from:"Ruchith Fernando"

Re: Securing Axis2 REST Style Services

2009-04-23 Thread Ruchith Fernando

BTW ... you can also simply construct a UsernameToken element and
insert the username and password as required and add it to the SOAP
header with the security header, by just using axiom :-)

-Ruchith


On Thu, Apr 23, 2009 at 4:23 AM, Ruchith Fernando
 wrote:
> Hi Sanjay,
>
> I'm trying to find a place that could throw the NPE in the
> xmlsec-1.4.1 code. I still can't find a problem
> JCEMapper.loadAlgorithms() method is called with an element picked out
> of the config file and it should simply be able to process the rest of
> it without an issue. If we had line numbers it would have been very
> easy to spot the issue.
>
> Can you please try using this jar [1] and see whether you can
> reproduce this error with it? ( hopefully this is compiled with debug
> info).
>
> Thanks,
> Ruchith
>
> 1. 
> http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar
>
> On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta
>  wrote:
>> Hi Ruchith,
>> I am using verison 1.4.1.
>> xmlsec-1.4.1.jar
>>
>> Thanks
>> Sanjay
>>
>> -Original Message-
>> From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com]
>> Sent: Wednesday, April 22, 2009 7:24 PM
>> To: axis-user@ws.apache.org
>> Subject: Re: Securing Axis2 REST Style Services
>>
>> Hi Sanjay,
>>
>> Which version of Apache xmlsec are you using?
>>
>> Thanks,
>> Ruchith
>>
>> On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta
>>  wrote:
>>> Hi Ruchith,
>>> Finally I got authentication working on rest call. I had to comment the db 
>>> calls in the class that you provided to get past the db connection issue.  
>>> Thank you so much for helping me out. Even though the authentication is 
>>> working I get an error. See the stacktrace below. I see a jira for the same 
>>> issue. Are there any side effect of this error?
>>> Thanks
>>> Sanjay
>>>
>>> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html
>>>
>>>
>>> [FATAL] Bad:
>>> java.lang.NullPointerException
>>>        at 
>>> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
>>>        at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
>>>        at org.apache.xml.security.Init.init(Unknown Source)
>>>        at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
>>>        at org.apache.ws.security.WSSConfig.(WSSConfig.java:256)
>>>        at 
>>> org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
>>>        at 
>>> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
>>>        at org.apache.ws.security.message.WSSecBase.(WSSecBase.java:52)
>>>        at 
>>> org.apache.ws.security.message.WSSecUsernameToken.(WSSecUsernameToken.java:62)
>>>        at 
>>> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
>>>        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>>>        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>>>        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>>>        at 
>>> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>>>        at 
>>> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>>>        at 
>>> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>>>        at 
>>> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>>        at 
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>        at 
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>        at 
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>        at 
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>>        at 
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>>>        at 
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>        at 
>>> org.apache.catalina.valves.Erro

Re: Securing Axis2 REST Style Services

2009-04-23 Thread Ruchith Fernando

Hi Sanjay,

I'm trying to find a place that could throw the NPE in the
xmlsec-1.4.1 code. I still can't find a problem
JCEMapper.loadAlgorithms() method is called with an element picked out
of the config file and it should simply be able to process the rest of
it without an issue. If we had line numbers it would have been very
easy to spot the issue.

Can you please try using this jar [1] and see whether you can
reproduce this error with it? ( hopefully this is compiled with debug
info).

Thanks,
Ruchith

1. 
http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar

On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta
 wrote:
> Hi Ruchith,
> I am using verison 1.4.1.
> xmlsec-1.4.1.jar
>
> Thanks
> Sanjay
>
> -Original Message-
> From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com]
> Sent: Wednesday, April 22, 2009 7:24 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Hi Sanjay,
>
> Which version of Apache xmlsec are you using?
>
> Thanks,
> Ruchith
>
> On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta
>  wrote:
>> Hi Ruchith,
>> Finally I got authentication working on rest call. I had to comment the db 
>> calls in the class that you provided to get past the db connection issue.  
>> Thank you so much for helping me out. Even though the authentication is 
>> working I get an error. See the stacktrace below. I see a jira for the same 
>> issue. Are there any side effect of this error?
>> Thanks
>> Sanjay
>>
>> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html
>>
>>
>> [FATAL] Bad:
>> java.lang.NullPointerException
>>        at 
>> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
>>        at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
>>        at org.apache.xml.security.Init.init(Unknown Source)
>>        at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
>>        at org.apache.ws.security.WSSConfig.(WSSConfig.java:256)
>>        at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
>>        at 
>> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
>>        at org.apache.ws.security.message.WSSecBase.(WSSecBase.java:52)
>>        at 
>> org.apache.ws.security.message.WSSecUsernameToken.(WSSecUsernameToken.java:62)
>>        at 
>> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
>>        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>>        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>>        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>>        at 
>> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>>        at 
>> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>>        at 
>> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>>        at 
>> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>        at 
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>        at 
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>        at 
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>        at 
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>        at 
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>>        at 
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>        at 
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>        at 
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>        at 
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>        at 
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>        at 
>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>        at 
>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>        at java.lang.Thread.run(Thread.java:619)
>> java.lang.NullPointerExce

Re: Securing Axis2 REST Style Services

2009-04-22 Thread Ruchith Fernando

  at 
> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
>        at 
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
>        at 
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
>        at 
> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
>        at 
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>        at 
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
>        at 
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
>        at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
>        at 
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
>        at 
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>        at 
> org.apache.catalina.core.StandardService.start(StandardService.java:516)
>        at 
> org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
>        at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
>        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>
>
> I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
> Thanks
> Sanjay
>
> -Original Message-
> From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com]
> Sent: Thursday, April 16, 2009 5:52 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Oops  :-)
>
> Here you go :
>
> https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
>
> On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
>  wrote:
>> Hi Ruchith,
>> Thanks for the quick reply. Could you please point me to the link that talks 
>> about this solutions.
>> Thanks
>> Sanjay
>>
>> -Original Message-
>> From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com]
>> Sent: Thursday, April 16, 2009 4:31 PM
>> To: axis-user@ws.apache.org
>> Subject: Re: Securing Axis2 REST Style Services
>>
>> Hi,
>>
>> For the REST style calls you can use HTTPS + Basic Auth
>>
>> Have a look at this [1] handler from WSO2 WSAS. This will simply add
>> the UsernameToken into the SOAP representation of the incoming REST
>> request, which will be processed by Rampart (which you have already
>> configured).
>>
>> Thanks,
>> Ruchith
>>
>> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
>>  wrote:
>>> HI,
>>>
>>> I have a POJO based services deployed in axis2 and it's working well. I have
>>> implememted the basic user/password security  using rampart and it's working
>>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>>> how do I secure the REST style calls. Do I need to do anything special. I
>>> need to deploy these services into production soon and any help or pointers
>>> would be greatly appreciated.
>>>
>>> Thanks
>>>
>>> Sanjay
>>
>>
>>
>> --
>> http://blog.ruchith.org
>>
>
>
>
> --
> http://blog.ruchith.org
>



-- 
http://blog.ruchith.org

Re: Securing Axis2 REST Style Services

2009-04-16 Thread Ruchith Fernando

Oops  :-)

Here you go :

https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java

On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
 wrote:
> Hi Ruchith,
> Thanks for the quick reply. Could you please point me to the link that talks 
> about this solutions.
> Thanks
> Sanjay
>
> -Original Message-
> From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com]
> Sent: Thursday, April 16, 2009 4:31 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Hi,
>
> For the REST style calls you can use HTTPS + Basic Auth
>
> Have a look at this [1] handler from WSO2 WSAS. This will simply add
> the UsernameToken into the SOAP representation of the incoming REST
> request, which will be processed by Rampart (which you have already
> configured).
>
> Thanks,
> Ruchith
>
> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
>  wrote:
>> HI,
>>
>> I have a POJO based services deployed in axis2 and it's working well. I have
>> implememted the basic user/password security  using rampart and it's working
>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>> how do I secure the REST style calls. Do I need to do anything special. I
>> need to deploy these services into production soon and any help or pointers
>> would be greatly appreciated.
>>
>> Thanks
>>
>> Sanjay
>
>
>
> --
> http://blog.ruchith.org
>



-- 
http://blog.ruchith.org

Re: Securing Axis2 REST Style Services

2009-04-16 Thread Ruchith Fernando

Hi,

For the REST style calls you can use HTTPS + Basic Auth

Have a look at this [1] handler from WSO2 WSAS. This will simply add
the UsernameToken into the SOAP representation of the incoming REST
request, which will be processed by Rampart (which you have already
configured).

Thanks,
Ruchith

On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
 wrote:
> HI,
>
> I have a POJO based services deployed in axis2 and it's working well. I have
> implememted the basic user/password security  using rampart and it's working
> fine for SOAP calls. I generated the client using wsdl2java.My question is
> how do I secure the REST style calls. Do I need to do anything special. I
> need to deploy these services into production soon and any help or pointers
> would be greatly appreciated.
>
> Thanks
>
> Sanjay



-- 
http://blog.ruchith.org

Re: Running rampart samples in axis2 standalone server or within Tomcat

2008-09-28 Thread Ruchith Fernando

http://wso2.org/library/knowledge-base/run-rampart-samples-apache-tomcat

On Sun, Sep 14, 2008 at 8:32 AM, keith chapman <[EMAIL PROTECTED]> wrote:
> What the rampart samples will be doing is creating a service archive and
> dropping it into the services folder in the axis2 folder. One option will be
> for you to edit the ant script to copy this into the services folder in
> tomcat, or alternatively copy the service archive into the services folder
> in tomcat manually.
>
> Thanks,
> Keith.
>
> On Sat, Sep 13, 2008 at 11:07 AM, Shovan Kanjilal
> <[EMAIL PROTECTED]> wrote:
>>
>> Is there a document how to run the rampart samples within Tomcat?
>
>
> --
> Keith Chapman
> Senior Software Engineer
> WSO2 Inc.
> Oxygenating the Web Service Platform.
> http://wso2.org/
>
> blog: http://www.keith-chapman.org
>



-- 
http://blog.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: axis2 rampart and ws-trust

2008-09-14 Thread Ruchith Fernando

Please have a look at "samples/policy/sample05" in the rampart
standard binary distribution.

You can subscribe and post Rampart/WS-Trust related issues to
[EMAIL PROTECTED]

Thanks,
Ruchith

On Fri, Sep 12, 2008 at 11:43 AM, Soyer, Muhammed A. <[EMAIL PROTECTED]> wrote:
> Hi,
>
>   Does anybody know any links for some documentation and sample about the
> usage of ws-trust with axis2?
>
> I did some googling and couldn't find anything that may help me..
>
>
>
> Thanks a lot
>
>



-- 
http://blog.ruchith.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Rampart] Multiple Security headers in outgoning message

2008-05-22 Thread Ruchith Fernando

IMHO this is not possible right now with Rampart... and it doesn't
really take the actor/role into account at the moment.

Thanks,
Ruchith

On Fri, May 9, 2008 at 1:01 PM, Daniel Löf <[EMAIL PROTECTED]> wrote:
> Hi!
>
>
>
>
>
> I am using axis2 and Rampart 1.3 and I'm trying to construct a message =
> with a SOAP Header that will contain two separate security headers. For
> example:
>
>
>
> .
>
>
>
> .
>
>
>
> 
>
>
>
> - 
>
>
>
>   2008-05-08T05:39:16Z
>
>
>
>   2008-05-08T05:40:16Z
>
>
>
>   
>
>
>
>   
>
>
>
> - 
>
>
>
> - 
>
>
>
>   2008-05-08T05:39:16Z
>
>
>
>   2008-05-08T05:40:16Z
>
>
>
>   
>
>
>
>   
>
>
>
> .
>
>
>
> .
>
>
>
>
>
> Is this possible at all? I do not seem to find anything that can make this
> work.
>
>
>
>
>
> Best Regards
>
>
>
> Daniel
>
>
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: rampart and sessions

2008-05-16 Thread Ruchith Fernando

I have not tried this ... but if you simply use message level security
(not secure conversation) with soap session... it should simply work.
This is because rampart simply secures each and every message
according to the given policy without any concern about the session.

If you can describe what you tried and the problems you faced I might
be able to help.

