Remote endpoint
Hi Is there a way for obtaining the remote endpoint (server and client side?) In the server side I get the Addressing info by using (in the Message Receiver: MessageContext inMessage, in the invokeBusinessLogic) EndpointReference from = inMessage.getFrom(); But I would like to compare it with the real (eg, httpclient) endpoint. The same in the client side: I've the From: in the Header, but I would like to compare it with the IP of the server that is responding. How to do it? This message was sent using IMP, the Internet Messaging Program.
Re: General setup of ws-trust
Hi, Quoting Håkon Sagehaug : Thanks for you tips and time, I'll read the paper. And take the weekend to try to understand the hole of this. Yes, I think it is a good starting point. It is not difficult to read, and it's interesting. To put the identities inside the token, would be a good idea. Ciao, Massimiliano This message was sent using IMP, the Internet Messaging Program.
Re: General setup of ws-trust
Hi Hakon, Just one issue on your token: Please use an enveloped signature (the signature itself is part of the token). In this way, if you don't sign the whole body, you'll be vulnerable to rewrite attacks. And another suggestion: If the token is inteded for a particular audience, then this audience should be defined here. If the token is referring to a particular client, then client's identity should be here. This paper, Prudent Engineering Practice for Cryptographic Protocols, Abadi and Needham, 95 is a good reading. And I think that the ws-sx mailing list is more appropriate for this topic. Quoting Håkon Sagehaug : Hi I guess what I'm trying to achieve with the token is to have a light weight SAML token. so just wanted to know if it was correct to have the ds:SignedInfo inside the element itself and signed by the private key of the sts. Another try on the XML ;) http://docs.oasis-open.org/ws-sx/ws-trust/200512";> test ADMIN project http://www.w3.org/2000/09/xmldsig# "> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> http://www.w3.org/2001/10/xml-exc-c14n#";> http://www.w3.org/2001/10/xml-exc-c14n#"/> http://www.w3.org/2000/09/xmldsig#sha1"; /> EFf0+eeFzPPm3eG+MJkfYbTsrrY= CULorNPLYbHJ04f4qdQQsN63HPzmlY= EHKFtFaX4iF1tWbGxa4+vIbbV4CaUG5s5x namespaces in removed more readability. 2009/3/20 Massimiliano Masi Hakon, Yes, it's only xml, but is important! (The RSTRC). :-) I don't understand your security token, I don't know if you expressed it correctly: You have a < -- missing RequestedSecurityToken > : Hi Thanks for the replay see inline 2009/3/20 Massimiliano Masi Hi, In general you should encrypt a message using the public key of the recipient and sign with the private key of the sender. This enforces integrity (the signature), authentication (the signature) and confidentiality (the encryption). As I told you, the RSTR is not correct. You really should use the RSTRC instead, since it is only request/response. I forgot to have this element, but it's only sudo xml The service ``trust'' the token, since it is signed by the STS, and we suppose that the STS that owns the private key. Pay attention for the STS to not be an oracle. We're implementing a sts of our own, and trying to get it all together. The reason why I'm asking all these questions, for getting the hole picture. Also, is the way I described the security token correct? This token is of course not how it looks in the real world but have the important elements. cheers, håkon Please, look at the 11 suggestions on how to write security protocols, written in 80's by Martin Abadi. Quoting Håkon Sagehaug : Hi all, I've been trying to really to understand ws-trust from the more general perspective, so maybe not the question should go out here, but since rampart is ws-trust implementation I hope it's okay. My setup is the classical ws-trust setup 1.Client 2.Sts 3.Target service The target service does not know about user, but trust the token issued by the sts, tokens is a set of roles. Flow 1. The client ask for a the tokens belonging to him, is this context a list of roles, based on the username and password of the user. Signed and encrypted by the uses private key 2. Sts service then validates the signature and decrypts it. 3.Creates a token with the roles for the user and signs/encrypts this with the private key of the sts service. And wrapping it inside a RequestSecuritTokenResponse lookking something like this http://common"; xmlns:oas=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " oas:Id="id_145663"> testu ADMIN testu_project http://www.w3.org/2000/09/xmldsig# "> http://www.w3.org/2001/10/xml-exc-c14n#"; />
Re: General setup of ws-trust
Hakon, Yes, it's only xml, but is important! (The RSTRC). :-) I don't understand your security token, I don't know if you expressed it correctly: You have a < -- missing RequestedSecurityToken > : Hi Thanks for the replay see inline 2009/3/20 Massimiliano Masi Hi, In general you should encrypt a message using the public key of the recipient and sign with the private key of the sender. This enforces integrity (the signature), authentication (the signature) and confidentiality (the encryption). As I told you, the RSTR is not correct. You really should use the RSTRC instead, since it is only request/response. I forgot to have this element, but it's only sudo xml The service ``trust'' the token, since it is signed by the STS, and we suppose that the STS that owns the private key. Pay attention for the STS to not be an oracle. We're implementing a sts of our own, and trying to get it all together. The reason why I'm asking all these questions, for getting the hole picture. Also, is the way I described the security token correct? This token is of course not how it looks in the real world but have the important elements. cheers, håkon Please, look at the 11 suggestions on how to write security protocols, written in 80's by Martin Abadi. Quoting Håkon Sagehaug : Hi all, I've been trying to really to understand ws-trust from the more general perspective, so maybe not the question should go out here, but since rampart is ws-trust implementation I hope it's okay. My setup is the classical ws-trust setup 1.Client 2.Sts 3.Target service The target service does not know about user, but trust the token issued by the sts, tokens is a set of roles. Flow 1. The client ask for a the tokens belonging to him, is this context a list of roles, based on the username and password of the user. Signed and encrypted by the uses private key 2. Sts service then validates the signature and decrypts it. 3.Creates a token with the roles for the user and signs/encrypts this with the private key of the sts service. And wrapping it inside a RequestSecuritTokenResponse lookking something like this http://common"; xmlns:oas=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " oas:Id="id_145663"> testu ADMIN testu_project http://www.w3.org/2000/09/xmldsig# "> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> http://www.w3.org/2001/10/xml-exc-c14n#";> http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="code ds kind rw saml samlp typens #default xsd xsi" /> http://www.w3.org/2000/09/xmldsig#sha1"; /> EFf0+eeFzPPm3eG+MJkfYbTsrrY= GQt+8+NOn= dnfjngjknfjkgnjkfngjknfjgnjf This of course is much similar to a saml assertion. then this is encrypted and signed using the sts private key. 4 The client verifies that the message comes form the sts and extracts the token from the message, finally places it in the header for the request to the target service. signs and encrypts it with the client's private key. 5. Now the target service decrypt the message, extract the token form the header , looks to see if this was signed with the private key of the sts. If so the perform the authorization based on the attributes in the token. Is this the correct way of accomplishing trust, and how the target service knows that these tokens is issued by the sts service? Really appreciate replays on this topic cheers, Håkon -- Håkon Sagehaug, Scientific Programmer Parallab, Bergen Center for Computational Science (BCCS) UNIFOB AS (University of Bergen Research Company) This message was sent using IMP, the Internet Messaging Program. -- Håkon Sagehaug, Scientific Programmer Parallab, Bergen Center for Computational Science (BCCS) UNIFOB AS (University of Bergen Research Company) This message was sent using IMP, the Internet Messaging Program.
