
> David
>
> On 01/01/07, Eran Chinthaka <[EMAIL PROTECTED]> wrote:
> > Glen Daniels wrote:
> > >
> > > The security tests are among the slowest integration tests that we've
> > > got.  If there's a way, as Ruchith and Deepal mention, to actually test
> > > the same Axis2 functionality without the full security machinery, that
> > > would serve two purposes - speeding up the build and also more cleanly
> > > reducing the coupling between core Axis2 and other modules.  I'd love to
> > > see that happen.
> >
> > Me too. This is the exact same thing that I also wanted and mentioned in
> > my earlier email.
> >
> > > The Rampart build will of course still test the full
> > > Axis2/security integration, we'd just be focusing the Axis2 tests more
> > > appropriately.
> >
> > This is the problem. Eventhough rampart tests are failing in rampart
> > project, no-one in Axis2 project will see that, until Ruchith holler.
> > But by that time several commits must have gone in Axis2.
> >
> > Anyway, I just wanted to add some comments and seems rampart is good to
> > go out of Axis2. I hope the same thing will happen to savan, etc.,
> >
> > -- Chinthaka
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> David Illsley - IBM Web Services Development
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
Davanum Srinivas : http://www.wso2.net (Oxygen for Web Service Developers)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axix2] [Vote] Move rampart, rahas and secpolicy modules of axis2 out into a new project

2007-01-01 Thread Ruchith Fernando 

Deepal,

Do you think we have tests to cover the axis2 functionality that those
test covers?

If so or if someone volunteers to write some then lets remove the
rampart integration tests.

Thanks,
Ruchith

On 1/1/07, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:

I think its better if we can move some of integration test cases , b'coz
that will help us to reduce Axis2 build time.

Thanks
Deepal

Ruchith Fernando wrote:

> I prefer to leave the tests in axs2 since they do test a lot of axis2
> stuff such as xmlbeans codegen, holding and accessing properties on
> context hierarchy, etc.
>
> I will have those + some more tests in the new rampart project.
>
> Thanks,
> Ruchith
>
> On 12/30/06, Thilina Gunarathne <[EMAIL PROTECTED]> wrote:
>
>> +1 from me too..
>>
>> BTW what are your plans for the integration tests...
>>
>> ~Thilina
>>
>> On 12/30/06, Chuck Williams <[EMAIL PROTECTED]> wrote:
>> > +1
>> >
>> > Chuck
>> >
>> > David Illsley wrote on 12/29/2006 05:44 AM:
>> > > +1 from me.
>> > >
>> > > David
>> > >
>> > > On 29/12/06, Paul Fremantle <[EMAIL PROTECTED]> wrote:
>> > >> +1 from me.
>> > >>
>> > >> Paul
>> > >>
>> > >> On 12/29/06, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
>> > >> > +1 from me. It's time :)
>> > >> >
>> > >> > -- dims
>> > >> >
>> > >> > On 12/29/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
>> > >> > > Hi All,
>> > >> > >
>> > >> > > We released Rampart-1.1 on the 10th December and I think it is
>> > >> time to
>> > >> > > get all rampart related code out of Axis2 into a new
>> sub-project of
>> > >> > > the Apache Web services project.
>> > >> > >
>> > >> > > I propose we call this new project "Rampart" and include
>> code from
>> > >> > > rampart, rahas and secpolicy maven modules of axis2. These
>> will be
>> > >> > > called rampart-core, rampart-trust and rampart-policy
>> respectively.
>> > >> > >
>> > >> > > Here's my +1
>> > >> > >
>> > >> > > Thanks,
>> > >> > > Ruchith
>> > >> > >
>> > >> > > --
>> > >> > > www.ruchith.org
>> > >> > > www.wso2.org
>> > >> > >
>> > >> > >
>> > >>
>> -
>> > >> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > >> > > For additional commands, e-mail: [EMAIL PROTECTED]
>> > >> > >
>> > >> > >
>> > >> >
>> > >> >
>> > >> > --
>> > >> > Davanum Srinivas : http://www.wso2.net (Oxygen for Web Service
>> > >> Developers)
>> > >> >
>> > >> >
>> -
>> > >> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > >> > For additional commands, e-mail: [EMAIL PROTECTED]
>> > >> >
>> > >> >
>> > >>
>> > >>
>> > >> --
>> > >> Paul Fremantle
>> > >> VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
>> > >>
>> > >> http://bloglines.com/blog/paulfremantle
>> > >> [EMAIL PROTECTED]
>> > >>
>> > >> "Oxygenating the Web Service Platform", www.wso2.com
>> > >>
>> > >>
>> -
>> > >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > >> For additional commands, e-mail: [EMAIL PROTECTED]
>> > >>
>> > >>
>> > >
>> > >
>> >
>> > -
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>>
>>
>> --
>> Thilina Gunarathne
>> WSO2, Inc.; http://www.wso2.com/
>> Home page: http://webservices.apache.org/~thilina/
>> Blog: http://thilinag.blogspot.com/
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>