Thanks,
Ruchith

On Fri, May 16, 2008 at 4:45 PM, Michelantonio Trizio
<[EMAIL PROTECTED]> wrote:
> Before I will make a lot of proofs, Can you say me if it is possible
> integrate rampart policy with soapsession?
> I'm trying to do that from 3 days, but I met a lot of problems.
> Thank you.
>   Mikelantonio
>
> 2008/5/16 Ruchith Fernando <[EMAIL PROTECTED]>:
>>
>> Please have a look at policy/sample04 in the rampart distro.
>>
>> You can try rampart-1.4-RC2 [1] with Axis2-1.4
>>
>> Thanks,
>> Ruchith
>>
>> 1. http://people.apache.org/~nandana/rampart-1.4/RC2/dist/
>>
>> On Thu, May 15, 2008 at 5:25 PM, Michelantonio Trizio
>> <[EMAIL PROTECTED]> wrote:
>> > Hi,
>> > I'd like to know how I can make to work sessions and rampart at the same
>> > time.
>> > My problem is that I need sessions to manage servicegroup and I need
>> > cryptography.
>> > I believe I must use secure conversation, but I don't find much examples
>> > or
>> > documentation.
>> > If there is another way, I'd like to know that.
>> > Please, help me.
>> > Thanks,
>> >Mikelantonio
>> >
>> > --
>> > It's creepy, but here we are, the Pilgrims, the crackpots of our time,
>> > trying to establish our own alternate reality. To build a world out of
>> > rocks
>> > and chaos. What it's going to be, I don't know. Even after all that
>> > rushing
>> > around, where we've ended up is the middle of nowhere in the middle of
>> > the
>> > night. And maybe knowing isn't the point. Where we're standing right
>> > now, in
>> > the ruins in the dark, what we build could be anything. [Choke - Chuck
>> > Palahniuk]
>>
>>
>>
>> --
>> http://blog.ruchith.org
>> http://wso2.org
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
>
>
> --
> It's creepy, but here we are, the Pilgrims, the crackpots of our time,
> trying to establish our own alternate reality. To build a world out of rocks
> and chaos. What it's going to be, I don't know. Even after all that rushing
> around, where we've ended up is the middle of nowhere in the middle of the
> night. And maybe knowing isn't the point. Where we're standing right now, in
> the ruins in the dark, what we build could be anything. [Choke - Chuck
> Palahniuk]



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: rampart and sessions

2008-05-16 Thread Ruchith Fernando

Please have a look at policy/sample04 in the rampart distro.

You can try rampart-1.4-RC2 [1] with Axis2-1.4

Thanks,
Ruchith

1. http://people.apache.org/~nandana/rampart-1.4/RC2/dist/

On Thu, May 15, 2008 at 5:25 PM, Michelantonio Trizio
<[EMAIL PROTECTED]> wrote:
> Hi,
> I'd like to know how I can make to work sessions and rampart at the same
> time.
> My problem is that I need sessions to manage servicegroup and I need
> cryptography.
> I believe I must use secure conversation, but I don't find much examples or
> documentation.
> If there is another way, I'd like to know that.
> Please, help me.
> Thanks,
>Mikelantonio
>
> --
> It's creepy, but here we are, the Pilgrims, the crackpots of our time,
> trying to establish our own alternate reality. To build a world out of rocks
> and chaos. What it's going to be, I don't know. Even after all that rushing
> around, where we've ended up is the middle of nowhere in the middle of the
> night. And maybe knowing isn't the point. Where we're standing right now, in
> the ruins in the dark, what we build could be anything. [Choke - Chuck
> Palahniuk]



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: can I use use rampart with JAX-WS style webservice

2008-05-06 Thread Ruchith Fernando

I haven't tried this but I think the following solution will work:

- first implement lifecycle management on the service [1]
- now in the "init" method you can get hold of the AxisService
instance and then you can engage the rampart module on it.
- Finally you can load the policy from a file as an
org.apache.neethi.Policy object and add that to the AxisService
instance as well.

Now you have a WS-Sec enabled service :-)

HTH

Thanks,
Ruchith

p.s. You can also try WSO2 WSAS [2] and try the WS-Sec support
available as well!

1. http://ws.apache.org/axis2/1_3/api/org/apache/axis2/service/Lifecycle.html
2. http://wso2.org/downloads/wsas
On Wed, Apr 30, 2008 at 8:39 PM,  <[EMAIL PROTECTED]> wrote:
>
>
>
> Hi
>
> I have a web service developed using jax-ws style annotations.
> So it does not require a services.xml, It is deployed to axis2 as jar file
> under WEB-INF\servicejars directory.
>
> Now if I want to secure this service using rampart how do I link the
> policy.xml?
>
> Where do I add the stuff such as  that one usually
> adds into services.xml ?
>
>
> cheers
> Tezcan



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: MessageContext in handler

2008-05-06 Thread Ruchith Fernando

Why don't you use a static hook in the callback handler class itself?

Thanks,
Ruchith

On Fri, May 2, 2008 at 7:37 AM, Parham, Clinton <[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hi,
>
>
>
> I'm new to Axis2 and still trying to get comfortable with the new
> architecture. I have engaged the Rampart module and during
> CallbackHandler.handle(), I need to connect to my database to verify the
> password. Once verified, I would like to store the database connection
> (along with some other related information) for reuse later in the
> processing. Under heavy utilization, requesting two database connections per
> request starts adding up.
>
>
>
> How can I do this? MessageContext (where I stored this with Axis1) is null
> during CallbackHandler.handle(). I've seen other similar postings but no
> clear answer.
>
>
>
> Thank you.
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis2 1.4 and Rampart 1.3?

2008-05-06 Thread Ruchith Fernando

Fixed in the axis2 trunk [1] !

Thanks,
Ruchith

1. http://svn.apache.org/viewvc?rev=653698&view=rev

On Tue, May 6, 2008 at 12:54 PM, Ruchith Fernando
<[EMAIL PROTECTED]> wrote:
> The axis2.xml of the sample needs to be updated!
>
>  Thanks,
>  Ruchith
>
>  On Mon, May 5, 2008 at 6:44 PM, Savitsky, Alex
>
>
> <[EMAIL PROTECTED]> wrote:
>  > Nandana,
>  >
>  >  Thanks for your suggestion, it has resolved the issue.
>  >
>  >  BTW, my axis2.xml was taken directly from the example java-first-jaxws 
> (Axis2 1.4 distro), which has the security declared in all but the 
> OutFaultFlow phase - not sure whether this is intended or a bug...
>  >
>  >  Thanks,
>  >
>  >
>  >  Alex
>  >
>  >  -Original Message-
>  >  From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
>  >
>  >
>  > Sent: May 3, 2008 1:10 AM
>  >  To: axis-user@ws.apache.org
>  >  Subject: Re: Axis2 1.4 and Rampart 1.3?
>  >
>  >  Hi Alex,
>  >Are you using a custom axis2.xml in your scenario ? If so, can you 
> please check that security phase is defined in  type="OutFaultFlow"> . You can find the discussion about this in axis2-dev 
> list. You have to define the security phase as the last phase in OutFaultFlow 
> phase order. Looking at the default axis2.xml [1] will help you to do that.
>  >
>  >  thanks,
>  >  nandana
>  >
>  >  [1] - 
> http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/conf/axis2.xml?view=markup
>  >
>  >  On 5/3/08, Savitsky, Alex <[EMAIL PROTECTED]> wrote:
>  >  > Now it doesn't deploy at all, with exception:
>  >  >
>  >  > ERROR [org.apache.axis2.deployment.ServiceDeployer] - The
>  >  > RecordWebService service, which is not valid, caused Did not find the
>  >  > desired phase 'Security' while deploying handler 
> 'PolicyBasedSecurityOutHandler'.
>  >  > org.apache.axis2.phaseresolver.PhaseException: Did not find the
>  >  > desired phase 'Security' while deploying handler 
> 'PolicyBasedSecurityOutHandler'.
>  >  > at
>  >  > 
> org.apache.axis2.phaseresolver.PhaseHolder.addHandler(PhaseHolder.java:75)
>  >  > at
>  >  > 
> org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToFlow(PhaseResolver.java:68)
>  >  > at
>  >  > 
> org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:104)
>  >  > at
>  >  > 
> org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:110)
>  >  > at
>  >  > 
> org.apache.axis2.description.AxisOperation.onEngage(AxisOperation.java:158)
>  >  > at
>  >  > 
> org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:490)
>  >  > at
>  >  > org.apache.axis2.description.AxisService.onEngage(AxisService.java:785)
>  >  > at
>  >  > 
> org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:490)
>  >  > at
>  >  > 
> org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:453)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.DeploymentEngine.fillServiceGroup(DeploymentEngine.java:552)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.DeploymentEngine.addServiceGroup(DeploymentEngine.java:499)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:86)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:136)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:597)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:144)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:330)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:227)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngine.java:131)
>  >  > at
>  >  > 
> org.apache.axis2.deployment.WarBasedAxisConfigurator.loadServices(WarBasedAxisConfigurator.java:284)
>  >  > at
>  >  > 
> org.apache.axis2.context

Re: Axis2 1.4 and Rampart 1.3?

2008-05-06 Thread Ruchith Fernando

The axis2.xml of the sample needs to be updated!

Thanks,
Ruchith

On Mon, May 5, 2008 at 6:44 PM, Savitsky, Alex
<[EMAIL PROTECTED]> wrote:
> Nandana,
>
>  Thanks for your suggestion, it has resolved the issue.
>
>  BTW, my axis2.xml was taken directly from the example java-first-jaxws 
> (Axis2 1.4 distro), which has the security declared in all but the 
> OutFaultFlow phase - not sure whether this is intended or a bug...
>
>  Thanks,
>
>
>  Alex
>
>  -Original Message-
>  From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
>
>
> Sent: May 3, 2008 1:10 AM
>  To: axis-user@ws.apache.org
>  Subject: Re: Axis2 1.4 and Rampart 1.3?
>
>  Hi Alex,
>Are you using a custom axis2.xml in your scenario ? If so, can you 
> please check that security phase is defined in  type="OutFaultFlow"> . You can find the discussion about this in axis2-dev 
> list. You have to define the security phase as the last phase in OutFaultFlow 
> phase order. Looking at the default axis2.xml [1] will help you to do that.
>
>  thanks,
>  nandana
>
>  [1] - 
> http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/conf/axis2.xml?view=markup
>
>  On 5/3/08, Savitsky, Alex <[EMAIL PROTECTED]> wrote:
>  > Now it doesn't deploy at all, with exception:
>  >
>  > ERROR [org.apache.axis2.deployment.ServiceDeployer] - The
>  > RecordWebService service, which is not valid, caused Did not find the
>  > desired phase 'Security' while deploying handler 
> 'PolicyBasedSecurityOutHandler'.
>  > org.apache.axis2.phaseresolver.PhaseException: Did not find the
>  > desired phase 'Security' while deploying handler 
> 'PolicyBasedSecurityOutHandler'.
>  > at
>  > org.apache.axis2.phaseresolver.PhaseHolder.addHandler(PhaseHolder.java:75)
>  > at
>  > 
> org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToFlow(PhaseResolver.java:68)
>  > at
>  > 
> org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:104)
>  > at
>  > 
> org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:110)
>  > at
>  > org.apache.axis2.description.AxisOperation.onEngage(AxisOperation.java:158)
>  > at
>  > 
> org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:490)
>  > at
>  > org.apache.axis2.description.AxisService.onEngage(AxisService.java:785)
>  > at
>  > 
> org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:490)
>  > at
>  > 
> org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:453)
>  > at
>  > 
> org.apache.axis2.deployment.DeploymentEngine.fillServiceGroup(DeploymentEngine.java:552)
>  > at
>  > 
> org.apache.axis2.deployment.DeploymentEngine.addServiceGroup(DeploymentEngine.java:499)
>  > at
>  > org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:86)
>  > at
>  > 
> org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:136)
>  > at
>  > 
> org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:597)
>  > at
>  > 
> org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:144)
>  > at
>  > 
> org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:330)
>  > at
>  > 
> org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:227)
>  > at
>  > 
> org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngine.java:131)
>  > at
>  > 
> org.apache.axis2.deployment.WarBasedAxisConfigurator.loadServices(WarBasedAxisConfigurator.java:284)
>  > at
>  > 
> org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:82)
>  > at
>  > 
> org.apache.axis2.transport.http.AxisServlet.initConfigContext(AxisServlet.java:511)
>  > at
>  > org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:431)
>  >
>  > Did the configuration steps change? In 1.3, all I had to do was to
>  > provide the policy element in services.xml, and this element seem to
>  > have the same format in 1.4 samples as in 1.3
>  >
>  > Regards,
>  >
>  > Alex
>  >
>  > -Original Message-
>  > From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
>  > Sent: May 2, 2008 2:37 PM
>  > To: axis-user@ws.apache.org
>  > Subject: Re: Axis2 1.4 and Rampart 1.3?
>  >
>  > Hi Alex,
>  >   Can you try with Rampart 1.4 RC [1] ?
>  >
>  > thanks,
>  > nandana
>  >
>  > [1] - http://people.apache.org/~nandana/rampart-1.4/RC1/
>  >
>  > On 5/3/08, Savitsky, Alex <[EMAIL PROTECTED]> wrote:
>  > > Hi all,
>  > >
>  > > Does Axis2 1.4 work with Rampart 1.3? I have an existing app that
>  > > works for the Axis2 1.3 and Rampart 1.3 combination, but when I
>  > > upgrade server and client to 1.4, I get an exception from server:
>  > >
>

Re: Rampart & Sandesha2 Nighly Builds?