Re: General setup of ws-trust
Hi, In general you should encrypt a message using the public key of the recipient and sign with the private key of the sender. This enforces integrity (the signature), authentication (the signature) and confidentiality (the encryption). As I told you, the RSTR is not correct. You really should use the RSTRC instead, since it is only request/response. The service ``trust'' the token, since it is signed by the STS, and we suppose that the STS that owns the private key. Pay attention for the STS to not be an oracle. Please, look at the 11 suggestions on how to write security protocols, written in 80's by Martin Abadi. Quoting Håkon Sagehaug : Hi all, I've been trying to really to understand ws-trust from the more general perspective, so maybe not the question should go out here, but since rampart is ws-trust implementation I hope it's okay. My setup is the classical ws-trust setup 1.Client 2.Sts 3.Target service The target service does not know about user, but trust the token issued by the sts, tokens is a set of roles. Flow 1. The client ask for a the tokens belonging to him, is this context a list of roles, based on the username and password of the user. Signed and encrypted by the uses private key 2. Sts service then validates the signature and decrypts it. 3.Creates a token with the roles for the user and signs/encrypts this with the private key of the sts service. And wrapping it inside a RequestSecuritTokenResponse lookking something like this http://common"; xmlns:oas=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; oas:Id="id_145663"> testu ADMIN testu_project http://www.w3.org/2000/09/xmldsig#";> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> http://www.w3.org/2001/10/xml-exc-c14n#";> http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="code ds kind rw saml samlp typens #default xsd xsi" /> http://www.w3.org/2000/09/xmldsig#sha1"; /> EFf0+eeFzPPm3eG+MJkfYbTsrrY= GQt+8+NOn= dnfjngjknfjkgnjkfngjknfjgnjf This of course is much similar to a saml assertion. then this is encrypted and signed using the sts private key. 4 The client verifies that the message comes form the sts and extracts the token from the message, finally places it in the header for the request to the target service. signs and encrypts it with the client's private key. 5. Now the target service decrypt the message, extract the token form the header , looks to see if this was signed with the private key of the sts. If so the perform the authorization based on the attributes in the token. Is this the correct way of accomplishing trust, and how the target service knows that these tokens is issued by the sts service? Really appreciate replays on this topic cheers, Håkon -- Håkon Sagehaug, Scientific Programmer Parallab, Bergen Center for Computational Science (BCCS) UNIFOB AS (University of Bergen Research Company) This message was sent using IMP, the Internet Messaging Program.
Re: Failing to extract RequestedSecurityToken usning STSClient
Hi, Quoting Håkon Sagehaug : Cannot obtain token identifier The best place is to look at the processIssueResponse code. I think you have to add an wsu:Id to your token and a RequestedAttachedReference or RequestedUnattachedReference in the RSTR, depending on your policy. This message was sent using IMP, the Internet Messaging Program.
Re: Failing to extract RequestedSecurityToken usning STSClient
Hi,
Quoting Håkon Sagehaug :
Can you specify that an interaction should be final or not? I looked at the
messages exchanged in rampart sample 05, and there the
RequestedSecurityTokenResponse was not wrapped inside a
RequestedSecurityTokenResponseCollection
Look at the Rampart's source, STSClient,
processIssueResponse:
if (version == RahasConstants.VERSION_05_12) {
//The WS-SX result will be an RSTRC
rstr = result.getFirstElement();
}
This means that the STS has to return the RSTRC. If you use a single
round trip, then the template is always RST/RSTRC.
I already posted it in the rampart-dev ml:
and also look at the OASIS' ml:
Ciao,
Massimiliano
This message was sent using IMP, the Internet Messaging Program.
Re: Failing to extract RequestedSecurityToken usning STSClient
Hi, Quoting Håkon Sagehaug : I 'm using the STSClient of rahas to call my sts service, but when I get the response back from the server I get this error message Because you are missing the RequestSecurityTokenResponseCollection. If it is a final step on issuing the token, the message MUST be: According to the OASIS spec, section 3.2: The element (RSTR) is used to return a security token or response to a security token request. The element (RSTRC) MUST be used to return a security token or response to a security token request on the final response. This message was sent using IMP, the Internet Messaging Program.
Re: Question about rampart samples05
Hi, Quoting Håkon Sagehaug : If I want to issue a my own token from the sts service I change in policy.xml in the TokenType element from ... is this correct? Should be, isn't that? :-) 3. What is the purpose of the TokenStorage? For maintaining tokens in a kind of ``session''. Since web services are stateless but sessionful, I'm using the tokenstorage in case of multiple challenge/response 4. Is there a way of looking at the implementation of the sts service? Yes, in the Rahas module. I've a working example, if you do precise questions, I can answer. Ciao, Massimiliano This message was sent using IMP, the Internet Messaging Program.
