RE: FW: Newbie Basics: Security Policy

2008-07-16 Thread Roxanne Yee 
h this 
policy to
> services.xml and to a client. Please go through the Rampart policy 
samples
> and you will be able to see how that is done. If you have further
> questions,
> please feel free to throw them in.
>
> regards,
> nandana
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>
>  
>   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
>http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> "
> />
>
>
>
>http://ws.apache.org/rampart/policy
> ">
>
>username
>
>
> 
org.apache.rampart.samples.policy.sample01.PWCBHandler
>
>
>  
>
> 
>
> On Mon, Jul 14, 2008 at 11:53 PM, Roxanne Yee <[EMAIL PROTECTED]> 
wrote:
>
> > If I simply wanted to implement a web service that used a User Name 
Token
> > authentication system with a Username and Password in Plaintext (no 
SSL
> for
> > now, cause I'm a little sketchy on how to actually set that up), 
what
> would
> > I need to do if using the Policy handler configuration?
> >
> > Thanks.
> >
> > => RY
> >
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
Nandana Mihindukulasooriya
WSO2 inc.

http://nandana83.blogspot.com/



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-- 
Nandana Mihindukulasooriya 
WSO2 inc.

http://nandana83.blogspot.com/

<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: FW: Newbie Basics: Security Policy

2008-07-15 Thread Roxanne Yee 
e-
> From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
> Sent: Mon 7/14/2008 8:01 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Newbie Basics: Security Policy
>
> Hi Roxane,
>
> This is the policy to be used. Hope you know how to attach this policy to
> services.xml and to a client. Please go through the Rampart policy samples
> and you will be able to see how that is done. If you have further
> questions,
> please feel free to throw them in.
>
> regards,
> nandana
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>
>  
>   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
>http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
> "
> />
>
>
>
>http://ws.apache.org/rampart/policy
> ">
>
>username
>
>
> org.apache.rampart.samples.policy.sample01.PWCBHandler
>
>
>  
>
> 
>
> On Mon, Jul 14, 2008 at 11:53 PM, Roxanne Yee <[EMAIL PROTECTED]> wrote:
>
> > If I simply wanted to implement a web service that used a User Name Token
> > authentication system with a Username and Password in Plaintext (no SSL
> for
> > now, cause I'm a little sketchy on how to actually set that up), what
> would
> > I need to do if using the Policy handler configuration?
> >
> > Thanks.
> >
> > => RY
> >
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
Nandana Mihindukulasooriya
WSO2 inc.

http://nandana83.blogspot.com/

<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

FW: Newbie Basics: Security Policy

2008-07-15 Thread Roxanne Yee 



-Original Message-
From: Roxanne Yee [mailto:[EMAIL PROTECTED]
Sent: Tue 7/15/2008 8:11 AM
To: [EMAIL PROTECTED]
Subject: RE: Newbie Basics: Security Policy
 
Just to verify how this policy would work...
So if I use this policy, I can just tell soapUI to add a User Name Token with 
username "alice" and password "bobPW", and I should receive an echo back (using 
the service in the samples) in the response? However, when I do this, for some 
reason I receive and error. The RAW messages are reprinted below:


REQUEST:
Host: 192.168.1.247:8080
Content-Length: 803
User-Agent: Jakarta Commons-HttpClient/3.0.1
Content-Type: application/soap+xml;charset=UTF-8;action="urn:echo"
 
http://sample01.policy.samples.rampart.apache.org"; 
xmlns:soap="http://www.w3.org/2003/05/soap-envelope";>
  
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
alice
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>bobPW
  
  
  
  
  
 
 ?
  
  



RESPONSE:
HTTP/1.1 500 Internal Server Error
Date: Tue, 15 Jul 2008 18:05:24 GMT
Transfer-Encoding: chunked
Connection: close
Content-Type: application/soap+xml; 
action="http://www.w3.org/2005/08/addressing/soap/fault";charset=UTF-8
Server: Apache-Coyote/1.1


   http://www.w3.org/2003/05/soap-envelope";>
 
   
  
soapenv:Receiver
  
  
 java.lang.NoSuchMethodError: 
org.apache.ws.security.message.WSSecHeader.isEmpty(Lorg/w3c/dom/Document;)Z
  
  
   
 
   


Thanks.