2008-04-18 Thread Ruchith Fernando

Rampart nightly builds are available here :

http://people.apache.org/~ruchithf/rampart/SNAPSHOT/

These are compatible with the latest Axis2 nightly builds:

http://people.apache.org/dist/axis2/nightly/

Thanks,
Ruchith

On Sun, Apr 13, 2008 at 10:24 PM, Sukma Agung Verdianto
<[EMAIL PROTECTED]> wrote:
> Hi All,
>
> Where can I get Rampart and Sandesha2 nighly builds which is compatible with
> Axis2 1.3???
>
> Regards,
> Sukma



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] 1.4 RC4

2008-04-07 Thread Ruchith Fernando

#2 is sorted with

https://issues.apache.org/jira/browse/AXIS2-3711

Thanks,
Ruchith

On Mon, Apr 7, 2008 at 3:06 PM, Amila Suriarachchi
<[EMAIL PROTECTED]> wrote:
> hi dims,
> Sorry to mention this at this time.
> I had some test with the Rampart and found following issues.
>
> 1. org/apache/axis2/wsdl/codegen/extension/ModulePolicyExtension
>
> rampart need this class and this class is available with the
> axis2-codegen.jar. This jar is not included in the axis2.war. So can we add
> this jar to war as well.
>
> 2. axis2-mtompolicy-SNAPSHOT.jar
>
> rampart need this file as well. But for some reason it is not included in
> the distribution.
>
> thanks,
> Amila.
>
>
>
>
> On Sun, Apr 6, 2008 at 4:26 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > Hi all,
> >
> > I've posted the RC4 here:
> > ~   http://people.apache.org/~dims/axis2-1.4/RC4/
> >
> > Notes:
> > - - There's a text file with revision numbers that i used for all the
> > ~ SNAPSHOTS
> > - - There's a m2-repo.zip with all the m2 artifacts
> > - - There's an online repo as well
> > ~  http://people.apache.org/~dims/axis2-1.4/RC4/m2-repo/
> >
> > Please kick the tires and raise JIRA's.
> >
> > I've cut the 1.4 Branch as well, it's here:
> > ~  https://svn.apache.org/repos/asf/webservices/axis2/branches/java/1_4/
> >
> > Thanks,
> > dims
> >
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1.4.5 (Cygwin)
> >
> > iD8DBQFH+KxigNg6eWEDv1kRAi/AAJ4wXM8oaYG4rMiq0v4H6ljgG4744wCeMncx
> > iURMaFeH7Sx0kKyCOSbUIao=
> > =sDuo
> > -END PGP SIGNATURE-
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
>
> --
> Amila Suriarachchi,
> WSO2 Inc.



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SOAPHeader

2008-03-10 Thread Ruchith Fernando

Can you please try using this [1] jar ... instead of the one I sent
earlier... My guess is that the earlier jar file was generated before
that fix went in.


Thanks,
Ruchith

1. 
http://people.apache.org/repo/m2-snapshot-repository/org/apache/ws/commons/axiom/axiom-dom/SNAPSHOT/axiom-dom-20080310.022829-66.jar

On Mon, Mar 10, 2008 at 4:00 PM, Nuria Rodríguez García
<[EMAIL PROTECTED]> wrote:
>
>
> Hi Ruchith,
>
>
>
> Thank you very much for your help.
>
>
>
> I used the new jar and I included the source code too but I'm having the
> same problem.
>
> Is it necessary to change something in my client side?
>
>
>
> Thanks,
>
>
>
> Nuria
>
>
>
>
> 2008/3/7, Ruchith Fernando <[EMAIL PROTECTED]>:
> > I believe there will be another release of Axiom close to the release
> > of Axis2... maybe you will be able to try the latest
> > axiom-dom-SNAPSHOT.jar with your project.
> >
> > Please try the jar file available here :
> >
> >
> http://people.apache.org/repo/m2-snapshot-repository/org/apache/ws/commons/axiom/axiom-dom/SNAPSHOT/axiom-dom-20080307.033922-64.jar
> >
> > Thanks,
> > Ruchith
> >
> > On Fri, Mar 7, 2008 at 6:48 PM, Nuria Rodríguez García
> > <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > >
> > > Thank you very much. But how could I use this class in my project?
> > > Are you going to publish a new release of the axiom api?
> > >
> > > Regards,
> > > Nuria
> > >
> > >
> > >
> > >
> > > 2008/3/7, Ruchith Fernando <[EMAIL PROTECTED]>:
> > > >
> > > >
> > > >
> > > > Hi Nuria,
> > > >
> > > > This is a bug in DOOM, the AXIOM DOM implementation.
> > > >
> > > > I just fixed this and checked it in. [1]
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > 1. http://svn.apache.org/viewvc?rev=634561&view=rev
> > > >
> > > > On Thu, Mar 6, 2008 at 5:59 PM, Nuria Rodríguez García
> > > > <[EMAIL PROTECTED]> wrote:
> > > > > Hi,
> > > > > I can't add information in SOAPHeader when I engage rampart and
> > > addressing
> > > > > module.
> > > > >
> > > > > My header is the following:
> > > > >
> > > > > 
> > > > >  > > > >
> > >
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> > > > > soapenv:mustUnderstand="1">
> > > > >   > > > >
> > >
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > > > > wsu:Id="Timestamp-32653965">
> > > > >  2008-03-06T11:37:41.497Z
> > > > > 2008-03-06T11:42:41.497Z
> > > > > 
> > > > >  > > > >
> > >
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > > > > wsu:Id="UsernameToken-11737724">
> > > > >  alice
> > > > >  > > > >
> > >
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>bobPW
> > > > >  
> > > > > 
> > > > > 
> > > > >  > > > > nameAttachFile="FileTestA.txt"/>
> > > > >  > > > > nameAttachFile="FileTestA.txt"/>
> > > > >  
> > > > >
> http://localhost:8081/axis2/services/SWASampleService
> > > > >
> urn:uuid:E23726932EDEB77EB81204803460112
> > > > >  process
> > > > > 
> > > > >
> > > > > I receive the following exception in server side:
> > > > > java.lang.NullPointerException
> > > > > at
> > > > >
> org.apache.axiom.soap.impl.dom.SOAPHeaderImpl.getHeaderBlocksWithNSUR
> > > > > I(SOAPHeaderImpl.java:244)
> > > > > at
> > > org.apache.rampart.RampartEngine.process(RampartEngine.java:96)
> > > > >  at
> > > > >
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.jav
> > > > > a:85)
> > > > > at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
> > &g

Re: Non-English characters problem with axis2-1.2 and rampart-1.2 module

2008-03-08 Thread Ruchith Fernando

I think this is probably due to this : [1] problem.

Can you please replace your xmlsec-.jar file with the
xmlsec-1.4.1.jar from here [2]

Thanks,
Ruchith

1. https://issues.apache.org/jira/browse/RAMPART-101
2. http://xml.apache.org/security/dist/java-library/xml-security-bin-1_4_1.zip

On Sat, Mar 8, 2008 at 1:25 PM, Uygar Yüzsüren <[EMAIL PROTECTED]> wrote:
> We apply timestamp, signature and encryption operations on messages. Below
> is our policy.xml file...
>
>
> http://schemas.xmlsoap.org/ws/2004/09/policy";>
>
>  
>  
>   xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
>  
>  
>  
>   sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
>
>  
>  
>  
>  
>
>  
>  
>  
>  
>   sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
>
>  
>  
>  
>  
>
>  
>  
>  
>  
>  
>
>  
>  
>  
>  
>  
>
>  
>  
>  
>  
>  
>
>  
>  http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
>  
>  
>  
>  
>
>  
>  
>   xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
>  
>  
>   xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>
>  
>  
>  http://ws.apache.org/rampart/c/policy";>
>
>  client
>  360
>  service
>  Plain
>
>
> /home/myhome/rampart/callback/libpwcb.so
>
> /home/myhome/keys/service.pem
>
>  /home/myhome/keys/client.pem
>  /home/myhome/keys/client-priv.pem
>  
>
>  
>  
> 
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SOAPHeader

2008-03-07 Thread Ruchith Fernando

I believe there will be another release of Axiom close to the release
of Axis2... maybe you will be able to try the latest
axiom-dom-SNAPSHOT.jar with your project.

Please try the jar file available here :

http://people.apache.org/repo/m2-snapshot-repository/org/apache/ws/commons/axiom/axiom-dom/SNAPSHOT/axiom-dom-20080307.033922-64.jar

Thanks,
Ruchith

On Fri, Mar 7, 2008 at 6:48 PM, Nuria Rodríguez García
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> Thank you very much. But how could I use this class in my project?
> Are you going to publish a new release of the axiom api?
>
> Regards,
> Nuria
>
>
>
>
> 2008/3/7, Ruchith Fernando <[EMAIL PROTECTED]>:
> >
> >
> >
> > Hi Nuria,
> >
> > This is a bug in DOOM, the AXIOM DOM implementation.
> >
> > I just fixed this and checked it in. [1]
> >
> > Thanks,
> > Ruchith
> >
> > 1. http://svn.apache.org/viewvc?rev=634561&view=rev
> >
> > On Thu, Mar 6, 2008 at 5:59 PM, Nuria Rodríguez García
> > <[EMAIL PROTECTED]> wrote:
> > > Hi,
> > > I can't add information in SOAPHeader when I engage rampart and
> addressing
> > > module.
> > >
> > > My header is the following:
> > >
> > > 
> > >  > >
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> > > soapenv:mustUnderstand="1">
> > >   > >
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > > wsu:Id="Timestamp-32653965">
> > >  2008-03-06T11:37:41.497Z
> > > 2008-03-06T11:42:41.497Z
> > > 
> > >  > >
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > > wsu:Id="UsernameToken-11737724">
> > >  alice
> > >  > >
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>bobPW
> > >  
> > > 
> > > 
> > >  > > nameAttachFile="FileTestA.txt"/>
> > >  > > nameAttachFile="FileTestA.txt"/>
> > >  
> > > http://localhost:8081/axis2/services/SWASampleService
> > > urn:uuid:E23726932EDEB77EB81204803460112
> > >  process
> > > 
> > >
> > > I receive the following exception in server side:
> > > java.lang.NullPointerException
> > > at
> > > org.apache.axiom.soap.impl.dom.SOAPHeaderImpl.getHeaderBlocksWithNSUR
> > > I(SOAPHeaderImpl.java:244)
> > > at
> org.apache.rampart.RampartEngine.process(RampartEngine.java:96)
> > >  at
> > > org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.jav
> > > a:85)
> > > at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
> > > at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:235)
> > >  at
> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135)
> > > at
> > > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq
> > > uest(HTTPTransportUtils.java:275)
> > > at
> > > org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1
> > >  21)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> > > at
> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> > >  icationFilterChain.java:237)
> > >
> > >
> > > I don't know if it is possible and I would need to know if there is a
> way to
> > > do it.
> > > If I engage only addressing module this works.
> > >
> > > Thanks, Nuria
> >
> >
> >
> > --
> > http://blog.ruchith.org
> > http://wso2.org
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: rampart decryption issue

2008-03-06 Thread Ruchith Fernando

Please specify "signaturePropFile" element in your "inflowSecurity" parameter :



  
Timestamp Encrypt
test.PasswordHandler
client.properties
..
  