Re: How to Include SAML token in the Security header! Possible Solution!!!
Seshi,
I think you don't have to use the setText.
I was using something like:
/**
* Create a new fresh security header with WSSE 1.1 and Security
as localName
* @param securityAssertion
* @return
* @throws Exception
*/
private Element createSecurityHeader( Element securityAssertion )
throws Exception
{
OMFactory fac = OMAbstractFactory.getOMFactory();
OMNamespace wsseNs = fac.createOMNamespace(
NameSpaceUtils.WSSE_SECURITY_NS, "wsse" );
OMElement wsseSecurityHeaderOM = fac.createOMElement(
"Security", wsseNs );
OMElement securityAssertionOM = XMLUtils.toOM( securityAssertion );
wsseSecurityHeaderOM.addChild( securityAssertionOM );
return XMLUtils.toDOM( wsseSecurityHeaderOM );
}
But it's not clean and correct. Simply use the addChild method.
I'm searching on how to produce a SecurityPolicy for including it.
Quoting Seshi Patibanda :
All,
For those who are interested, I have found a way to include the "obtained"
SAML token in the created Security header () of the SOAP
message.
Used Axis2 AXIOM API methods to insert the Security header with the correct
namespace. Upon creating the security header , we just need to add the
obtained SAML token.
Importantly, this approach will completely BYPASS Rampart module engagement
with Axis2 client.
Attached is the code snippet that goes in to the WSDL2Java generated stub
class method toEnvelope(org.apache.axiom.soap.SOAPFactory factory, .. ,
...).
===
try {
//get SAML assertion token
String assertion = getAssertion();
org.apache.axiom.soap.SOAPEnvelope emptyEnvelope =
factory.getDefaultEnvelope();
OMNamespace ns = factory.createOMNamespace(
http://docs.oasis-open.org/wss/2004/01/oasis-2000401-wss-wssecurity-secext-1.0.xsd,
"wsse");
org.apache.axiom.soap.SOAPHeaderBlock soapHeaderBlock =
factory.createSOAPHeaderBlock("Security", ns);
//set the SAML assertion token in the SOAP Header block
soapHeaderBlock.setText(assertion);
//add the Header block to the header
emptyEnvelope.getHeader().addChild(soapHeaderBlock);
//add the relevant body to the envelope
emptyEnvelope.getBody().addChild(...);
return emptyEnvelope;
} catch (org.apache.axis2.databinding.ADBException e) {
throw org.apache.axis2.AxisFault.makeFault(e);
}
As a result, we will get the following SOAP header message:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
DISCLAIMER: When the SOAP message was intercepted (by setting
log4j.logger.httpclient.wire.header = DEBUG in the log4j.properties file),
found out that the "<" and ">" chars of the Assertion string was being
encoded to the corresponding "<" and ">".
If anyone has suggestions to pass the Assertion string correctly (without
encoding), please share your thoughts...
Thanks,
Seshi Patibanda
On Tue, Jan 27, 2009 at 12:21 PM, Seshi Patibanda wrote:
Hello all,
As per the thread seen on markmail.org (
http://markmail.org/thread/iq4j6x7g247wi75x), there was an update from
Ruchith Fernando dated Nov 4, 2007 about the ways to include the obtained
SAML token in the Security header.
First option was given as:
" By creating a wsse:Securityheader element and adding the token element
into the header. Rampart processing down the line will re-use this header. "
Could anyone please expand on how to implement this option using Apache
Rampart 1.4?
At my end, I have problems inserting an obtained SAML token in the Security
header of my SOAP request. I have sent an email to
axis-u...@ws.apache.orgmailing list requesting feedback but haven't
received any yet. All I need to
do is just pass the retrieved SAML token to the remote web service
(SSL-enabled) via SOAP header in the request.
My configuration:
Deployed Apache Rampart 1.4 module correctly as per the samples. Using
Axis2 1.4 client and stubs generated by WSDL2Java tool. Based on my
configuration, would policy based approach work? If so, does anyone have any
sample Transport-level security policies to implement the SAML passing?
Any feedback/suggestion is highly appreciated.
Thanks,
Seshi Patibanda
seshi...@gmail.com
This message was sent using IMP, the Internet Messaging Program.
Re: Misunderstanding in rampart processIssueResponse
Hi,
Nandana, you right: in the WS-Trust specification, on the
final leg, it MUST be an RSTRC.
I was confused by the spec. There is also a discussion on the
WS-SX mailing list about it.
The question is now how to deal with negotiation.
But is another story, I don't know if negotiation is implemented
in rampart.
Thank you,
Massimiliano
Quoting Nandana Mihindukulasooriya :
Hi Massimiliano,
On Wed, Jan 28, 2009 at 7:58 PM, Massimiliano Masi wrote:
Hello,
I'm posting here since the rampart's mailing list seems to be dead.
Is it dead? Is rampart still alive?
No, But during certain times developers are busy with other projects and you
might not get an answer to some of your mails. Still we try to answer most
of the questions during our free time.
in STSClient you have the method:
private Token processIssueResponse(int version, OMElement result,
String issuerAddress) throws TrustException {
OMElement rstr = result;
if (version == RahasConstants.VERSION_05_12) {
//The WS-SX result will be an RSTRCi
rstr = result.getFirstElement();
}
The rstr is always the first element, but for WST1.3 is not
mandatory at all.
This makes the stsclient unable to get the securitytoken
from a message like:
http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
urn:oasis:names:tc:SAML:2.0:assertion
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
...
Yes, this seems a bug. Can you raise a JIRA and even better if you can
attach a patch too.
thanks,
nandana
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org
This message was sent using IMP, the Internet Messaging Program.
Misunderstanding in rampart processIssueResponse
Hello,
I'm posting here since the rampart's mailing list seems to be dead.