--
Thanks,
Deepal

"The highest tower is built one brick at a time"



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache Rampart 1.1 Released

2006-12-31 Thread Ruchith Fernando 

Hi Thilo,

Please see "samples/policy/" for the samples on WS-SecPolicy.
Sample 04 is about WS-SecureConversation and it shows the use of rahas
module to show how a service can act as its STS.

We sure have to work on documentation a lot more. Will make some more
available soon :-)

Thanks,
Ruchith

On 12/27/06, Thilo Frotscher <[EMAIL PROTECTED]> wrote:


Hello,

I have several questions about Rampart 1.1.

> * rampart-1.1.mar
> * This provides support for WS-Security and WS-SecureConversation
> features.

Where can I find samples or documentation for WS-SecureConversation?


> rahas-1.1.mar
>   This module provides the necessary components to enable
> SecurityTokenService functionality on a service.

Where can I find samples or documentation on how to use this?


> Apache Rampart 1.1 introduces a new configuration model based on
> WS-Policy and WS-Security Policy and it is important to note that Apache
> Rampart 1.0 style configuration is now deprecated and will not be
> available in next major version.

The samples contained in Rampart 1.1 still seem to use the old
configuration style... Where can I find samples or documentation
for the new policy-based configuration?

It is fantastic that you implemented all this. But without any documentation
hardly anyone will be using it.

Thanks,
Thilo


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axix2] [Vote] Move rampart, rahas and secpolicy modules of axis2 out into a new project

2006-12-31 Thread Ruchith Fernando 

I prefer to leave the tests in axs2 since they do test a lot of axis2
stuff such as xmlbeans codegen, holding and accessing properties on
context hierarchy, etc.

I will have those + some more tests in the new rampart project.

Thanks,
Ruchith

On 12/30/06, Thilina Gunarathne <[EMAIL PROTECTED]> wrote:

+1 from me too..

BTW what are your plans for the integration tests...

~Thilina

On 12/30/06, Chuck Williams <[EMAIL PROTECTED]> wrote:
> +1
>
> Chuck
>
> David Illsley wrote on 12/29/2006 05:44 AM:
> > +1 from me.
> >
> > David
> >
> > On 29/12/06, Paul Fremantle <[EMAIL PROTECTED]> wrote:
> >> +1 from me.
> >>
> >> Paul
> >>
> >> On 12/29/06, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
> >> > +1 from me. It's time :)
> >> >
> >> > -- dims
> >> >
> >> > On 12/29/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> >> > > Hi All,
> >> > >
> >> > > We released Rampart-1.1 on the 10th December and I think it is
> >> time to
> >> > > get all rampart related code out of Axis2 into a new sub-project of
> >> > > the Apache Web services project.
> >> > >
> >> > > I propose we call this new project "Rampart" and include code from
> >> > > rampart, rahas and secpolicy maven modules of axis2. These will be
> >> > > called rampart-core, rampart-trust and rampart-policy respectively.
> >> > >
> >> > > Here's my +1
> >> > >
> >> > > Thanks,
> >> > > Ruchith
> >> > >
> >> > > --
> >> > > www.ruchith.org
> >> > > www.wso2.org
> >> > >
> >> > >
> >> -
> >> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> > > For additional commands, e-mail: [EMAIL PROTECTED]
> >> > >
> >> > >
> >> >
> >> >
> >> > --
> >> > Davanum Srinivas : http://www.wso2.net (Oxygen for Web Service
> >> Developers)
> >> >
> >> > -
> >> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> > For additional commands, e-mail: [EMAIL PROTECTED]
> >> >
> >> >
> >>
> >>
> >> --
> >> Paul Fremantle
> >> VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
> >>
> >> http://bloglines.com/blog/paulfremantle
> >> [EMAIL PROTECTED]
> >>
> >> "Oxygenating the Web Service Platform", www.wso2.com
> >>
> >> -
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
Thilina Gunarathne
WSO2, Inc.; http://www.wso2.com/
Home page: http://webservices.apache.org/~thilina/
Blog: http://thilinag.blogspot.com/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Axix2] [Vote] Move rampart, rahas and secpolicy modules of axis2 out into a new project