Thanks,
Ruchith

On Wed, Feb 20, 2008 at 5:42 PM, Paul Ryan <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm attempting to call a secure web service hosted within Oracles OWSM using
> an Axis2 client.
>
> The client is using rampart 1.3 and wss4j 1.5.3 to handle the singing and
> encrypting of the SOAP message.
>
>  Signing and encrypting the SOAP request works fine, the message is
> successfully verified and decrypted on the Oracle side but the Axis2 client
> seems to be having a problem decrypting the response message. I get an np
> exception as follows
>
> org.apache.axis2.AxisFault
> at
> org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:92)
> at
> org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
>  at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
> at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336)
>  at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>  at test.VehicleStub.getVehicle(VehicleStub.java:142)
> at test.VehicleTest.testgetVehicle(VehicleTest.java:35)
> Caused by: java.lang.NullPointerException
> at
> org.apache.ws.security.message.token.X509Security.getX509Certificate(X509Security.java:87)
>  at
> org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCertificatesTokenReference(BinarySecurityTokenProcessor.java:92)
> at
> org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleToken(BinarySecurityTokenProcessor.java:74)
>  at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:284)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:206)
> at
> org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:213)
>  at
> org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86)
> ... 25 more
>
>
> I've debugged the code and have followed the processing from the rampart
> WSDoAllReceiver  wss4j WSSecurityEngine  wss4j
> BinarySecurityTokenProcessor
>
> In the BinarySecurityTokenProcessor I can see that the crypto variable is
> null and the decCrypto variable is set but in the following code only the
> crypto variable is passed to the
> getCertificatesTokenReference() method causing the npe.
>
> public void handleToken(Element elem, Crypto crypto, Crypto decCrypto,
> CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults,
> WSSConfig config) throws WSSecurityException {
>  this.getCertificatesTokenReference(elem, crypto);
> returnResults.add(0, new WSSecurityEngineResult(WSConstants.BST,
> this.token, this.certificates));
> }
>
> private void getCertificatesTokenReference(Element elem, Crypto crypto)
>  throws WSSecurityException {
> this.createSecurityToken(elem);
> if (token instanceof PKIPathSecurity) {
> this.certificates = ((PKIPathSecurity)
> token).getX509Certificates(false, crypto);
>  } else if (token instanceof X509Security) {
> NPE X509Certificate cert = ((X509Security)
> token).getX509Certificate(crypto);
> this.certificates = new X509Certificate[1];
> this.certificates[0] = cert;
>  }
> }
>
> My rampart client configuration section is as follows
>
> 
>   
> Timestamp Signature Encrypt
>  paul1
> client.properties
> test.PasswordHandler
> DirectReference
>  paul1
> client.properties
> DirectReference
>
> 
>
> 
>   
> Timestamp Encrypt
> test.PasswordHandler
>  client.properties
>   
> 
>
>
> I probably have a mis-configuration problem, any help would be welcome.
>
> Regards,
>  Paul.
>



-- 
http://blog.ruchith.org
http://wso2.org

Re: Error when obtaining UsernameToken information from a different class.

2008-03-06 Thread Ruchith Fernando

HI Sanjay,

Your services.xml looks fine ... but the only situation that Axis2 can
throw this error is when the services.xml does not specify the
messageReceiver. Please check the services.xml file in your deployed
service archive.

Thanks,
Ruchith

On Tue, Mar 4, 2008 at 2:31 PM, Sanjay Vivek
<[EMAIL PROTECTED]> wrote:
> Hi Nandana,
>
>  I've attached the services.xml with this email. Thanks again for your
>  help. Cheers.
>
>  Regards
>  Sanjay
>
>
>
>  >-Original Message-
>  >From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
>  >Sent: 04 March 2008 08:11
>  >To: axis-user@ws.apache.org
>  >Subject: Re: Error when obtaining UsernameToken information
>  >from a different class.
>  >
>  >Hi Sanjay,
>  > Can you please post the services.xml you used ? Error
>  >message says "Message Receiver not found for AxisOperation:
>  >echo". It is thrown by the AxisEngine when the message
>  >receiver is null.
>  >
>  >thanks,
>  >/nandana
>  >
>
> -
>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  For additional commands, e-mail: [EMAIL PROTECTED]
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem with SOAPHeader

2008-03-06 Thread Ruchith Fernando

Hi Nuria,

This is a bug in DOOM, the AXIOM DOM implementation.

I just fixed this and checked it in. [1]

Thanks,
Ruchith

1. http://svn.apache.org/viewvc?rev=634561&view=rev

On Thu, Mar 6, 2008 at 5:59 PM, Nuria Rodríguez García
<[EMAIL PROTECTED]> wrote:
> Hi,
> I can't add information in SOAPHeader when I engage rampart and addressing
> module.
>
> My header is the following:
>
> 
>  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="1">
>   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Timestamp-32653965">
>  2008-03-06T11:37:41.497Z
> 2008-03-06T11:42:41.497Z
> 
>  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-11737724">
>  alice
>  Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>bobPW
>  
> 
> 
>  nameAttachFile="FileTestA.txt"/>
>  nameAttachFile="FileTestA.txt"/>
>  
> http://localhost:8081/axis2/services/SWASampleService
> urn:uuid:E23726932EDEB77EB81204803460112
>  process
> 
>
> I receive the following exception in server side:
> java.lang.NullPointerException
> at
> org.apache.axiom.soap.impl.dom.SOAPHeaderImpl.getHeaderBlocksWithNSUR
> I(SOAPHeaderImpl.java:244)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:96)
>  at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.jav
> a:85)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:235)
>  at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostReq
> uest(HTTPTransportUtils.java:275)
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:1
>  21)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
>  icationFilterChain.java:237)
>
>
> I don't know if it is possible and I would need to know if there is a way to
> do it.
> If I engage only addressing module this works.
>
> Thanks, Nuria



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Non-English characters problem with axis2-1.2 and rampart-1.2 module

2008-03-06 Thread Ruchith Fernando

Hi,

Can you please specify the security operations you apply on the message?

Thanks,
Ruchith

On Thu, Mar 6, 2008 at 8:02 PM, Uygar Yüzsüren <[EMAIL PROTECTED]> wrote:
> Hi everyone,
>
> We have been developing a web service for domain registration with axis2
> version 1.2 and rampart security module version 1.2.
>
> The problem is that when we deploy the service with security enabled
> (timestamp, signature and encryption), non-english characters such as ş, Ş,
> ö, Ö etc. are  not properly displayed at the server side, on the other hand,
> they are all displayed properly when we deploy without security module.
>
> We checked the configuration parameters and we use UTF-8 defaults as
> character encoding at both client and server sides.
>
> Could you please advice about the problem?
>



-- 
http://blog.ruchith.org
http://wso2.org

Re: Example policy file needed

2008-03-06 Thread Ruchith Fernando

IMHO we have to improve both Axis2 and Rampart if we are to support
policy alternatives.

A service can express a set of alternatives that it can handle and
right now we should be able to fix Rampart to support this.
However at the client side we should have some way of picking the
alternative. At this point we have to decide how Axis2 client API has
to behave.

Thoughts?

Thanks,
Ruchith

On Wed, Mar 5, 2008 at 8:31 PM, George Stanchev <[EMAIL PROTECTED]> wrote:
> Hi Nandana,
>
>  Is that Neethi or Rampart shortcoming? I also am in need of alternative
>  policy support for the same two token types as in Simon's message.
>
>  Do you need a JIRA?
>
>  Best Regards,
>  George
>
>
>  -Original Message-
>  From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
>
>
> Sent: Wednesday, March 05, 2008 1:31 AM
>  To: axis-user@ws.apache.org
>  Subject: Re: Example policy file needed
>
>  Hi Simon,
> Currently Apache Rampart doesn't support alternative security
>  policies for an endpoint. Current workaround is having two separate EPRs
>  with the alternative policies. Would that suit your scenario ? If not
>  you can try to convince the Rampart community to support alternative
>  security policies starting a thread in the Rampart dev list.
>
>  thanks,
>  /nandana
>
>  On Tue, Mar 4, 2008 at 10:58 PM, Glenn Dougherty
>  <[EMAIL PROTECTED]> wrote:
>  > Nandana, et al,
>  >
>  >  We are looking for a combined ws-policy example that supports both
>  > Username  Token and SAML assertions. Meaning, we need to provide a
>  > service that  supports the caller passing either a username token or a
>  SAML assertion.
>  >  Does anyone have an example that shows these two options within in
>  > one  ws-policy file? We have not been successful in configuring the
>  > Axis2 1.3  stack for this effort.
>  >
>  >  Regards,
>  >  Glenn
>  >
>  >
>  >  -Original Message-
>  >  From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
>  >  Sent: Thursday, February 21, 2008 3:27 AM
>  >  To: axis-user@ws.apache.org
>  >  Subject: Re: Example policy file needed
>  >
>  >  Hi Simon,
>  > Please take a look at samples come with the Apache Rampart
>  > distribution. They contain policies that defines  Sample 01 - Username
>
>  > Token authentication  Sample 05 - SAML token
>  >
>  >  thanks,
>  >  nandana
>  >
>  >  [1] -
>  >
>  > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module
>  > s/ramp
>  >  art-samples/policy/sample01/
>  >  [2] -
>  >
>  > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/module
>  > s/ramp
>  >  art-samples/policy/sample02/
>  >
>  >
>  >  On Thu, Feb 21, 2008 at 12:36 AM, Simon Nunn <[EMAIL PROTECTED]>
>  wrote:
>  >  >
>  >  >
>  >  >
>  >  >
>  >  > I am trying to use ws-policy for my webservice.   I would like for
>  the
>  >  > service to receive either a saml assertion or a username token for
>
>  > > authetication.  I have been unsuccessful in getting a ws-policy
>  > configured  > for this.  Does anyone have an example of a policy file
>  that does this?
>  >  >
>  >  >
>  >  >
>  >  > Thanks,
>  >  >
>  >  >  Simon
>  >  >
>  >  >
>  >
>  >
>  >
>  >  --
>  >  Nandana Mihindukulasooriya
>  >  Software Engineer
>  >  WSO2 inc.
>  >
>  >  http://nandana83.blogspot.com/
>  >  http://nandanasm.wordpress.com/
>  >
>  >  -
>  >  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  >  For additional commands, e-mail: [EMAIL PROTECTED]
>  >
>  >
>  >
>  >
>  >
>  >
>  >  -
>  >  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  >  For additional commands, e-mail: [EMAIL PROTECTED]
>  >
>  >
>
>  http://nandana83.blogspot.com/
>  http://nandanasm.wordpress.com/
>
>  -
>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>  **
>  This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed. 
> Any unauthorized review, use, disclosure or distribution is prohibited. If 
> you are not the intended recipient, please contact the sender by reply e-mail 
> and destroy all copies of the original message.
>  **
>
>
>
>
>  -
>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>  For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SCT

2008-02-22 Thread Ruchith Fernando

Hi Hardev,

Your messages exchanges sounds fine up to the point where the callback
handler accesses the STS to obtain the symm key. IMHO WS-Trust doesn't
provide a specific way to obtain a key at this point of a standard
WS-Trust exchange.

We have you use case implemented in a slightly different approach:

- Client contacts the STS and obtains a SAML token to talk to a service
- The STS includes a symm key encrypted for the service within the SAML token
- The RSTR (response from the STS to the client) will have that *same*
symm key for the client to extract
- (When using Rampart/Rahas the client uses
org.apache.rahas.client.STSClient which will extract this information
and bundle all of it into a org.apache.rahas.Token instance)
- Now this SAML token (assertion) will be added to the Security header
of the message from client to service and the symm key that is
associated with the SAML token will be used to encrypt/sign the
message as specified by the service policy.
- At the service the SAML assertion in the Security header will be
processed and the symm key will be extracted.
- Processing at the service will use this extracted symm key to
decrypt/verify signature where necessary.

A sample client that does this sort of a message exchange is available
here : [1]


Now ... SCT usage scenario is usually a WS-SecureConversation scenario
where rampart/rahas supports the application service it self to act as
an STS. In this case since the service and the STS both are the same
the symm key created is known at the service, and it is not included
in the SecurityContextToken (SCT) itself. Are you sure you want to use
this SCT scenario in the context of WS-SecureConversation or are you
looking for a pure WS-Trust scenario as I explained above.