Is it dead? Is rampart still alive?
in STSClient you have the method:
private Token processIssueResponse(int version, OMElement result,
String issuerAddress) throws TrustException {
OMElement rstr = result;
if (version == RahasConstants.VERSION_05_12) {
//The WS-SX result will be an RSTRC
rstr = result.getFirstElement();
}
The rstr is always the first element, but for WST1.3 is not
mandatory at all.
This makes the stsclient unable to get the securitytoken
from a message like:
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
urn:oasis:names:tc:SAML:2.0:assertion
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
URI="#_5d26046afa8e38339caa4e1c53735d4d"
ValueType="urn:oasis:names:tc:SAML:2.0:assertion" />
...
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_5d26046afa8e38339caa4e1c53735d4d"
IssueInstant="2009-01-13T17:06:00.597Z" Version="2.0">
Re: STSClient and TLS
Hi,
Quoting Massimiliano Masi <[EMAIL PROTECTED]>:
I don't understand exactly where to put my code, I think as options
for the service client.
I created MySTSClient, that extends STSClient. Here I did like this:
Protocol myProtocolHandler = new Protocol("https",
new CustomSSLSocket(new
File(getIdPKeyStoreFilename()).toURL(),
getSpiritIdPKeyStorePassword(),
new
File(getTSKeyStoreFilename()).toURL(),
getTSKeyStorePassword()),
443);
client.getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER,
myProtocolHandler);
And it works.
The customsslsocket is an the AuthSSLProtocolSocketFactory.java.
But here, How can I do hostname verification? I don't understand the
architecture...
This message was sent using IMP, the Internet Messaging Program.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
STSClient and TLS
Hello, I would like to have TLS communication between an STSClient and the STS. I understand that I've to write my own HttpClient, from here: http://ws.apache.org/axis2/1_3/http-transport.html I don't understand exactly where to put my code, I think as options for the service client. But how can I access the serviceClient, inside the STSClient? Thank you, Massimiliano This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Error in extracting properties: maybe a FAQ
Hi All,
I am trying to add a custom wsse:Security element in the SOAP envelope
before to apply the policy (since I've some problems with it).
I use this code:
//Service invocation
ServiceClient client = new ServiceClient(ctx, null);
OperationClient operationClient =
client.createClient(ServiceClient.ANON_OUT_IN_OP);
MessageContext outMsgCtx = new MessageContext();
client.engageModule("rampart");
client.engageModule("addressing");
Policy servicePolicy = loadPolicy(pathToPolicy,username);
String service = serviceName;
client.getServiceContext().setProperty(RampartMessageData.KEY_RAMPART_POLICY,
servicePolicy);
Options options = client.getOptions();
options.setAction("RegistryStoredQuery");
options.setSoapVersionURI(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);
options.setTo(new EndpointReference(service));
options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN,
responseToken.getId());
options.setUserName("max");
OMElement payload = XMLUtils.toOM(body);
outMsgCtx.setEnvelope(createSOAPEnvelope(XMLUtils.toOM(header),
XMLUtils.toOM(body), responseToken));
operationClient.addMessageContext(outMsgCtx);
operationClient.execute(true);
MessageContext inMsgtCtx = operationClient.getMessageContext("In");
SOAPEnvelope response = inMsgtCtx.getEnvelope();
//OMElement respElem = client.sendReceive(payload); //waiting
for the jira
//System.out.println("RESPONSE FROM SERVICE: \n" + respElem);
System.out.println("Response from service: "+response);
I get this exception:
If I use the client.sendReceive, everything works.
Thank you,
Massiimiliano.
12:59:32,669 ERROR [STDERR] org.apache.axis2.AxisFault: Error in
extracting message properties
12:59:32,670 ERROR [STDERR] at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
12:59:32,671 ERROR [STDERR] at
org.apache.axis2.engine.Phase.invoke(Phase.java:292)
12:59:32,672 ERROR [STDERR] at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
12:59:32,673 ERROR [STDERR] at
org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:377)
12:59:32,673 ERROR [STDERR] at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:374)
12:59:32,674 ERROR [STDERR] at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
12:59:32,674 ERROR [STDERR] at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
12:59:32,674 ERROR [STDERR] at
com.spirit.XUA.utils.XUAAssertions.sendToService(XUAAssertions.java:757)
12:59:32,675 ERROR [STDERR] at
com.spirit.XUA.actors.AD.TEMPORARY_TEST.temptemp(TEMPORARY_TEST.java:52)
12:59:32,675 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
12:59:32,676 ERROR [STDERR] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
12:59:32,676 ERROR [STDERR] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
12:59:32,677 ERROR [STDERR] at
java.lang.reflect.Method.invoke(Method.java:585)
12:59:32,677 ERROR [STDERR] at
org.apache.axis2.receivers.RawXMLINOutMessageReceiver.invokeBusinessLogic(RawXMLINOutMessageReceiver.java:97)
12:59:32,678 ERROR [STDERR] at
org.apache.axis2.receivers.AbstractInOutSyncMessageReceiver.invokeBusinessLogic(AbstractInOutSyncMessageReceiver.java:42)
12:59:32,678 ERROR [STDERR] at
org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:96)
12:59:32,679 ERROR [STDERR] at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:145)
12:59:32,679 ERROR [STDERR] at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
12:59:32,680 ERROR [STDERR] at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:120)
12:59:32,680 ERROR [STDERR] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
12:59:32,681 ERROR [STDERR] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
12:59:32,681 ERROR [STDERR] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
12:59:32,681 ERROR [STDERR] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
12:59:32,682 ERROR [STDERR] at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
12:59:32,682 ERROR [STDERR] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
12:59:32,683 ERROR [STDERR] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
12:59:32,683 ERROR [STDERR] at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
12:59:32,684 ERROR [STDER
Re: Accessing security header from service
Ciao,
Quoting Todd Allen <[EMAIL PROTECTED]>:
This link may help:
http://wso2.org/library/169
This might be outdated. Try this code:
Vector results = null;
String username = null;
if ((results = (Vector) inMsgCtx
.getProperty(WSHandlerConstants.RECV_RESULTS)) == null)
throw new RuntimeException("No security results!!");
else {
for (int i = 0; i < results.size(); i++) {
// Get hold of the WSHandlerResult instance
WSHandlerResult rResult = (WSHandlerResult)
results.get(i);
Vector wsSecEngineResults =
rResult.getResults();
for (int j = 0; j < wsSecEngineResults.size();
j++) {
// Get hold of the
WSSecurityEngineResult instance
WSSecurityEngineResult wser = (WSSecurityEngineResult)
wsSecEngineResults.get(j);
// Extract the principal
Collection values = wser.values();
Iterator valuesIt = values.iterator();
while (valuesIt.hasNext()) {
Object o = valuesIt.next();
if (o instanceof
WSUsernameTokenPrincipal) {
WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal) o;
username =
principal.getName();
}
// Todo: to see if it is
instance of kerberos token
// etc.