2006-12-29 Thread Ruchith Fernando 

Hi All,

We released Rampart-1.1 on the 10th December and I think it is time to
get all rampart related code out of Axis2 into a new sub-project of
the Apache Web services project.

I propose we call this new project "Rampart" and include code from
rampart, rahas and secpolicy maven modules of axis2. These will be
called rampart-core, rampart-trust and rampart-policy respectively.

Here's my +1

Thanks,
Ruchith

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [axis2] release planning

2006-12-21 Thread Ruchith Fernando 

On 12/21/06, Eran Chinthaka <[EMAIL PROTECTED]> wrote:

While agreeing with all the comments, let me disclose one more dimension
for this.

Axis2 depends on various other projects like Woden, XmlShema, Axiom,
etc., For us to achieve what Sanjiva had suggested, then we should have
a plan for WS project, as a whole, at least among whatever connected
projects.

So I feel this is something that we might need help from all the other
projects and should be taken in to the PMC as well.


I agree with Chinthaka ...  So shall we discuss this in [EMAIL PROTECTED] ?

Thanks,
Ruchtih



-- Chinthaka

Ajith Ranabahu wrote:
> Hi,
> As much a fan I am for 'release early release often', I have a feeling
> that two months of development may not yield enough changes to fully
> constitute a release (just a feeling though). So would it be sensible
> to do 4 month develop/test/release cycle rather than a 3 month one ?
> (3 months development ,1 month test/bugfix/document altogether 3
> releases per year)
> The time gap allows the gathering of more usecases and gives people
> room to play around. By the time we get to the next 'bug fix' stage,
> people would have played around with the earlier release and found all
> the issues.
>
> Ajith
>
> On 12/19/06, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:
>> I am big +1 for this approach.
>> Let's start that process immediately after 1.1.1 release .
>>
>> Thanks
>> Deepal
>>
>> Sanjiva Weerawarana wrote:
>>
>> >Folks, I'd like to suggest that we try to do 3-monthly releases .. with
>> >2 months of development and one more of wrapping up / packaging. I'm
>> >motivated to suggest this after the debacle of the 1.1 release .. we
>> >spent more than *6 months* releasing it and to me that's just crazy.
>> >
>> >Release early, release often is an important open source mantra. Given
>> >that we're still in a fairly rapid innovation mode, this is even more
>> >important.
>> >
>> >This also will force us to work thru a bit of a roadmap so users know
>> >what features to expect in what version (to whatever extent possible to
>> >do that in an open source project .. I'm not suggesting we plan
>> >everything).
>> >
>> >Thoughts?
>> >
>> >Sanjiva.
>> >
>> >
>>
>> --
>> Thanks,
>> Deepal
>> 
>> "The highest tower is built one brick at a time"
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>








--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Build failure for 1_1 branch

2006-12-20 Thread Ruchith Fernando 

Seems like this commit [1] removed the integration module's
dependencies on security, secpolicy and rahas :-(

Just fixed it! [2] Please try now.