Thanks,
Ruchith

1. 
https://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java

On Sat, Feb 23, 2008 at 3:06 AM, Hardev Sian <[EMAIL PROTECTED]> wrote:
> Hi Dimuthu,
>
> I have had a look at that sample but it doesn't provide what I am looking
> for. My use case is that I have acquired a SCT from an STS service. I want
> to now embed that token in the outgoing request which can then be accessed
> by a callback handler. The callback handler can access the STS to get the
> symmetric key for that token and encrypt the outbound data with that.
> Similarly the callback at the handler can access the same to decrypt, the
> response can be handled in the same manner. I am just not familiar enough
> how to set the policies to achieve this.
>
> Any help in doing this is greatly appreciated.
>
> Thank you,
>
> Hardev
>
>
> Dimuthu Leelarathne <[EMAIL PROTECTED]> wrote:
>
>
> Hi,
>
> You can find a SCT sample inside the rampart 1.3 distribution.
>
> samples/policy/sample04
>
> Thank you,
> Dimuthu
>
> On Fri, 2008-02-22 at 16:52 +1100, Hardev Sian wrote:
> >
> >
> > I know that rahas has been integrated into rampart but I was
> > interested at looking at this example :
> >
> http://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/rahas/RahasScenario3Test.java
> >
> > which talks about using an acquired SCT token to secure the web
> > service requests/responses.
> >
> > Can anybody help in locating this or something similar.
> >
> > Thanks,
> >
> > Hardev
> >
> > __
> > Get the name you always wanted with the new y7mail email address.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>  
>  Get the name you always wanted with the new y7mail email address.



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: BAY108-DAV6AE19CD9C371CBB93AB9CAE930 () phx ! gbl

2008-01-19 Thread Ruchith Fernando

On Jan 4, 2008 10:14 PM, red dog <[EMAIL PROTECTED]> wrote:
> Hi everyone,
>
> Is there any resolution to this? I'm facing the same issue and I'm using
> Axis 2 and rampart module 1.3.
>
> If I just send a SOAP message with an empty security header my method gets
> called.

This is a bug in the parameter based configuration!
Pleases switch to policy based configuration to aviod this.

Thanks,
Ruchith

>
> POST /axis2/services/sample03 HTTP/1.1
> User-Agent: Axis2
> SOAPAction: urn:echo
> Host: localhost:18088
> Transfer-Encoding: chunked
> Content-Type: text/xml; charset=UTF-8
> 1ba
>  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="1" /> xmlns:ns1="http://sample03.samples.rampart.apache.org/xsd";>Hello
> world
> 0
>
> Response:
>
> HTTP/1.1 200 OK
> Date: Fri, 04 Jan 2008 15:59:48 GMT
> Server: Simple-Server/1.1
> Transfer-Encoding: chunked
> Content-Type: text/xml; charset=UTF-8
> 133
>  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> /> xmlns:ns="http://sample03.samples.rampart.apache.org/xsd";>Hello
> world
> 0
>
>
> After debugging I relized that the handle() method from the
> MyServiceCallbackHandler is not getting called although the handler is
> getting invoked (tested by adding an empty constructor to the class).
>
> Your help is much appreciated.
>
>
> Thank you.
>
>
>  
> Looking for last minute shopping deals? Find them fast with Yahoo! Search.



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: NoSuchMethodError when engaging Rampart.

2008-01-19 Thread Ruchith Fernando

Which version of Sandesha2 are you using?

Thanks,
Ruchith

On Jan 8, 2008 6:42 PM, Sanjay Vivek <[EMAIL PROTECTED]> wrote:
> Hi everyone,
>
> I'm attempting to call a simple Web Service (an Echo Service) that is
> protected by WS-Security UsernameToken. I'm using Axis2-1.3 and Rampart
> 1.3. However, I'm getting the following exceptions when I try to run the
> client service:
>
> Exception in thread "main" java.lang.NoSuchMethodError:
> org.apache.axis2.description.PolicyInclude.getEffectivePolicy()Lorg/apac
> he/ws/policy/Policy;
> at org.apache.rampart.Rampart.engageNotify(Rampart.java:48)
> at
> org.apache.axis2.description.AxisDescription.engageModule(AxisDescriptio
> n.java:454)
> at
> org.apache.axis2.description.AxisDescription.engageModule(AxisDescriptio
> n.java:421)
> at
> org.apache.axis2.engine.AxisConfiguration.engageModule(AxisConfiguration
> .java:438)
> at
> org.apache.axis2.engine.AxisConfiguration.engageGlobalModules(AxisConfig
> uration.java:567)
> at
> org.apache.axis2.deployment.DeploymentEngine.engageModules(DeploymentEng
> ine.java:589)
> at
> org.apache.axis2.deployment.FileSystemConfigurator.engageGlobalModules(F
> ileSystemConfigurator.java:141)
> at
> org.apache.axis2.context.ConfigurationContextFactory.createConfiguration
> Context(ConfigurationContextFactory.java:77)
> at
> org.apache.axis2.context.ConfigurationContextFactory.createConfiguration
> ContextFromFileSystem(ConfigurationContextFactory.java:180)
> at
> org.apache.rampart.samples.EchoServiceClient.main(EchoServiceClient.java
> :17)
>
>
> I've looked around and it seems to be an exception thrown when engaging
> the Sandesha module. However, I'm not using Sandesha at all so I'm
> rather puzzled by this. Does anyone have any idea what's going on? I'm
> guessing it's something to do with libraries but I've all the required
> jars on my classpath (I hope so anyway). Any help would be greatly
> appreciated.
>
> Regards
> --
> Sanjay Vivek
> Web Analyst
> Middleware Team
> ISS
> University of Newcastle Upon Tyne
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [axis2] WS-Security axis2 1.3 with rampart 1.3 custom token?

2008-01-19 Thread Ruchith Fernando

Rampart should have an option for users to add custom tokens in.
Please file a JIRA.

https://issues.apache.org/jira/browse/RAMPART

Thanks,
Ruchith

On Jan 9, 2008 2:59 PM,  <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> i'm using axis2 1.3 with rampart 1.3 for ws-security.
> I have a runnig exsample with UsernameToken. That's fine so far.
> But now i have the need to transport a custom token with wss header.
> I'm runnig on a IBM websphere applicationserver and must transport a LTPA 
> token.
>
> IBM is transporting this as follows in wss header:
>
>  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd";>
>xmlns:wsst=http://www.ibm.com/websphere/appserver/tokentype/5.0.2 
> ValueType="wsst:LTPA">
>   nwHBBZwUF+m94fAuY57oQrGFyKnIIYMM5OOlkbtMWx5yaIo=
>   
> 
> (see 
> http://www-128.ibm.com/developerworks/webservices/library/ws-multiport/index.html#listing3)
> IBM is using the BinarySecurityToken to transport there own token (the LTPA 
> token).
> So my question is how to extend/use rampart to transport a cutom token myself?
>
> Regards
> Holger
> --
> Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
> Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: client for a secure conversation

2008-01-19 Thread Ruchith Fernando

[EMAIL PROTECTED]

to subscribe :  [EMAIL PROTECTED]

Please subscribe first and then post your messages.

Thanks,
Ruchith

On Jan 16, 2008 3:52 PM, Antonio Manuel Muñiz Martín
<[EMAIL PROTECTED]> wrote:
> Which is the adderss of Rampart list?
>
> 2008/1/15, Nandana Mihindukulasooriya <[EMAIL PROTECTED]>:
>
> > Hi Anil,
> >
> >
> >
> > >
> > >
> > >
> > >
> > > I would like to get a reference to writing a client for a secure
> conversation using the rampart module, I saw the sample 4 in the samples
> with the rampart module and it does not help me show how to send multiple
> messages in a single secure conversation.
> > >
> >
> > Replied to your mail regarding this in the Rampart list.
> >
> > Thanks,
> > Nandana
> >
> >
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: WSSecurity using Rampart and EmbeddedKey

2008-01-19 Thread Ruchith Fernando

On Jan 18, 2008 7:17 PM, Jose Luis Alba <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> It's possible to encrypt a message using an embedded key (for symmetric
> encryption) and send that key using the transport key encryption?

I don't think we can do this in the context of WS-Sec* specifications.

However the standard way is to create a one time key (K) that is
encrypted by the
recipient's public key and that key (K) is used to encrypt the
payload. Encrypted K
will be included in the security header for extraction at the recipient.

Thanks,
Ruchith

>
> I have tried to do it with Rampart configuration using
> EmbeddedKeyName but the
> key is not sent.
>
> Send and embedded key goes against specification?
>
> Thanks all,
>
> Jose Luis
>
>
>
>  
>
> Web Revelación Yahoo! 2007:
>  Premio Favorita del Público - ¡Vota tu preferida!

-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Bouncy Castle JCE provider and WSS4J

2008-01-17 Thread Ruchith Fernando

You should be able to use a provider that has support for all required
algorithms.
I haven't used used WSS4J with any other and I get errors due to
missing algo implementations
when using the default Sun JCE impls.

Thanks,
Ruchith

On Jan 17, 2008 2:46 AM, George Stanchev <[EMAIL PROTECTED]> wrote:
>
>
> Hell,
>
> Does WSS4J have a hard dependency on Bouncycastle JCE or I can use
> any JCE provider (or Sun's provided)?
>
> Thanks!
>
> **
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> Any unauthorized review, use, disclosure or distribution is prohibited. If
> you are not the intended recipient, please contact the sender by reply
> e-mail and destroy all copies of the original message.
>
> **
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2 1.1.1] Security policy not enforced

2008-01-08 Thread Ruchith Fernando

On Jan 8, 2008 3:55 PM, Niu <[EMAIL PROTECTED]> wrote:
> Hi Ruchith,
>
> Thanks for the prompt response. I will explore on the policy based model.
> However, you will still post the patch solution rite? :)

Yep ... will send a patch ... got to test the patch module on
Aixs2/Rampart 1.1(.1).

Thanks,
Ruchith

>
> Thanks & Best Rgds,
> Niu
>
> -Original Message-
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 08, 2008 9:17 AM
> To: axis-user@ws.apache.org
>
> Subject: Re: [Axis2 1.1.1] Security policy not enforced
>
> Yes ... you can move your configuration to policy based model to
> overcome this issue as well.
>
> Thanks,
> Ruchith
>
> On Jan 7, 2008 4:47 PM, Paul Fremantle <[EMAIL PROTECTED]> wrote:
> > Ruchith
> >
> > Is it another fix to use the Policy-based model instead?
> >
> > Paul
> >
> >
> > On Jan 7, 2008 8:54 AM, Ruchith Fernando <[EMAIL PROTECTED]>
> wrote:
> > > Hi,
> > >
> > > This is a bug in the wss4j library and it occurs when you use the
> > > parameter based configuration.
> > > This can be patched by using another handler to check the
> > > configuration and for security results.
> > > Will post this solution shortly!
> > >
> > > Thanks,
> > > Ruchith
> > >
> > >
> > > On Jan 7, 2008 12:35 PM, Niu <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > >
> > > >
> > > > I am using axis2 version 1.1.1 and rampart version 1.1.1.
> > > >
> > > >
> > > >
> > > > I have a web services configured to require all incoming messages to
> include
> > > > a Timestamp and a Signature. The implementation has been working fine
> for
> > > > months. However, lately, I just discovered that the configuration did
> not
> > > > actually enforce the security policy as I could just invoke the web
> services
> > > > by sending a SOAP message with an empty Security tag in the SOAP
> header
> > > > (like the attached SOAP message). Is this a bug or wrong
> configuration??
> > > > Appreciate if somebody can offer a solution.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > 
> > > >
> > > > http://schemas.xmlsoap.org/soap/envelope/";
> > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > > > xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> > > >
> xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-secext-1.0.xsd">
> > > >
> > > >   
> > > >
> > > > 
> > > >
> > > >   
> > > >
> > > >   
> > > >
> > > > http://example.org/partnerapi/";>
> > > >
> > > >   ${NAME}
> > > >
> > > >   ${PASSWORD}
> > > >
> > > > 
> > > >
> > > >   
> > > >
> > > > 
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > The following is a snapshot of my Services.xml file:
> > > >
> > > >
> > > >
> > > > 
> > > >
> > > > 
> > > >
> > > > 
> > > >
> > > > http://www.w3.org/2004/08/wsdl/in-out";
> > > > class="org.example.partnerapi.PartnerapiMessageReceiverInOut"/>
> > > >
> > > > 
> > > >
> > > >  > > > locked="false">org.example.partnerapi.PartnerapiSkeleton
> > > >
> > > > 
> > > >
> > > > 
> > > >
> > > >Signature Timestamp
> > > >
> > > >PWCallback
> > > >
> > > >security.properties
> > > >
> > > > 
> > > >
> > > > 
> > > >
> > > >  > > > mep="http://www.w3.org/2004/08/wsdl/in-out";>
> > > >
> > > > urn:validateCredential
> > > >
> > > >
> http://example.org/partnerapi/partnerapiPortType/valida
> teCredentialResponse
> > > >
> > > >

Re: [Axis2 1.1.1] Security policy not enforced

2008-01-07 Thread Ruchith Fernando

Yes ... you can move your configuration to policy based model to
overcome this issue as well.