}
}
}
}
This message was sent using IMP, the Internet Messaging Program.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2] (Long) Ws-Policy: problem with SAMLtoken and WSAS example
Hi, Quoting Massimiliano Masi <[EMAIL PROTECTED]>: Hi All, I'm very frustrated: I'm developing policies for getting a SAML 2 token from a WS-Trust STS implemented using Rahas. Another doubt is: in the rampart policy examples, the sample05 shows how to obtain a SAML Token, but are there any examples that shows how to use the SAML Token issued? Since rampart implements security policy 1.1, do I have to implement my own code, that extends the RampartPolicy to handle the saml2.0 token (maybe, based on token reference?) In this case, could you point me on what I've to extend? The WSAS sample IMHO, has an error: he puts the TokenType in the RequestSecurityTokenTemplate, that is, an error: the content of this policy element should be copied directly in the SecondaryParameters of the wst:RequestSecurityToken, and TokenType is a brother of SecondaryParameters. Am I wrong? Thanks, Massimiliano This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Axis2] (Long) Ws-Policy: problem with SAMLtoken and WSAS example
Hi All, I'm very frustrated: I'm developing policies for getting a SAML 2 token from a WS-Trust STS implemented using Rahas. I've to put it in the wsse:Security. So I created the following policy for the service that needs the token as is [1] (taken from the WSAS example). I got NPE: 19:20:49,721 ERROR [AxisServlet] java.lang.NullPointerException at java.util.PropertyResourceBundle.handleGetObject(PropertyResourceBundle.java:103) at java.util.ResourceBundle.getObject(ResourceBundle.java:319) at java.util.ResourceBundle.getString(ResourceBundle.java:285) at org.apache.rahas.TrustException.getMessage(TrustException.java:105) at org.apache.rahas.TrustException.(TrustException.java:54) at org.apache.rahas.TrustException.(TrustException.java:83) at com.spirit.XUA.utils.SpiritTokenIssuer.issue(SpiritTokenIssuer.java:234) org.apache.axis2.AxisFault: java.lang.NullPointerException at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528) at org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:127) at com.spirit.XUA.utils.XUAAssertions.getAuthenticatedViaWSTrust(XUAAssertions.java:430) So, I cannot access the STS, that gives me a TrustException. If I use the following policy [2] I got this MTOM (?) exception client side (after getting in the right way the SAML assertion): [java] org.apache.axis2.AxisFault: org/apache/axis2/policy/model/MTOMAssertion [java] at org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:194) [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:747) [java] at org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:201) [java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:104) [java] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288) [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [java] at java.lang.reflect.Method.invoke(Method.java:585) [java] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105) [java] at org.apache.tools.ant.Task.perform(Task.java:348) [java] at org.apache.tools.ant.Target.execute(Target.java:357) [java] at org.apache.tools.ant.Target.performTasks(Target.java:385) [java] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1329) [java] at org.apache.tools.ant.Project.executeTarget(Project.java:1298) [java] at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41) [java] at org.eclipse.ant.internal.ui.antsupport.EclipseDefaultExecutor.executeTargets(EclipseDefaultExecutor.java:32) [java] at org.apache.tools.ant.Project.executeTargets(Project.java:1181) [java] at org.eclipse.ant.internal.ui.antsupport.InternalAntRunner.run(InternalAntRunner.java:423) [java] at org.eclipse.ant.internal.ui.antsupport.InternalAntRunner.main(InternalAntRunner.java:137) [java] Caused by: org.apache.axis2.AxisFault: org/apache/axis2/policy/model/MTOMAssertion [java] at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486) [java] at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343) [java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) [java] at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211) [java] at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) [java] at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528) [java] at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:508) [java] at com.test.TestClient.main(TestClient.java:58) [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [1] http://www.mascanc.net/~max/sts1.xml [2] http://www.mascanc.net/~max/sts2.xml Thank you, Massimiliano This message was sent using IMP, the Internet Messaging Program.
Mac os x Leopard Java has the RegexpBug
Hi all, Just FYI: I have a mac os x leopard and I have (I think !!!) this problem: https://issues.apache.org/jira/browse/AXIS2-3146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel I have java version "1.5.0_13" This is the exception: at org.eclipse.ant.internal.ui.antsupport.InternalAntRunner.main(InternalAntRunner.java:137) [java] Caused by: java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 0 [java] *.local [java] ^ [java] at java.util.regex.Pattern.error(Pattern.java:1650) [java] at java.util.regex.Pattern.sequence(Pattern.java:1787) [java] at java.util.regex.Pattern.expr(Pattern.java:1687) [java] at java.util.regex.Pattern.compile(Pattern.java:1397) [java] at java.util.regex.Pattern.(Pattern.java:1124) [java] at java.util.regex.Pattern.compile(Pattern.java:817) [java] at java.util.regex.Pattern.matches(Pattern.java:919) [java] at java.lang.String.matches(String.java:1921) [java] at org.apache.axis2.transport.http.ProxyConfiguration.validateNonProxyHosts(ProxyConfiguration.java:261) [java] at org.apache.axis2.transport.http.ProxyConfiguration.isProxyEnabled(ProxyConfiguration.java:223) This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
My fresh token is already invalid!!! (Rampart throws NPE)
Hi All,
I have the SAML2 token issuer. I request it using STSClient:
Token responseToken = stsClient.requestSecurityToken(servicePolicy,
sts, stsPolicy, service);
Then I add it to the TokenStorage:
TokenStorage store = TrustUtil.getTokenStore(ctx);
store.add(responseToken); // now store contains my SAML2 token
The problem is when I try to get the list of valid tokens:
Token[] tokens = store.getValidTokens();
for (int i=0; iI don't enter in the for loop. When I try to send the message to the
endpoint, I got this:
16:21:15,931 INFO [XUAAssertions]
Payloadxmlns:axis2ns1="http://tiani/xds";>WSO2 WSAS
Rocks!!!