Thanks,
Ruchith


[1] http://svn.apache.org/viewvc?view=rev&rev=489013
[2] http://svn.apache.org/viewvc?view=rev&rev=489272

On 12/21/06, Dennis Sosnoski <[EMAIL PROTECTED]> wrote:

Since yesterday I've been getting a build failure with the 1_1 branch,
where the integration module build fails because of:

.../modules/integration/maven.xml:44:82:  Warning: Could not find
file .../modules/security/target/rampart-1.2-SNAPSHOT.mar to copy.

Anybody have any suggestions?

  - Dennis

--
Dennis M. Sosnoski
SOA and Web Services in Java
Training and Consulting
http://www.sosnoski.com - http://www.sosnoski.co.nz
Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2][VOTE] Axis2 1.1.1 release

2006-12-14 Thread Ruchith Fernando 

+1 to release Axis2-1.1.1 on December 20th :-)

Thanks,
Ruchith

On 12/14/06, Ajith Ranabahu <[EMAIL PROTECTED]> wrote:

20th November ?? (I hope you meant December) - I'm +1 as long as we
fix all the blockers :)

Ajith

On 12/14/06, David Illsley <[EMAIL PROTECTED]> wrote:
> +1 for a bug-fix release.
> Given the questions that have arisen, maybe a comment about Java6
> would be a good addition to the release notes.
> David
>
> On 14/12/06, Thilina Gunarathne <[EMAIL PROTECTED]> wrote:
> > Hi all,
> > It's been almost a month since the 1.1 release. I feel the time is
> > right to do a 1.1.1 bug fix release, since there have been a
> > considerable number of bug fixes over 1.1.
> >
> > Most of the fixes that went to the 1.1 branch were related to
> > performance improvements.
> >
> > I propose to do the 1.1.1 release on Wednesday 20th November.
> >
> > Here's my +1 for the 1.1.1 release.
> >
> > --
> > Thilina Gunarathne
> > WSO2, Inc.; http://www.wso2.com/
> > Home page: http://webservices.apache.org/~thilina/
> > Blog: http://thilinag.blogspot.com/
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> David Illsley - IBM Web Services Development
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
Ajith Ranabahu

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Axis2] Build failure - trunk

2006-12-12 Thread Ruchith Fernando 

Hi Devs,

I'm seeing a build failure of the axis2 trunk :-(

   [junit] Tests run: 1, Failures: 0, Errors: 1, Time elapsed: 0 sec
   [junit] [ERROR] TEST
org.apache.axis2.java.security.driver.Java2SecTest FAILED


And the test report says :

Testsuite: org.apache.axis2.java.security.driver.Java2SecTest
Tests run: 1, Failures: 0, Errors: 1, Time elapsed: 0 sec

Null Test:  Caused an ERROR
org.apache.axis2.java.security.driver.Java2SecTest
java.lang.ClassNotFoundException:
org.apache.axis2.java.security.driver.Java2SecTest
   at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
   at java.security.AccessController.doPrivileged(Native Method)
   at java.net.URLClassLoader.findClass(URLClassLoader.java:187)
   at java.lang.ClassLoader.loadClass(ClassLoader.java:289)
   at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274)
   at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
   at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
   at java.lang.Class.forName0(Native Method)
   at java.lang.Class.forName(Class.java:141)

I haven't made any changes to the kernel module.

Any idea what caused this or how to fix this?

Thanks,
Ruchith

--
www.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Apache Rampart 1.1 Released

2006-12-10 Thread Ruchith Fernando 
Apache Rampart team is happy to announce the 1.1 release of Apache Rampart

You can download the releases from:

http://www.apache.org/dyn/closer.cgi/ws/rampart/1_1

Apache Rampart 1.1 is a toolkit that provides implementations of the
WS-Sec* specifications for Apache Axis 1.1, based on Apache WSS4J 1.5.1
and the Apache AXIOM-DOOM 1.2.1 implementation.
What is in this release

There are two main Apache Axis2 modules provided with this release.