=>RY

-Original Message-
From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
Sent: Mon 7/14/2008 8:01 AM
To: [EMAIL PROTECTED]
Subject: Re: Newbie Basics: Security Policy
 
Hi Roxane,

This is the policy to be used. Hope you know how to attach this policy to
services.xml and to a client. Please go through the Rampart policy samples
and you will be able to see how that is done. If you have further questions,
please feel free to throw them in.

regards,
nandana

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>

  
   http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>

http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>



http://ws.apache.org/rampart/policy";>

        username

org.apache.rampart.samples.policy.sample01.PWCBHandler


  



On Mon, Jul 14, 2008 at 11:53 PM, Roxanne Yee <[EMAIL PROTECTED]> wrote:

> If I simply wanted to implement a web service that used a User Name Token
> authentication system with a Username and Password in Plaintext (no SSL for
> now, cause I'm a little sketchy on how to actually set that up), what would
> I need to do if using the Policy handler configuration?
>
> Thanks.
>
> => RY
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Newbie Question: Rampart Policy Sample 01

2008-07-15 Thread Roxanne Yee 
I think I've read this somewhere before, but just to verify...
If you run Rampart Policy Sample 01 as is and if you don't have https, it won't 
work, and will create an "Internal server error"?

Because I am not using SSL; I'm using HTTP and running policy/sample01. 
However, if I uncomment the line



in the services.xml file, a WSDL file is generated. It' be appreciated if 
someone could explain what the uncommented line does. :P


Thanks.

=>RY
<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Rampart: Policy versus Parameters

2008-07-15 Thread Roxanne Yee 
Dynamically? How so?

Thanks.

=>RY


-Original Message-
From: Sanjay Vivek [mailto:[EMAIL PROTECTED]
Sent: Mon 7/14/2008 8:25 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart: Policy versus Parameters
 
The policy method is far more flexible. It allows you to dynammically set the 
username/password (which cannot be done by the Parameter method) and much more. 

Cheers
Sanjay 


-Original Message-
From: Roxanne Yee [mailto:[EMAIL PROTECTED]
Sent: Mon 14/07/2008 18:35
To: axis-user@ws.apache.org
Subject: Rampart: Policy versus Parameters
 
I was just wondering, what method of WS-Security with Rampart do most people 
use and find the easiest: the Policy method (with the RampConfig element) or 
the Parameter method (with the InflowSecurity and OutflowSecurity parameters in 
services.xml)? 

Thanks.

=> RY


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Rampart versions

2008-07-14 Thread Roxanne Yee 
Would having the Rampart 1.3 module and Rampart 1.4 files in the java/jre/lib 
cause any errors?


-Original Message-
From: Roxanne Yee [mailto:[EMAIL PROTECTED]
Sent: Mon 7/14/2008 12:45 PM
To: axis-user@ws.apache.org
Subject: Rampart Policy Samples
 
Has anyone run the Policy Samples with Rampart 1.4? For some reason I get an 
exception (I believe in deployment) when all I'm doing is building the .aar 
archive with ant and copying it to tomcat/webapps/axis2/WEB-INF/services. I 
believe I was able to run them with Rampart 1.3, but I recently changed to 
Rampart 1.4; could there be a step that I may have missed? I even tried to run 
the policy samples from the Rampart 1.3 directory and they don't even deploy 
correctly.


Thanks.

=>RY

<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Rampart Policy Samples

2008-07-14 Thread Roxanne Yee 
Has anyone run the Policy Samples with Rampart 1.4? For some reason I get an 
exception (I believe in deployment) when all I'm doing is building the .aar 
archive with ant and copying it to tomcat/webapps/axis2/WEB-INF/services. I 
believe I was able to run them with Rampart 1.3, but I recently changed to 
Rampart 1.4; could there be a step that I may have missed? I even tried to run 
the policy samples from the Rampart 1.3 directory and they don't even deploy 
correctly.


Thanks.