Thanks,
Ruchith

On Jan 7, 2008 4:47 PM, Paul Fremantle <[EMAIL PROTECTED]> wrote:
> Ruchith
>
> Is it another fix to use the Policy-based model instead?
>
> Paul
>
>
> On Jan 7, 2008 8:54 AM, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > This is a bug in the wss4j library and it occurs when you use the
> > parameter based configuration.
> > This can be patched by using another handler to check the
> > configuration and for security results.
> > Will post this solution shortly!
> >
> > Thanks,
> > Ruchith
> >
> >
> > On Jan 7, 2008 12:35 PM, Niu <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > >
> > >
> > > Hi,
> > >
> > >
> > >
> > > I am using axis2 version 1.1.1 and rampart version 1.1.1.
> > >
> > >
> > >
> > > I have a web services configured to require all incoming messages to 
> > > include
> > > a Timestamp and a Signature. The implementation has been working fine for
> > > months. However, lately, I just discovered that the configuration did not
> > > actually enforce the security policy as I could just invoke the web 
> > > services
> > > by sending a SOAP message with an empty Security tag in the SOAP header
> > > (like the attached SOAP message). Is this a bug or wrong configuration??
> > > Appreciate if somebody can offer a solution.
> > >
> > >
> > >
> > >
> > >
> > > 
> > >
> > > http://schemas.xmlsoap.org/soap/envelope/";
> > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > > xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> > > xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
> > >
> > >   
> > >
> > > 
> > >
> > >   
> > >
> > >   
> > >
> > > http://example.org/partnerapi/";>
> > >
> > >   ${NAME}
> > >
> > >   ${PASSWORD}
> > >
> > > 
> > >
> > >   
> > >
> > > 
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > The following is a snapshot of my Services.xml file:
> > >
> > >
> > >
> > > 
> > >
> > > 
> > >
> > > 
> > >
> > > http://www.w3.org/2004/08/wsdl/in-out";
> > > class="org.example.partnerapi.PartnerapiMessageReceiverInOut"/>
> > >
> > > 
> > >
> > >  > > locked="false">org.example.partnerapi.PartnerapiSkeleton
> > >
> > > 
> > >
> > > 
> > >
> > >Signature Timestamp
> > >
> > >PWCallback
> > >
> > >security.properties
> > >
> > > 
> > >
> > > 
> > >
> > >  > > mep="http://www.w3.org/2004/08/wsdl/in-out";>
> > >
> > > urn:validateCredential
> > >
> > > http://example.org/partnerapi/partnerapiPortType/validateCredentialResponse
> > >
> > > 
> > >
> > > 
> > >
> > > 
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Thanks & Best Rgds,
> > >
> > > Niu
> > >
> > >
> > > /---\
> > >
> > > Confidential and/ or privileged information may be contained in this
> > > e-mail and any attachments transmitted with it ('Message'). If you are
> > > not the addressee indicated in this Message (or responsible for
> > > delivery of this Message to such person),you are hereby notified that
> > > any dissemination, distribution, printing or copying of this Message or
> > > any part thereof is prohibited. Please delete this Message if received
> > > in  error and advise the sender by return e-mail. Opinions, conclusions
> > > and other information in this Message that do not relate to the
> > > official business of this company shall be understood as neither given
> > > nor endorsed by this company.
> > >
> > > This mail is certified Virus Free by *ProtectNow! (InternetNow Sdn Bhd)
> > > *Scanner Engine powered by Norman Virus Control
> > >
> > > \--/
> > >
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> >
> >
> >
> > --
> > http://blog.ruchith.org
> > http://wso2.org
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
>
> --
> Paul Fremantle
> Co-Founder and VP of Technical Sales, WSO2
> OASIS WS-RX TC Co-chair
>
> blog: http://pzf.fremantle.org
> [EMAIL PROTECTED]
>
> "Oxygenating the Web Service Platform", www.wso2.com
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2 1.1.1] Security policy not enforced

2008-01-07 Thread Ruchith Fernando

Hi,

This is a bug in the wss4j library and it occurs when you use the
parameter based configuration.
This can be patched by using another handler to check the
configuration and for security results.
Will post this solution shortly!

Thanks,
Ruchith

On Jan 7, 2008 12:35 PM, Niu <[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hi,
>
>
>
> I am using axis2 version 1.1.1 and rampart version 1.1.1.
>
>
>
> I have a web services configured to require all incoming messages to include
> a Timestamp and a Signature. The implementation has been working fine for
> months. However, lately, I just discovered that the configuration did not
> actually enforce the security policy as I could just invoke the web services
> by sending a SOAP message with an empty Security tag in the SOAP header
> (like the attached SOAP message). Is this a bug or wrong configuration??
> Appreciate if somebody can offer a solution.
>
>
>
>
>
> 
>
> http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> xmlns:ns2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
>
>   
>
> 
>
>   
>
>   
>
> http://example.org/partnerapi/";>
>
>   ${NAME}
>
>   ${PASSWORD}
>
> 
>
>   
>
> 
>
>
>
>
>
>
>
> The following is a snapshot of my Services.xml file:
>
>
>
> 
>
> 
>
> 
>
> http://www.w3.org/2004/08/wsdl/in-out";
> class="org.example.partnerapi.PartnerapiMessageReceiverInOut"/>
>
> 
>
>  locked="false">org.example.partnerapi.PartnerapiSkeleton
>
> 
>
> 
>
>Signature Timestamp
>
>PWCallback
>
>security.properties
>
> 
>
> 
>
>  mep="http://www.w3.org/2004/08/wsdl/in-out";>
>
> urn:validateCredential
>
> http://example.org/partnerapi/partnerapiPortType/validateCredentialResponse
>
> 
>
> 
>
> 
>
>
>
>
>
>
>
>
>
> Thanks & Best Rgds,
>
> Niu
>
>
> /---\
>
> Confidential and/ or privileged information may be contained in this
> e-mail and any attachments transmitted with it ('Message'). If you are
> not the addressee indicated in this Message (or responsible for
> delivery of this Message to such person),you are hereby notified that
> any dissemination, distribution, printing or copying of this Message or
> any part thereof is prohibited. Please delete this Message if received
> in  error and advise the sender by return e-mail. Opinions, conclusions
> and other information in this Message that do not relate to the
> official business of this company shall be understood as neither given
> nor endorsed by this company.
>
> This mail is certified Virus Free by *ProtectNow! (InternetNow Sdn Bhd)
> *Scanner Engine powered by Norman Virus Control
>
> \--/
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>



-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: General security error (Unexpected number of X509Data: for Signature)

2007-12-05 Thread Ruchith Fernando

Please try using the setFrom() method in the Options[1] instance of
the ServiceClient[2].

Thanks,
Ruchith

1. 
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/client/Options.java
2. 
https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/client/ServiceClient.java

On Dec 6, 2007 8:20 AM, Rachel Primrose <[EMAIL PROTECTED]> wrote:
> Actually, all is going well.
>
> However, the server that I'm sending requests to requires a From field
> in the addressing headers.
>
> I've been googling for about two hours, and can't seem to find a
> solution for this.
>
> Here is my current axis2.xml (well the important parts)
>
> 
> 
> 
> 
>  value="http://schemas.xmlsoap.org/ws/2004/03/addressing"/>
> 
> 
> 
>
> 
> 
> 
> true
> 
>
> 
> 
>
> 
>   
> Timestamp Signature
> wow
> 
> nz.co.maxnet.oot.utils.PWCallback
> wow.properties
> DirectReference
> 
>   
> 
>
> 
> 
> Timestamp Signature Encrypt
> 
> nz.co.maxnet.oot.utils.PWCallback
> wow.properties
> 
>  
>
>
> class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
> HTTP/1.1
> chunked
> 
>
>
> 
> 
>   
> class="org.apache.axis2.engine.RequestURIBasedDispatcher">
> 
> 
>   
> class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
> 
> 
> 
> 
>  class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
> 
> 
> 
> 
> 
> 
> 
> class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
> 
> 
>   class="org.apache.axis2.engine.InstanceDispatcher">
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>
> As always, any help is appreciated.
>
> Thanks.
>
>  - Rachel
>
>
> On Dec 6, 2007 1:45 PM, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > Interop problems ...  You probably want to switch to using the
> > WS-SecurityPolicy based configuration.
> > I can assure you that Rampart + WS-SecurityPolicy interops with .NET
> > (WCF) on WS-Security 1.0, WS-Security 1.1 and WS-SecureConversation
> > scenarios.
> >
> > The test suite we used for the interop with WCF services is available
> > here [1] where we have 66 successful scenarios on the above three
> > specs.
> >
> > Thanks,
> > Ruchith
> >
> > [1] https://wso2.org/repos/wso2/trunk/interop/test-suites/security
> >
> >
> > On Dec 6, 2007 3:07 AM, Rachel Primrose <[EMAIL PROTECTED]> wrote:
> > > Right on the button - eclipse + classpaths = pain.
> > >
> > > I renamed everything to wow.whatever and now I'm onto the .NET interop
> > > problems, which I will probably be posting about when I get really
> > > stuck.
> > >
> > > Thanks so much.
> > >
> > >
> > > On Dec 5, 2007 7:46 PM, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > > > Yep ... everything looks fine ... However I'm wondering whether you
> > > > have any other client_crypto.properties file in your classpath that
> > > > causes the wrong keystore to be picked where there's no key with alias
> > > > test123.
> > > >
> > > > Therefore can you please rename the keystore file and the .properties
> > > > file and check.
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > >
> > > > On Dec 5, 2007 5:50 AM, Rachel Primrose <[EMAIL PROTECTED]> wrote:
> > > >

Re: General security error (Unexpected number of X509Data: for Signature)

2007-12-05 Thread Ruchith Fernando

Interop problems ...  You probably want to switch to using the
WS-SecurityPolicy based configuration.
I can assure you that Rampart + WS-SecurityPolicy interops with .NET
(WCF) on WS-Security 1.0, WS-Security 1.1 and WS-SecureConversation
scenarios.

The test suite we used for the interop with WCF services is available
here [1] where we have 66 successful scenarios on the above three
specs.

Thanks,
Ruchith

[1] https://wso2.org/repos/wso2/trunk/interop/test-suites/security

On Dec 6, 2007 3:07 AM, Rachel Primrose <[EMAIL PROTECTED]> wrote:
> Right on the button - eclipse + classpaths = pain.
>
> I renamed everything to wow.whatever and now I'm onto the .NET interop
> problems, which I will probably be posting about when I get really
> stuck.
>
> Thanks so much.
>
>
> On Dec 5, 2007 7:46 PM, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > Yep ... everything looks fine ... However I'm wondering whether you
> > have any other client_crypto.properties file in your classpath that
> > causes the wrong keystore to be picked where there's no key with alias
> > test123.
> >
> > Therefore can you please rename the keystore file and the .properties
> > file and check.
> >
> > Thanks,
> > Ruchith
> >
> >
> > On Dec 5, 2007 5:50 AM, Rachel Primrose <[EMAIL PROTECTED]> wrote:
> > > Hello,
> > >
> > > I've been having trouble signing my messages as they go out, and the
> > > usual "is the alias the right one" solution I've been reading about
> > > does not work!
> > >
> > > Here is my keystore:
> > >
> > > Keystore type: PKCS12
> > > Keystore provider: SunJSSE
> > >
> > > Your keystore contains 1 entry
> > >
> > > Alias name: test123
> > > Creation date: 5/12/2007
> > > Entry type: PrivateKeyEntry
> > > Certificate chain length: 3
> > > Certificate[1]:
> > >
> > > Here is my axis2.xml security outflow:
> > >
> > > 
> > >   
> > > Timestamp Signature
> > > test123
> > > test.oot.PWCallback
> > > client_crypto.properties
> > > DirectReference
> > >  > > value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To";
> > > />
> > > http://schemas.xmlsoap.org/soap/envelope/}Body;
> > >   
> > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
> > >   
> > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
> > >   
> > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;
> > >   
> > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
> > >   
> > > {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;
> > >   
> > > {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
> > > />
> > >   
> > > 
> > >
> > > Here is my client_crypto.properties file:
> > >
> > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> > > org.apache.ws.security.crypto.merlin.keystore.password=test
> > > org.apache.ws.security.crypto.merlin.keystore.alias=test123
> > > org.apache.ws.security.crypto.merlin.file=oot-stage.p12
> > >
> > > And my pwcallback class:
> > >
> > >  pc.setPassword("test");
> > >
> > > The error I get is:
> > >
> > > org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> > > procesingorg.apache.ws.security.WSSecurityException: General security
> > > error (Unexpected number of X509Data: for Signature); nested exception
> > > is:
> > > org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> > > error during message
> > > procesingorg.apache.ws.security.WSSecurityException: General security
> > > error (Unexpected number of X509Data: for Signature)
> > > at 
> > > org.apache.rampart.handler.WSDoAllSender.processMessage

Re: General security error (Unexpected number of X509Data: for Signature)

2007-12-04 Thread Ruchith Fernando

Yep ... everything looks fine ... However I'm wondering whether you
have any other client_crypto.properties file in your classpath that
causes the wrong keystore to be picked where there's no key with alias
test123.