16:21:15,954 ERROR [STDERR] java.lang.NullPointerException
16:21:15,956 ERROR [STDERR] at
org.apache.rampart.builder.SymmetricBindingBuilder.initializeTokens(SymmetricBindingBuilder.java:681)
16:21:15,957 ERROR [STDERR] at
org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:73)
In SymmetricBindingBuilder at the line 681 I have:
SecureConversationToken secConvTok =
(SecureConversationToken) sigTok;
try { <-- this is the 681
String id = RampartUtil.getSecConvToken(rmd, secConvTok);
rmd.setSecConvTokenId(id);
I'm using rampart 1.3, and the code is from three days ago. It shouldn't be
here. Is not WS-SecConv.
My policy is:
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
xmlns="http://www.w3.org/2005/08/addressing";>
http://foo.bar/we/don/t/process/this/yet
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>
urn:oasis:names:tc:SAML:2.0:assertion
This message was sent using IMP, the Internet Messaging Program.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question about merlin
Hi,
Quoting Massimiliano Masi <[EMAIL PROTECTED]>:
Yes. I used the same name and everything was working, but now I cannot.
I should sign the message with the key of the service itself, but
I need to authenticate another user.
I found the following in BindingBuilder.java:
protected WSSecUsernameToken addUsernameToken(RampartMessageData
rmd) throws RampartException {
log.debug("Adding a UsernameToken");
RampartPolicyData rpd = rmd.getPolicyData();
//Get the user
//First try options
Options options = rmd.getMsgContext().getOptions();
String user = options.getUserName();
if(user == null || user.length() == 0) {
//Then try RampartConfig
if(rpd.getRampartConfig() != null) {
user = rpd.getRampartConfig().getUser();
}
}
So, it means that to achieve my result I have to put options in the
RampartMessageData messageContext. But How can I do this?
Thanks,
Massimiliano
This message was sent using IMP, the Internet Messaging Program.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question about merlin
Hi, Quoting Nandana Mihindukulasooriya <[EMAIL PROTECTED]>: I get rid of the problem by making the username of the UsernameToken and alias of the certificate the same. But I think this is not always possible. Yes. I used the same name and everything was working, but now I cannot. I should sign the message with the key of the service itself, but I need to authenticate another user. This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Question about merlin
Hi all,
I've a question about digital signature. I'm using ws-securitypolicy.
I have a policy that wants to sign the body and I have an usernametoken.
Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());
RampartConfig rc = new RampartConfig();
rc.setUser(username);
rc.setEncryptionUser("client");
rc.setPwCbClass(ClientPasswordCallbackHandler.class.getName());
How can I set the username value? If I use rc.setUser, the username is also
used as user for the keystore, and merlin won't instantiate.
The callback returns with the password only (for the usernametoken, I think).
Thanks,
This message was sent using IMP, the Internet Messaging Program.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Cannot obtain token identifier
Hi, I have implemented the STS token issuer, to issue custom saml token. I just copied the SAMLTokenIssuer.java from the SVN of rampart. But the client doesn't find the token reference: [java] Got trustexception + Cannot obtain token identifier [java] org.apache.rahas.TrustException: Cannot obtain token identifier [java] at org.apache.rahas.client.STSClient.processIssueResponse(STSClient.java:224) I think I've to add something like this, System.err.println(TrustUtil.createSecurityTokenReference(doc, assertion.getID(), "aa")); But what is the third field? And how I can add it to the envelope in the WSSE: Header? Thanks, This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Rampart cannot instantiate my TokenIssuer
Hi all, I've a problem with rampart 1.3. I create a security policy for my rampart WS-Trust, and I put in the services.xml the following: urn:oasis:names:tc:SAML:2.0:assertion Everything goes ok, but I've the following problem, when the security policy has validated: 12:27:39,463 ERROR [STDERR] org.apache.rahas.TrustException: Error in loading and instantiating the class "com.test.TokenIssuer" 12:27:39,465 ERROR [STDERR] at org.apache.rahas.TokenRequestDispatcherConfig.getIssuer(TokenRequestDispatcherConfig.java:212) Where I've to put my class? It is in the aar. Thanks, Massimiliano This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Axis2 and rampart design question
Hi Dimuthu, Quoting Dimuthu <[EMAIL PROTECTED]>: If you want to configure claims you can use the callback mechanism as in this test case[1]. Thank for your answer. I took as example the STSClient test from wsas [1] and the security policy for the server and the client. I also created the keystore as described here [2]. I put in my services.xml the following: http://www.w3.org/2006/01/wsdl/in-out";> http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate saml2-issuer-config urn:oasis:names:tc:SAML:2.0:assertion But I got this error: [java] Caused by: org.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) Have you any idea? And, there is an example of a STS service? Thank you, [1] WSAS Example: http://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java [2] Keystore http://wso2.org/library/174 This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Axis2 and rampart design question