* rampart-1.1.mar
* This provides support for WS-Security and WS-SecureConversation
features. rahas-1.1.mar
  This module provides the necessary components to enable
SecurityTokenService functionality on a service.

Apache Rampart 1.1 introduces a new configuration model based on
WS-Policy and WS-Security Policy and it is important to note that Apache
Rampart 1.0 style configuration is now deprecated and will not be
available in next major version.

Apache Rampart 1.1 can be successfully used with the next Apache
Sandesha2 release targeted towards Apache Axis2 1.1 to configure
WS-SecureConversation + WS-ReliableMessaging scenarios.

The rampart module was successfully tested for interoperability with
other WS-Security implementations.

WS - Sec* specifications supported by Apache Rampart are as follows:

* WS - Security 1.0
* WS - Secure Conversation - February 2005
* WS - Security Policy - 1.1 - July 2005
* WS - Trust - February 2005
* WS - Trust - WS-SX spec - EXPERIMENTAL

Thank you for using Apache Rampart.

The Apache Rampart team




signature.asc
Description: OpenPGP digital signature

Apache WSS4J 1.5.1 Released

2006-12-10 Thread Ruchith Fernando 
Apache WSS4J Team is happy to announce the WSS4J-1.5.1 release.

You can download the releases from:
http://www.apache.org/dyn/closer.cgi/ws/wss4j/1_5_1

Apart from the binary and source distributions, We have an additional
ZIP file that contains other required JAR files to install and run WSS4J.

Please refer to the *readme.* files in the distribution for
further information regarding implemented features, additional
information, links to the Wiki pages, etc.

The WSS4J core classes were improved to allow more flexibility and
control, and following issues were fixed afer the 1.5.0 release:

WSS-35, WSS-44, WSS-48, WSS-50, WSS-53, WSS-58, WSS-61

Enjoy !

The WSS4J team


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache Rampart-1.1-RC1

2006-12-08 Thread Ruchith Fernando 

The WS-SecConv sample is : samples/policy/sample04

BTW ... Rampart-1.1 release artifacts are available ... will be
announcing the release soon.

Thanks,
Ruchith

On 12/2/06, Tony Dean <[EMAIL PROTECTED]> wrote:

which sample demonstates the use of WS-SecureConversation?

thanks.

-Original Message-
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Friday, December 01, 2006 12:10 PM
To: axis-dev@ws.apache.org
Subject: Re: Apache Rampart-1.1-RC1

Hi,

We have a WS-SecureConversation sample that demonstrate the use of the Rahas, 
but unfortunately I have not included any pure rahas (only
WS-Trust) examples in this release. BUT I'm working on some documentation and 
will make some examples available with it.

Thanks,
Ruchith

On 12/1/06, Tony Dean <[EMAIL PROTECTED]> wrote:
> Hi Ruchith,
>
> Are there samples for integration with Rahas?  The rampart read me contains:
>
> **
> * This directory contains three sub directories:
>
> - basic - A set of samples that uses basic rampart configuration using
>   parameters
>
> - policy - A set of samples that uses rampart with
> WS-SecurityPolicy
>
> - rahas - A set of samples demonstrating WS-Trust features
> provided by Rahas
> **
> *
>
> But the rahas samples are not included.  Do you have such samples?  I'd like 
to evaluate some of this functionality.
>
> Thanks.
>
>
> -Original Message-
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 01, 2006 10:29 AM
> To: axis-dev@ws.apache.org
> Subject: Re: Apache Rampart-1.1-RC1
>
> Thanks a lot ant  ... I'll fix those issues.
>
> Thanks,
> Ruchith
>
> On 11/27/06, Anthony Elder <[EMAIL PROTECTED]> wrote:
> > A lot of the XML config and build files don't have license headers,
> > and I think the NOTICE file should probably also mention the Bouncy
> > Castle copyright. Other than that it looks good to me and neither of
> > those things are blockers and could just be tidied up for the next release.
> >
> >...ant
> >
> >
> >
> > "Ruchith Fernando" <[EMAIL PROTECTED]> on 27/11/2006
> > 12:39:48
> >
> > Please respond to axis-dev@ws.apache.org
> >
> > To:"axis-dev@ws.apache.org" 
> > cc:
> > Subject:Apache Rampart-1.1-RC1
> >
> >
> > Hi All,
> >
> > Apache Rampart-1.1-RC artifacts are now available.
> > You can find them here:
> > http://people.apache.org/~ruchithf/rampart-1.1-RC1/
> >
> > Please try out rampart and report any issues you have.
> >
> > Thanks,
> > Ruchith
> >
> > 
> > - To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> > 
> > - To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.ruchith.org
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
www.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Build fails in 1.1 branch