Therefore can you please rename the keystore file and the .properties
file and check.

Thanks,
Ruchith

On Dec 5, 2007 5:50 AM, Rachel Primrose <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I've been having trouble signing my messages as they go out, and the
> usual "is the alias the right one" solution I've been reading about
> does not work!
>
> Here is my keystore:
>
> Keystore type: PKCS12
> Keystore provider: SunJSSE
>
> Your keystore contains 1 entry
>
> Alias name: test123
> Creation date: 5/12/2007
> Entry type: PrivateKeyEntry
> Certificate chain length: 3
> Certificate[1]:
>
> Here is my axis2.xml security outflow:
>
> 
>   
> Timestamp Signature
> test123
> test.oot.PWCallback
> client_crypto.properties
> DirectReference
>  value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To";
> />
> http://schemas.xmlsoap.org/soap/envelope/}Body;
>   
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;
>   
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;
>   
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To;
>   
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}From;
>   
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;
>   
> {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
> />
>   
> 
>
> Here is my client_crypto.properties file:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> org.apache.ws.security.crypto.merlin.keystore.password=test
> org.apache.ws.security.crypto.merlin.keystore.alias=test123
> org.apache.ws.security.crypto.merlin.file=oot-stage.p12
>
> And my pwcallback class:
>
>  pc.setPassword("test");
>
> The error I get is:
>
> org.apache.axis2.AxisFault: WSHandler: Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature); nested exception
> is:
> org.apache.ws.security.WSSecurityException: WSHandler: Signature:
> error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> at 
> org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:92)
> at 
> org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:382)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655)
> at 
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237)
> at 
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
> Caused by: org.apache.ws.security.WSSecurityException: WSHandler:
> Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException: General security
> error (Unexpected number of X509Data: for Signature)
> at 
> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
> at 
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192)
> at 
> org.apache.rampart.handler.WSDoAllSender.processBasic(WSDoAllSender.java:254)
> at 
> org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:86)
> ... 8 more
>
> And when I set level=DEBUG in my log4j.properties:
>
> 985  [main] DEBUG org.apache.ws.security.util.Loader  - Trying to find
> [client_crypto.properties] using
> [EMAIL PROTECTED] class loader.
> 1000 [main] DEBUG
> org.apache.ws.security.components.crypto.CryptoFactory  - Using Crypto
> Engine [org.apache.ws.security.components.crypto.Merlin]
> 1000 [main] DEBUG org.apache.ws.security.util.Loader  - Trying to find
> [oot-stage.p12] using [EMAIL PROTECTED] class
> loader.
> 1000 [main] DEBUG org.apache.ws.security.util.Loader  - Trying to find
> [oot-stage.p12] using [EMAIL PROTECTED] class
> loader.
> 1000 [main] DEBUG org.apache.ws.security.util.Loader  - Trying to find
> [oot-stage.p12] using ClassLoader.getSystemResource().
> 1563 [main] DEBUG org.apache.ws.security.handler.WSHandler  -
> Performing Action: 32
> 1563 [main] DEBUG org.apache.ws.security.message.WS

Re: org.apache.axis2.deployment.DeploymentException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "wsp"

2007-11-06 Thread Ruchith Fernando

Hi,

Please send your services.xml file used in the service archive. Seems
like the you are missing the declaration of the policy namespace with
prefix "wsp" .

Thanks,
Ruchith

p.s. Please try not to cross post to all three axis-user, axis-dev and
rampart-dev lists.

Rajesh, Peter (CLAIMS, WIP) wrote:
> When I deploy the webservice  .aar file in Weblogic 8.1 application
> server below error is displayed in the console. JDK is "1.4.2_08.
> 
> Please let me know how to resolve this issue.
> 
> org.apache.axis2.deployment.DeploymentException:
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "wsp"
>  at [row,col {unknown-source}]: [35,49]
> at
> org.apache.axis2.deployment.repository.util.ArchiveReader.processService
> Group(ArchiveReader.java:144)
> at
> org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:
> 78)
> at
> org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(De
> ploymentFileData.java:137)
> at
> org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.j
> ava:571)
> at
> org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList
> .java:141)
> at
> org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener
> .java:318)
> at
> org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryL
> istener.java:220)
> at
> org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngi
> ne.java:118)
> at
> org.apache.axis2.deployment.WarBasedAxisConfigurator.loadServices(WarBas
> edAxisConfigurator.java:272)
> at
> org.apache.axis2.context.ConfigurationContextFactory.createConfiguration
> Context(ConfigurationContextFactory.java:78)
> at
> org.apache.axis2.transport.http.AxisServlet.initConfigContext(AxisServle
> t.java:500)
> at
> org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:420)
> at
> weblogic.servlet.internal.ServletStubImpl$ServletInitAction.run(ServletS
> tubImpl.java:1094)
> at
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSu
> bject.java:321)
> at
> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121
> )
> at
> weblogic.servlet.internal.ServletStubImpl.createServlet(ServletStubImpl.
> java:970)
> at
> weblogic.servlet.internal.ServletStubImpl.createInstances(ServletStubImp
> l.java:949)
> at
> weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl
> .java:888)
> at
> weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServ
> letContext.java:3430)
> at
> weblogic.servlet.internal.WebAppServletContext.preloadServlets(WebAppSer
> vletContext.java:3375)
> at
> weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppSe
> rvletContext.java:3356)
> at
> weblogic.servlet.internal.WebAppServletContext.setStarted(WebAppServletC
> ontext.java:6208)
> at
> weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:864)
> at
> weblogic.j2ee.J2EEApplicationContainer.start(J2EEApplicationContainer.ja
> va:2134)
> at
> weblogic.j2ee.J2EEApplicationContainer.activate(J2EEApplicationContainer
> .java:2175)
> at
> weblogic.j2ee.J2EEApplicationContainer.activate(J2EEApplicationContainer
> .java:2122)
> at
> weblogic.management.deploy.slave.SlaveDeployer$Application.setActivation
> (SlaveDeployer.java:3099)
> at
> weblogic.management.deploy.slave.SlaveDeployer.setActivationStateForAllA
> pplications(SlaveDeployer.java:1768)
> at
> weblogic.management.deploy.slave.SlaveDeployer.resume(SlaveDeployer.java
> :351)
> at
> weblogic.management.deploy.DeploymentManagerServerLifeCycleImpl.resume(D
> eploymentManagerServerLifeCycleImpl.java:229)
> at
> weblogic.t3.srvr.SubsystemManager.resume(SubsystemManager.java:136)
> at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:965)
> at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:360)
> at weblogic.Server.main(Server.java:32)
> Caused by: org.apache.axiom.om.OMException:
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "wsp"
>  at [row,col {unknown-source}]: [35,49]
> at
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:2
> 39)
> at
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:318)
> at
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:614
> )
> at
> org.apache.axis2.deployment.DescriptionBuilder.buildOM(DescriptionBuilde
> r.java:97)
> at
> org.apache.axis2.deployment.repository.util.ArchiveReader.buildServiceGr
> oup(ArchiveReader.java:70)
> at
> org.apache.axis2.deployment.repository.util.ArchiveReader.processService
> Group(ArchiveReader.java:137)
> ... 33 more
> 
> Thanks & Regards,
> 
> Peter Rajesh
> 
> 
> 
>

Re: [Axis2] (Long) Ws-Policy: problem with SAMLtoken and WSAS example

2007-11-04 Thread Ruchith Fernando

Hi,

Please see my comments below:

On 11/2/07, Massimiliano Masi <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I'm very frustrated: I'm developing policies for getting a SAML 2 token
> from a WS-Trust STS implemented using Rahas.
>
> I've to put it in the wsse:Security. So I created the following policy
> for the service that needs the token as is [1] (taken from the WSAS
> example).
>
> I got NPE:
>

Can you please send the request message and the response message you
receive from the STS? Seems like the NPE occurs when Axis2 tries to
handle receive the error message.

>
>
> 19:20:49,721 ERROR [AxisServlet]
> java.lang.NullPointerException
>  at
> java.util.PropertyResourceBundle.handleGetObject(PropertyResourceBundle.java:103)
>  at java.util.ResourceBundle.getObject(ResourceBundle.java:319)
>  at java.util.ResourceBundle.getString(ResourceBundle.java:285)
>  at 
> org.apache.rahas.TrustException.getMessage(TrustException.java:105)
>  at org.apache.rahas.TrustException.(TrustException.java:54)
>  at org.apache.rahas.TrustException.(TrustException.java:83)
>  at
> com.spirit.XUA.utils.SpiritTokenIssuer.issue(SpiritTokenIssuer.java:234)
>
> org.apache.axis2.AxisFault: java.lang.NullPointerException
>  at
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
>  at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
>  at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
>  at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
>  at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>  at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)
>  at
> org.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:127)
>  at
> com.spirit.XUA.utils.XUAAssertions.getAuthenticatedViaWSTrust(XUAAssertions.java:430)
>
>
> So, I cannot access the STS, that gives me a TrustException.
>
> If I use the following policy [2] I got this MTOM (?) exception
> client side (after getting in the right way the SAML assertion):
>
IMHO this policy is not correct.
If you simply need the SAML token added to the wsse:Security header
you should define a SignedSupportingTokens assertion with the issued
token, rather than a ProtectionToken.

Also please include axis2-mtompolicy-.jar file in your
classpath as wll.

Thanks,
Ruchith

p.s. Please subscribe([EMAIL PROTECTED]) and post
rampart/rahas specific issues in [EMAIL PROTECTED] list.

>
>
>
>   [java] org.apache.axis2.AxisFault:
> org/apache/axis2/policy/model/MTOMAssertion
>   [java]at
> org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:194)
>   [java]at org.apache.tools.ant.taskdefs.Java.run(Java.java:747)
>   [java]at 
> org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:201)
>   [java]at org.apache.tools.ant.taskdefs.Java.execute(Java.java:104)
>   [java]at
> org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
>   [java]at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   [java]at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>   [java]at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>   [java]at java.lang.reflect.Method.invoke(Method.java:585)
>   [java]at
> org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:105)
>   [java]at org.apache.tools.ant.Task.perform(Task.java:348)
>   [java]at org.apache.tools.ant.Target.execute(Target.java:357)
>   [java]at org.apache.tools.ant.Target.performTasks(Target.java:385)
>   [java]at
> org.apache.tools.ant.Project.executeSortedTargets(Project.java:1329)
>   [java]at 
> org.apache.tools.ant.Project.executeTarget(Project.java:1298)
>   [java]at
> org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
>   [java]at
> org.eclipse.ant.internal.ui.antsupport.EclipseDefaultExecutor.executeTargets(EclipseDefaultExecutor.java:32)
>   [java]at 
> org.apache.tools.ant.Project.executeTargets(Project.java:1181)
>   [java]at
> org.eclipse.ant.internal.ui.antsupport.InternalAntRunner.run(InternalAntRunner.java:423)
>   [java]at
> org.eclipse.ant.internal.ui.antsupport.InternalAntRunner.main(InternalAntRunner.java:137)
>   [java] Caused by: org.apache.axis2.AxisFault:
> org/apache/axis2/policy/model/MTOMAssertion
>   [java]at
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
>   [java]at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
>   [java]at
> org.apache.axis2.description.OutInAxisOper

[ANN] Apache Rampart training

2007-10-29 Thread Ruchith Fernando

HI Folks,

I will be in San Jose on the 1st November and will be conducting a
training session on Apache Rampart[1]. Anyone interested? Register
here [2].

Also I'll be in Indianapolis for a week (10-17 Nov) if anybody's
interested we should be able to provide similar training there as
well. Those interested please contact me.