Hi all, I am trying to setup a webservice that acts as WS-Trust STS with rampart. I've a design question. Clients sends the authentication claim in the wsse:Security element in the header (claims such as Username/Password, SAML Tokens, Kerberos and X.509 binary secrets). Based on the identity carried in this wsse:Security, the STS decide to issue or not the security token (that is my own implementation of SAML2). Now I'm thinking: the wsse:Security element is detached by a module (that I will write I think, to get all my claims processed). But, detaching the header, I don't know anymore the identity of the user! So, I thought to put in the header of the SOAP message something like userIdentity so the STS implementation can have the information on the identity of the user (and can decide to issue a token). Have you other ideas? Does it looks good for you? Have you any pattern? I'll appreciate your hints! Thank you! This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Rampart as STS question
Hi all, I'm trying to use rampart (1.2) as STS. I removed from the axis2.xml in the axis2.war the (rampart.mar is still in WEB-INF/modules). I created a WS a simple class that returns null. I created another class that implements TokenIssuer and I put in the =20 services.xml the rampart info as shown in the rampart quick-start. I would like to issue my own token (SAML2). What are the methods that I can use to put my own SAMLAssertion (as OMELemen= t) in the response? My client sets as action the IssueToken operation. I then created the =20 following SOAP Message: http://www.w3.org/2003/05/soap-envelope";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu= rity-secext-1.0.xsd" =20 mustUnderstand=3D"1"> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur= ity-utility-1.0.xsd" =20 wsu:Id=3D"UsernameToken-5168970"> masi http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-tok= en-profile-1.0#PasswordText">quezalcoatl http://docs.oasis-open.org/ws-sx/ws-trust/200512"; =20 ID=3D"FAKEID"> oasis:names:tc:SAML:2.0:assertion =20 http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue<= /wst:RequestType> http://schemas.xmlsoap.org/ws/2004/09/policy";>http://localhost:= 8080/Spirit/XDS/Registry Rahas returns with an error: 15:56:54,255 ERROR [STDERR] org.apache.rahas.TrustException: The =20 specified request failed 15:56:54,257 ERROR [STDERR] at =20 org.apache.rahas.RahasData.processWSS4JSecurityResults(RahasData.java:143) 15:56:54,257 ERROR [STDERR] at =20 org.apache.rahas.RahasData.(RahasData.java:87) 15:56:54,258 ERROR [STDERR] at =20 org.apache.rahas.TokenRequestDispatcher.handle(TokenRequestDispatcher.java:4= 7) 15:56:54,258 ERROR [STDERR] at =20 org.apache.rahas.STSMessageReceiver.invokeBusinessLogic(STSMessageReceiver.j= ava:57) 15:56:54,258 ERROR [STDERR] at =20 org.apache.axis2.receivers.AbstractInOutSyncMessageReceiver.receive(Abstract= InOutSyncMessageReceiver.java:39) 15:56:54,259 ERROR [STDERR] at =20 org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:144) 15:56:54,259 ERROR [STDERR] at =20 org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HT= TPTransportUtils.java:279) 15:56:54,259 ERROR [STDERR] at =20 org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116) 15:56:54,260 ERROR [STDERR] at =20 javax.servlet.http.HttpServlet.service(HttpServlet.java:717) 15:56:54,260 ERROR [STDERR] at =20 javax.servlet.http.HttpServlet.service(HttpServlet.java:810) 15:56:54,261 ERROR [STDERR] at =20 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application= FilterChain.java:252) 15:56:54,261 ERROR [STDERR] at =20 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh= ain.java:173) 15:56:54,261 ERROR [STDERR] at =20 org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.ja= va:96) 15:56:54,262 ERROR [STDERR] at =20 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application= FilterChain.java:202) 15:56:54,262 ERROR [STDERR] at =20 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh= ain.java:173) 15:56:54,262 ERROR [STDERR] at =20 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja= va:213) 15:56:54,263 ERROR [STDERR] at =20 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja= va:178) 15:56:54,263 ERROR [STDERR] at =20 org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssoci= ationValve.java:175) 15:56:54,263 ERROR [STDERR] at =20 org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:= 74) 15:56:54,263 ERROR [STDERR] at =20 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126= ) 15:56:54,264 ERROR [STDERR] at =20 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105= ) 15:56:54,264 ERROR [STDERR] at =20 org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionVa= lve.java:156) 15:56:54,264 ERROR [STDERR] at =20 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java= :107) 15:56:54,265 ERROR [STDERR] at =20 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) 15:56:54,265 ERROR [STDERR] at =20 org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) 15:56:54,265 ERROR [STDERR] at =20 org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processC= onnection(Http11BaseProtocol.java:664) 15:56:54,265 ERROR [STDERR] at =20 org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav= a:527) 15:56:54,266 ERROR [STDERR] at =20 org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThre= ad.java:112) 15:56:54,266 ERROR [STDERR] at java.lang.Thread.run(Thread.java:
[axis2] Problem with mustUnderstand
Hi, I have a SOAPMessage that uses element with the mustUnderstand="1" attribute. I created it in the client using rampart. Now, in the service, I would like to manage the ws-security header by myself, without using rampart and without writing my own handler, just in the method of the webservice itself, using the SOAPHeaderBlock interface. Now the problem is that the method of my webservice is not invoked, axis2 throws an AxisFault before invoking the method. Have you any idea? Thanks, Massimiliano This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Web Service Proliferation
Hi all,
I'm running JBoss 4.0.5. I've a ws that must request a service to another.