2006-12-06 Thread Ruchith Fernando 

Should be fixed now [1]

Thanks,
Ruchith

[1] http://svn.apache.org/viewvc?view=rev&rev=483351

On 12/7/06, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:

Hi Ruchith ;
I dont know its a problem in my machine , but following security test
case is failing for me.
[ERROR] TEST org.apache.axis2.security.Scenario7Test FAILED

I have attached the error report for your consideration.

Thanks
Deepal


Testsuite: org.apache.axis2.security.Scenario7Test
Tests run: 3, Failures: 3, Errors: 0, Time elapsed: 11.978 sec

- Standard Output ---
[JAM] Warning: You are running under a pre-1.5 JDK.  JSR175-style source 
annotations will not be available
Server started on port .[SimpleHTTPServer] Stop called
Server stopped .[SimpleHTTPServer] Stop called
Server started on port .[SimpleHTTPServer] Stop called
Server stopped .[SimpleHTTPServer] Stop called
Server started on port .[SimpleHTTPServer] Stop called
Server stopped .[SimpleHTTPServer] Stop called
-  ---
- Standard Error -
log4j:WARN No appenders could be found for logger 
(org.apache.axiom.om.util.StAXUtils).
log4j:WARN Please initialize the log4j system properly.
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at 
org.apache.axis2.security.InteropTestBase.testInteropWithConfigFiles(InteropTestBase.java:167)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at junit.framework.TestCase.runTest(TestCase.java:164)
at junit.framework.TestCase.runBare(TestCase.java:130)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:120)
at junit.framework.TestSuite.runTest(TestSuite.java:230)
at junit.framework.TestSuite.run(TestSuite.java:225)
at 
org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
at 
org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
Caused by: java.lang.AbstractMethodError: 
org.apache.xml.security.transforms.TransformSpi.enginePerformTransform(Lorg/apache/xml/security/signature/XMLSignatureInput;)Lorg/apache/xml/security/signature/XMLSignatureInput;
at 
org.apache.xml.security.transforms.TransformSpi.enginePerformTransform(Unknown 
Source)
at 
org.apache.xml.security.transforms.Transform.performTransform(Unknown Source)
at 
org.apache.xml.security.transforms.Transforms.performTransforms(Unknown Source)
at 
org.apache.xml.security.signature.Reference.getContentsAfterTransformation(Unknown
 Source)
at 
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
 Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown 
Source)
at 
org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
at 
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at 
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:659)
at 
org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:728)
at 
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:54)
at 
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
at 
org.apache.rampart.handler.WSDoAllSender.processBasic(WSDoAllSender.java:254)
at 
org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:86)
at 
org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
at org.apache.axis2.engine.Phase.invoke(Phase.java:382)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655)
at 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:369)
at 
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:299)
at org.apache.axis2.oasis.ping.PingPortStub.Ping(PingPortStub.java:141)
at 
org.apache.axis2.security.InteropSc

Re: Apache Rampart-1.1-RC1

2006-12-01 Thread Ruchith Fernando 

Hi,

We have a WS-SecureConversation sample that demonstrate the use of the
Rahas, but unfortunately I have not included any pure rahas (only
WS-Trust) examples in this release. BUT I'm working on some
documentation and will make some examples available with it.