=>RY
<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Rampart: Policy versus Parameters

2008-07-14 Thread Roxanne Yee 
I was just wondering, what method of WS-Security with Rampart do most people 
use and find the easiest: the Policy method (with the RampConfig element) or 
the Parameter method (with the InflowSecurity and OutflowSecurity parameters in 
services.xml)? 

Thanks.

=> RY
<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Another Newbie Question: Rampart passwordCallbackClass

2008-07-14 Thread Roxanne Yee 
Is the passwordCallbackClass provided in the Rampart samples for the server or 
the client? If it is for both, the what would be the difference? I've read 
http://wso2.org/node/240/print/ and am still confused. 
<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Newbie Question: Rampart passwordCallbackClass

2008-07-14 Thread Roxanne Yee 
Does anyone know what the  class does in detail? 

For instance, what happens if you return? With regards to a User Name Token, is 
it just given a "username" and returns/sets the "password"? What part 
authenticates the username and password pair?

Any help would be great! I'm new to Java so even general Java knowledge is 
appreciated!


-Original Message-
From: Chau, Hoang [mailto:[EMAIL PROTECTED]
Sent: Mon 7/14/2008 6:49 AM
To: axis-user@ws.apache.org; [EMAIL PROTECTED]
Subject: RE: WSS4J , Rampart
 
Thanks Jose.  It clarifies my question.



From: José Ferreiro [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 9:44 AM
To: axis-user@ws.apache.org
Subject: Re: WSS4J , Rampart


Hello,

Basically, you may use WSS4J with Axis 1.x to implement WS-Security.

Rampart is the WS-Security module in Axis 2. Rampart uses WSS4J.

Hope this helps.

José Ferreiro


On Mon, Jul 14, 2008 at 6:38 PM, Chau, Hoang <[EMAIL PROTECTED]> wrote:


Hi all,
 
I am new to webservice security so could anyone tell me the difference 
between WSS4j and Rampart or point me the link talk about them.
 
Thanks



From: Juan Gabriel Arias [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 14, 2008 9:18 AM
To: axis-user@ws.apache.org
Subject: QName is null for...


Hi all,
i'm facing this issue. I try to generate the java files from this wsdl







And the generator throws this exception:

Using AXIS2_HOME:   D:\java\axis2-1.4\
Using JAVA_HOME:C:\Program Files\Java\jre1.6.0_05
Retrieving document at 'OIContentProviderv0.2.wsdl'.
Exception in thread "main" 
org.apache.axis2.wsdl.codegen.CodeGenerationException: 
org.apache.axis2.wsdl.codegen.CodeGenerationException: 
java.lang.RuntimeException: Element QName is null for ErrorResponseMessage!
at 
org.apache.axis2.wsdl.codegen.CodeGenerationEngine.generate(CodeGenerationEngine.java:271)
at org.apache.axis2.wsdl.WSDL2Code.main(WSDL2Code.java:35)
at org.apache.axis2.wsdl.WSDL2Java.main(WSDL2Java.java:24)
Caused by: org.apache.axis2.wsdl.codegen.CodeGenerationException: 
java.lang.RuntimeException: Element QName is null for ErrorResponseMessage!
at 
org.apache.axis2.wsdl.codegen.emitter.AxisServiceBasedMultiLanguageEmitter.emitStub(AxisServiceBasedMultiLanguageEmitter.java:534)
at 
org.apache.axis2.wsdl.codegen.CodeGenerationEngine.generate(CodeGenerationEngine.java:260)
... 2 more
Caused by: java.lang.RuntimeException: Element QName is null for 
ErrorResponseMessage!
at 
org.apache.axis2.wsdl.codegen.emitter.AxisServiceBasedMultiLanguageEmitter.getFaultParamElements(AxisServiceBasedMultiLanguageEmitter.java:2829)
at 
org.apache.axis2.wsdl.codegen.emitter.AxisServiceBasedMultiLanguageEmitter.getFaultElement(AxisServiceBasedMultiLanguageEmitter.java:2748)
at 
org.apache.axis2.wsdl.codegen.emitter.AxisServiceBasedMultiLanguageEmitter.generateMethodElement(AxisServiceBasedMultiLanguageEmitter.java:2269)
at 
org.apache.axis2.wsdl.codegen.emitter.AxisServiceBasedMultiLanguageEmitter.loadOperations(AxisServiceBasedMultiLanguageEmitter.java:2151)
at 
org.apache.axis2.wsdl.codegen.emitter.AxisServiceBasedMultiLanguageEmitter.createDOMDocumentForCallbackHandler(AxisServiceBasedMultiLanguageEmitter.java:1151)
at 
org.apache.axis2.wsdl.codegen.emitter.AxisServiceBasedMultiLanguageEmitter.writeCallBackHandlers(AxisServiceBasedMultiLanguageEmitter.java:1117)
at 
org.apache.axis2.wsdl.codegen.emitter.AxisServiceBasedMultiLanguageEmitter.emitStub(AxisServiceBasedMultiLanguageEmitter.java:497)
... 3 more