I use the following code:
System.out.println("*** Requesting for a functional role");
ServiceClient client = new ServiceClient();
OperationClient operationClient =
client.createClient(ServiceClient.ANON_OUT_IN_OP);
MessageContext outMsgCtx = new MessageContext();
Options opts = outMsgCtx.getOptions();
opts.setTo(targetEPR);
opts.setAction("AttributeQuery");
SOAPFactory fac = OMAbstractFactory.getSOAP12Factory();
SOAPEnvelope envelope = fac.getDefaultEnvelope();
envelope.getBody().addChild(attributeRequestSigned);
System.err.println(envelope.toString());
outMsgCtx.setEnvelope(envelope);
operationClient.addMessageContext(outMsgCtx);
operationClient.execute(true);
// pass message label as method argument
MessageContext inMsgtCtx = operationClient.getMessageContext("In");
SOAPEnvelope response = inMsgtCtx.getEnvelope();
And I get the following error:
[AxisServlet] java.lang.NullPointerException
16:46:10,944 INFO [STDOUT] 238335 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.header - >> "POST
/axis2/services/SpiritAuthenticationAuthority HTTP/1.1[\r][\n]"
16:46:11,018 INFO [STDOUT] 238408 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.header - >> "Content-Type: application/soap+xml;
charset=UTF-8; action="AttributeQuery"[\r][\n]"
16:46:11,019 INFO [STDOUT] 238410 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.header - >> "User-Agent: Axis2[\r][\n]"
16:46:11,020 INFO [STDOUT] 238411 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.header - >> "Host: localhost:8080[\r][\n]"
16:46:11,021 INFO [STDOUT] 238412 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.header - >> "Transfer-Encoding: chunked[\r][\n]"
16:46:11,023 INFO [STDOUT] 238414 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.header - >> "[\r][\n]"
16:46:11,117 INFO [STDOUT] 238507 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "cd0[\r][\n]"
16:46:11,147 ERROR [AxisServlet] java.lang.NullPointerException
16:46:11,149 INFO [STDOUT] 238538 [http-0.0.0.0-8080-2] ERROR
org.apache.axis2.transport.http.AxisServlet -
java.lang.NullPointerException
16:46:11,194 INFO [STDOUT] 238585 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "encoding='UTF-8'?>xmlns:wsa="http://www.w3.org/2005/08/addressing";
xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>http://localhost:8080/axis2/services/SpiritAuthenticationAuthorityurn:uuid:CA7A64DB85574468BC1188917168200AttributeQueryhttp://www.tiani-spirit.com/XDSb"; ID="_6f029d7955496c88da0467f33e8e1cb4" IssueInstant="2007-09-04T14:46:07.144Z" Version="2.0">http://www.tiani-spirit.com/XDS/NAMEQUALIFIER"; SPNameQualifier="http://www.tiani-spirit.com/XDS/SPNameQualifier"; SPProvidedID="spirit-xds-document-registry">http://www.tiani-spirit.com/XDSbDRxmlns:ds="http://www.w3.org/2000/09/xmldsig#";>[\n]"
16:46:11,196 INFO [STDOUT] 238587 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "[\n]"
16:46:11,197 INFO [STDOUT] 238588 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />[\n]"
16:46:11,198 INFO [STDOUT] 238589 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />[\n]"
16:46:11,199 INFO [STDOUT] 238590 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "URI="#_6f029d7955496c88da0467f33e8e1cb4">[\n]"
16:46:11,199 INFO [STDOUT] 238590 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "[\n]"
16:46:11,200 INFO [STDOUT] 238591 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
/>[\n]"
16:46:11,201 INFO [STDOUT] 238592 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments";>http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="ds saml samlp"
/>[\n]"
16:46:11,202 INFO [STDOUT] 238593 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "[\n]"
16:46:11,203 INFO [STDOUT] 238594 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"; />[\n]"
16:46:11,204 INFO [STDOUT] 238595 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "[\n]"
16:46:11,205 INFO [STDOUT] 238596 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "[\n]"
16:46:11,205 INFO [STDOUT] 238596 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "URI="#_6f029d7955496c88da0467f33e8e1cb4">[\n]"
16:46:11,206 INFO [STDOUT] 238597 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "[\n]"
16:46:11,207 INFO [STDOUT] 238598 [http-0.0.0.0-8080-3] DEBUG
httpclient.wire.content - >> "Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
/>[\n]"
16:46:11,208 INFO [STDOUT] 23859
Rampart and SAML question
Hi all, I have a SAML2 Authentication Assertion as OMElement, created by opensaml2. How can I include it in the SOAP Header using the rampart api? Is there a way to do it? Thank you in advance, Massimiliano This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Implementing ws-trust
Hi All, I have to implement a WS-Trust STS that issues SAML2.0 tokens. It is not possible using rampart and rahas, so I decided to code it on my own. I try to get the WSDL from oasis with errors: [EMAIL PROTECTED] ~ $ wsdl2java.sh -uri http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.wsdl -pn SecurityTokenService Using AXIS2_HOME: /Users/max/Documents/axis2/ Using JAVA_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/1.5/Home Retrieving schema at 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.xsd', relative to 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.wsdl'. Retrieving schema at 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd', relative to 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.xsd'. Retrieving schema at 'http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd', relative to 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.xsd'. Retrieving schema at 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd', relative to 'http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd'. Retrieving schema at 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd', relative to 'http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd'. Retrieving schema at 'http://www.w3.org/2001/xml.xsd', relative to 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'. Retrieving schema at 'http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd', relative to 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'. Retrieving schema at 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd', relative to 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'. Retrieving schema at 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd', relative to 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.xsd'. Retrieving schema at 'http://www.w3.org/2006/03/addressing/ws-addr.xsd', relative to 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.xsd'. Exception in thread "main" org.apache.axis2.wsdl.codegen.CodeGenerationException: Error parsing WSDL at org.apache.axis2.wsdl.codegen.CodeGenerationEngine.(CodeGenerationEngine.java:137) at org.apache.axis2.wsdl.WSDL2Code.main(WSDL2Code.java:32) at org.apache.axis2.wsdl.WSDL2Java.main(WSDL2Java.java:21) Caused by: org.apache.axis2.AxisFault: No service was not found in the WSDL at http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3.wsdl with targetnamespace http://docs.oasis-open.org/ws-sx/ws-trust/200512/ at org.apache.axis2.description.WSDL11ToAllAxisServicesBuilder.populateAllServices(WSDL11ToAllAxisServicesBuilder.java:106) at org.apache.axis2.wsdl.codegen.CodeGenerationEngine.(CodeGenerationEngine.java:131) ... 2 more Have you any idea??? How can I find docs on how to customize services.xml in order to generate a WSDL compatible with the OASIS one? Thank you, -- Massimiliano Masi http://www.comunidelchianti.it/~max - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