Thanks,
Ruchith

On 12/1/06, Tony Dean <[EMAIL PROTECTED]> wrote:

Hi Ruchith,

Are there samples for integration with Rahas?  The rampart read me contains:

***
This directory contains three sub directories:

- basic - A set of samples that uses basic rampart configuration using
  parameters

- policy - A set of samples that uses rampart with WS-SecurityPolicy

- rahas - A set of samples demonstrating WS-Trust features provided by Rahas
***

But the rahas samples are not included.  Do you have such samples?  I'd like to 
evaluate some of this functionality.

Thanks.


-Original Message-----
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Friday, December 01, 2006 10:29 AM
To: axis-dev@ws.apache.org
Subject: Re: Apache Rampart-1.1-RC1

Thanks a lot ant  ... I'll fix those issues.

Thanks,
Ruchith

On 11/27/06, Anthony Elder <[EMAIL PROTECTED]> wrote:
> A lot of the XML config and build files don't have license headers,
> and I think the NOTICE file should probably also mention the Bouncy
> Castle copyright. Other than that it looks good to me and neither of
> those things are blockers and could just be tidied up for the next release.
>
>...ant
>
>
>
> "Ruchith Fernando" <[EMAIL PROTECTED]> on 27/11/2006 12:39:48
>
> Please respond to axis-dev@ws.apache.org
>
> To:"axis-dev@ws.apache.org" 
> cc:
> Subject:Apache Rampart-1.1-RC1
>
>
> Hi All,
>
> Apache Rampart-1.1-RC artifacts are now available.
> You can find them here:
> http://people.apache.org/~ruchithf/rampart-1.1-RC1/
>
> Please try out rampart and report any issues you have.
>
> Thanks,
> Ruchith
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
www.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache Rampart-1.1-RC1

2006-12-01 Thread Ruchith Fernando 

Thanks a lot ant  ... I'll fix those issues.

Thanks,
Ruchith

On 11/27/06, Anthony Elder <[EMAIL PROTECTED]> wrote:

A lot of the XML config and build files don't have license headers, and I
think the NOTICE file should probably also mention the Bouncy Castle
copyright. Other than that it looks good to me and neither of those things
are blockers and could just be tidied up for the next release.

   ...ant



"Ruchith Fernando" <[EMAIL PROTECTED]> on 27/11/2006 12:39:48

Please respond to axis-dev@ws.apache.org

To:"axis-dev@ws.apache.org" 
cc:
Subject:Apache Rampart-1.1-RC1


Hi All,

Apache Rampart-1.1-RC artifacts are now available.
You can find them here:
http://people.apache.org/~ruchithf/rampart-1.1-RC1/

Please try out rampart and report any issues you have.

Thanks,
Ruchith

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: VOTE: Apache Rampart-1.1 release [Was : VOTE: Apache Ramaprt-1.1 release]

2006-11-30 Thread Ruchith Fernando 

thanks for the correction ... I hope I can count other votes as votes
to release "Rampart" :-)

Thanks,
Ruchith

On 11/28/06, Eran Chinthaka <[EMAIL PROTECTED]> wrote:

Oops sorry I voted for Rampart, not for Ramaprt ;)

Eran Chinthaka wrote:
> +1 from me too.
>
> -- Chinthaka
>
> Anthony Elder wrote:
>> +1
>>
>>...ant
>>
>>
>>
>> "Ruchith Fernando" <[EMAIL PROTECTED]> on 27/11/2006 12:53:17
>>
>> Please respond to axis-dev@ws.apache.org
>>
>> To:"axis-dev@ws.apache.org" 
>> cc:
>> Subject:VOTE: Apache Ramaprt-1.1 release
>>
>>
>> Hi All,
>>
>> It has been a considerable time since we released Axis2-1.1. We just
>> made the Rampart-1.1-RC1 available.
>>
>> Some of the new features of Apache Rampart 1.1 are :
>>   - WS-SecureConversation support
>>   - WS-SecurityPolicy support
>>   - WS-Trust - STS and client API using (Apache Rahas - packaged in
>> Rampart)
>>
>> I'd like to call a vote to release Apache Rampart 1.1
>>
>> Here's my +1 for the release.
>>
>> Thanks,
>> Ruchith
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>








--
www.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

  1   2   3   4   >