I found that the problem is the missing "fault" definition.
I i try this, it works:








Why? AFAIK, this is not mandatory... am i wrong?
And it would be nice to get a better error message.

thanks in advance!
Juan







This message and any attachments are intended only for the use of the 
addressee and may contain information that is privileged and confidential. If 
the reader of the message is not the intended recipient or an authorized 
representative of the intended recipient, you are hereby notified that any 
dissemination of this communication is strictly prohibited. If you have 
received this communication in error, notify the sender immediately by return 
email and delete the message and any attachments from your system. 




-- 
José Ferreiro
EPFL Communication Sys

Newbie Question: Rampart 1.4

2008-07-11 Thread Roxanne Yee 
Is anyone familiar with all the options that Rampart 1.4 provides? For example, 
what can specifically go between the  tags in the services.xml 
file?

=> RY
<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Axis1.4 vs Axis2-1.4

2008-07-11 Thread Roxanne Yee 
Dear Ryan,

>From what I've read about Axis and Axis2 they are very different in their core 
>approaches.

It really depends on your definition of "upgrade". If you mean a version 
upgrade, I believe that would be not be possible. The reason why Axis2 is not 
just Axis 1.5 or such is because, as I've mentioned, they are different 
approaches. 

If "upgrade" means you want change over from Axis1 to Axis2  architecture, 
which is what you need to do, then you I'm not sure what you must do other than 
read this website: http://ws.apache.org/axis2/1_4/migration.html

But you don't have to take my word for it, I'm a newbie myself! :P

--RY

P.S. If you need a good book try this one: 
http://www.packtpub.com/creating-web-services-with-apache-axis-2/book


-Original Message-
From: McCullough, Ryan [mailto:[EMAIL PROTECTED]
Sent: Fri 7/11/2008 6:36 AM
To: axis-user@ws.apache.org
Subject: RE: Axis1.4 vs Axis2-1.4
 
Is upgrading from Axis-1.4 to Axis2-1.4 easy?

 

-Ryan

 

From: sumedha rubasinghe [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 11, 2008 9:15 AM
To: axis-user@ws.apache.org
Subject: Re: Axis1.4 vs Axis2-1.4

 

Hi Thamizhannal,
Visit  http://ws.apache.org/axis2/ & read the section under topic "Why Apache 
Axis2:". 

In a nutshell, axis2-1.x is a major re-write of axis-1.x (note the missing '2') 
 with a new architecture.

Latest release is axis2-1.4 (http://ws.apache.org/axis2/1_4/contents.html).  
Since your starting web services with Axis2, I recommend you to follow the 
getting start guide @ http://ws.apache.org/axis2/1_4/quickstartguide.html .

/sumedha






On Fri, Jul 11, 2008 at 8:24 PM, Thamizh <[EMAIL PROTECTED]> wrote:

Hi All,

I am new to AXIS web service development.

Can you please let me what is the difference between axis1.4 vs axis2-1.4

Regards,
Thamizhannal P



Download prohibited? No problem. CHAT 

  from any browser, without download.

 


<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

WS-Security Question

2008-07-10 Thread Roxanne Yee 
Does anyone know of any modules that implement WS-Security for Axis2 other than 
Apache Rampart?

Thanks.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]