Thanks,
Ruchith

1. http://wso2.com/services/training/intro-apache-rampart/
2. http://wso2.com/services/training/

-- 
http://blog.ruchith.org
http://wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart throws NPE

2007-10-13 Thread Ruchith Fernando

Hi Murali,

The NPE was thrown because there was no SOAP header in the request SOAP
envelope. I just fixed this [1].

However, IMHO the way you have specified policy doesn't seem to correct
to me. An example where we use a SAML token to protect a message is
available with WSO2 WSAS [2] - sts-sample. Please have a look at how we
set the service policy in this sample.

Thanks,
Ruchith

[1] http://svn.apache.org/viewvc?rev=584382&view=rev
[2] http://dist.wso2.org/products/wsas/java/2.1/

Murali Krishnan wrote:
> The services.xml file contents I had included appear wrong in the
> earlier message. I have attached it in this mail.
> 
> - Original Message 
> From: Murali Krishnan <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: axis-user@ws.apache.org
> Sent: Wednesday, October 3, 2007 2:19:56 PM
> Subject: Rampart throws NPE
> 
> I'm trying to call a simple service deployed in Axis2. I'm trying to
> enforce that this service requires a SamlToken whenever it is called...
> If I invoke this service with a soap request that doesn't have any
> security headers, I get the below exception at the server. If I
> disenagage 'rampart' for the service, there is no problem. Am I doing
> anything wrong in this scenario?
> 
> Thanks,
> Murali
> 
> java.lang.NullPointerException
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:90)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:85)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:120)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> 
> The soap request is like this:
> 
> POST /axis2/services/SimpleService HTTP/1.1
> Content-Type: text/xml; charset=UTF-8
> SOAPAction: "urn:echo"
> User-Agent: Axis2
> Host: 127.0.0.1:
> Content-Length: 244
> 
> 
>   
>   
> 
> Hello world
>  
>   
>
> 
> 
> The services.xml is like this below:
> 
> 
>  locked="false">com.softwareag.ws.SimpleService
> 
>  class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
> 
> 
> 
> 
> 
>
>
> 
>   
>  
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; />
>   
> 
> 
> 
> 
> 
> Yahoo! oneSearch: Finally, mobile search that gives answers
> ,
> not web links.
> 
> 
> 
> Yahoo! oneSearch: Finally, mobile search that gives answers
> ,
> not web links.
> 




signature.asc
Description: OpenPGP digital signature

Re: Rampart sample/tutorial

2007-09-18 Thread Ruchith Fernando

Please see this :

http://wso2.org/library/240

Thanks,
Ruchith

On 8/31/07, Todd Allen <[EMAIL PROTECTED]> wrote:
> I need to implement user name/password authentication in an Axis2 1.1
> web service.  Can someone point me to a useful set of samples or a
> good tutorial on Rampart and the user name token?
>
> Thanks,
> Todd
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[ANN] Apache Rampart 1.3 Released

2007-09-06 Thread Ruchith Fernando

This is the 1.3 release of Apache Rampart.

Apache Rampart 1.3 is a toolkit that provides implementations of the
WS-Sec* specifications for Apache Axis2 1.3, based on Apache WSS4J 1.5.3
and the Apache AXIOM-DOOM 1.2.5 implementations.

You can download the releases from:
http://www.apache.org/dyn/closer.cgi/ws/rampart/1_3

There are two main Apache Axis2 modules provided with this release.

* rampart-1.3.mar
  This provides support for WS-Security and WS-SecureConversation
features.
* rahas-1.3.mar
  This module provides the necessary components to enable
SecurityTokenService functionality on a service.

Apache Rampart 1.3 uses a configuration model based on WS-Policy and
WS-Security Policy. It is important to note that the Apache Rampart 1.0
style configuration is also available even though being marked as
deprecated.

Apache Rampart 1.3 can be successfully used with the next Apache
Sandesha2 release targeted towards Apache Axis2 1.3 to configure
WS-SecureConversation + WS-ReliableMessaging scenarios.

The rampart module was successfully tested for interoperability with
other WS-Security implementations.

WS - Sec* specifications supported by Apache Rampart are as follows:

* WS - Security 1.0
* WS - Secure Conversation - February 2005
* WS - Security Policy - 1.1 - July 2005
* WS - Trust - February 2005
* WS - Trust - WS-SX spec - EXPERIMENTAL

Thank you for using Apache Rampart.

Apache Rampart team





signature.asc
Description: OpenPGP digital signature

Re: Rampart and SAML question

2007-08-30 Thread Ruchith Fernando

It is important that the policy used uses an "IssuedToken" assertion.

https://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/conf/service.policy.xml

Now when RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN property provides
an id of a token in the token store rampart will use that token as the
issued token.

Thanks,
Ruchith

On 8/30/07, Dimuthu <[EMAIL PROTECTED]> wrote:
> Hi,
>
> You can do it as follows [1]
> I got the code from this sample available here[2]
>
> Cheers,
> Dimuthu
>
> [1]
> Token tok = new Token(Token(tokenId, youTokenElem,
>  dateCreated, dateExpires));
> TokenStorage store = TrustUtil.getTokenStore(ctx);
> store.add(token);
>
> //Store token
> TokenStorage store = TrustUtil.getTokenStore(ctx);
> store.add(responseToken);
>
> //Service invocation
> ServiceClient client = new ServiceClient(ctx, null);
> client.engageModule("rampart");
> client.engageModule("addressing");
>
> 
> client.getServiceContext().setProperty(RampartMessageData.KEY_RAMPART_POLICY, 
> servicePolicy);
> Options options = client.getOptions();
> options.setAction("urn:echoOMElement");
> 
> options.setSoapVersionURI(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);
> options.setTo(new EndpointReference(service));
> options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, 
> responseToken.getId());
> OMElement respEelm = client.sendReceive(getPayload());
> System.out.println("RESPONSE FROM SERVICE: \n" + respEelm);
>
> [2]http://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java
>
>
>
> On Wed, 2007-08-29 at 17:46 +0200, Massimiliano Masi wrote:
> > Hi all,
> >
> > I have a SAML2 Authentication Assertion as OMElement, created by opensaml2.
> >
> > How can I include it in the SOAP Header using the rampart api?
> >
> > Is there a way to do it?
> >
> >
> > Thank you in advance,
> >
> >
> > Massimiliano
> >
> > 
> > This message was sent using IMP, the Internet Messaging Program.
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> --
> http://wso2.org
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart and Axis2 1.3

2007-08-28 Thread Ruchith Fernando

Hi,

org.apache.axis2.wsdl.codegen.extension.ModulePolicyExtension has been
moved to the axis2-codegen.jar and this is not available in the
axis2.war. You will have to add the axis2-codegen-1.3.jar to the
WEB-INF/lib/ dir of the axis2.war to solve this issue.

All rampart samples with work without any issue with the axis2
standard binary dist since axis2-codegen-1.3 jar is available in it.

Thanks,
Ruchith

On 8/23/07, Davanum Srinivas <[EMAIL PROTECTED]> wrote:
> We are still voting on the release, please try this with Axis2 1.3
> http://people.apache.org/~ruchithf/rampart/1_3/
>
> -- dims
>
> On 8/22/07, Skinner, Gregory W. <[EMAIL PROTECTED]> wrote:
> >
> >
> > I have been trying to get Axis 1.2 or 1.3 working with a version of Rampart.
> > When I try to use Axis 1.3 with Rampart 1.2, the module does not deploy and
> > I get
> >
> > [ERROR] The rampart-1.2.mar module, which is not valid, caused
> > org/apache/axis2/modules/ModulePolicyExtension
> > java.lang.NoClassDefFoundError:
> > org/apache/axis2/modules/ModulePolicyExtension
> > at java.lang.ClassLoader.defineClass1(Native
> > Method)
> >
> > When I try to use Axis2 1.2 with Rampart 1.2 (deployed in Tomcat), I end up
> > getting a NullPointerException after I get :
> >
> > Unknown top level PED found:
> > org.apache.neethi.builders.xml.XmlPrimtiveAssertion
> >
> > Can anyone suggest which versions of Axis / Rampart are compatible and where
> > I might find them?
> >
> > Thanks,
> > Greg
> >
>
>
> --
> Davanum Srinivas :: http://davanum.wordpress.com
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [RAMPART] Which is the official rampart home page?

2007-08-14 Thread Ruchith Fernando

Hi,

I did send a mail to the rampart-dev list [1] about the RC release :-)
and apologies about not updating the Rampart site[2].

We should move the axis2 rampart page into the rampart site and link
to the official site from the axis modules page.

Thanks,
Ruchith

1. 
http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200708.mbox/raw/[EMAIL 
PROTECTED]/
2. http://ws.apache.org/rampart/

On 8/15/07, Alberto Patino <[EMAIL PROTECTED]> wrote:
> Hi guys!
>
> I'm trying to download RAMPART module 1.3 RC1 to run samples with
> Axis2-1.3 as suggested by Ruchith , but I'm stuck trying to find the
> RC1 version
>
> I think the page:
>
> http://ws.apache.org/rampart/
>
> is the official one, but I don't see the link in the main page of apache,
>
> On the other hand I found the RC1 version in the Ruchith blog:
>
> http://ruchith.blogspot.com/2007/08/apache-rampart-13-rc1-is-available.html
>
> And lastly, rampart info is found under the modules section from the axis2 
> page:
>
> http://ws.apache.org/axis2/modules/rampart/1_3/security-module.html
>
> Could it be possible to gather all the
> Rampart related information into the http://ws.apache.org/rampart page?
>
> Thanks a lot
>
> --
> Don't be evil!!!
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] SAML security tokens generation

2007-08-13 Thread Ruchith Fernando

Hi Christina,

Rampart supports adding SAML Tokens to the security header in the
policy based implementation. You can see an example here :

http://marc.info/?l=axis-user&m=118665642802630&w=2

By the way note that this requires the service to express it
requirements in policy and this sample uses the token acquired from
the Security Token Service to encrypt and sign the message.

I'm not sure what you mean by "...SAML tokens with encryption of the
user name and signature will be used ...". Please check whether the
above sample fits your requirement.

Thanks,
Ruchith

On 8/14/07, Christina Larocca <[EMAIL PROTECTED]> wrote:
> Hi all Axis2 users:
>
> I have been managing some web services using UsernameTokens (without using
> rampart) to convey identities. I've a client that connects to a Token issuer
> service that provides it an EndpointReference and the Username token needed
> to authenticate. Now I must remodelate the security of the whole model and
> instead of that, SAML tokens with encryption of the user name and signature
> will be used. The last axis2 version I've been using was the 1.1 and now I'm
> thinking about updating to the newest one and start using rampart.
>
> I have read that, unfortunatelly, Rampart itself can't be configured to add
> the SAML token to the Security header and that it delegates those functions
> to a STS called Rahas. The documentation I found about Rahas is very weak
> and despite my experience I don't have a clue about where or how to start.
> Could anyone indicate me where to find a good tutorial or use examples? Or,
> even better, could anyone show me some code to generate the tokens? If it's
> possible, I would prefer to config rahas with code instead of creating text
> config files.
>
> Thanks in advance.
>
> Christina.
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [RAMPART] Unable to load rampart-1.2-mar in Axis2-1.3

2007-08-13 Thread Ruchith Fernando

Please try the rampart-1.29.mar available in Rampart-1.3-RC1 ...
IMPORTANT - rampart-1.29.mar is not an official release!

Thanks,
Ruchith

On 8/14/07, Alberto Patino <[EMAIL PROTECTED]> wrote:
> Hello!
>
> I'm trying to run the Rampart 1.2 samples with Axis3 but I got a
> service deployment error, if I run the samples with Axis 1.2 there is
> no problem.
>
> Also, I tried to download rampart-1.3 module but the link is broken
>
>
>
> INFO: Deploying web application archive axis2.war
> [INFO] Deploying module: addressing-1.3
> [INFO] Deploying module: script-1.3
> [INFO] Deploying module: ping-1.3
> [INFO] Deploying module: soapmonitor-1.3
> [INFO] Deploying module: metadataExchange-1.3
> [INFO] script module activated
> [INFO] Deploying Web service: version-1.3.aar
> Aug 13, 2007 4:46:59 PM org.apache.coyote.http11.Http11BaseProtocol start
> INFO: Starting Coyote HTTP/1.1 on http-8080
> Aug 13, 2007 4:46:59 PM org.apache.jk.common.ChannelSocket init
> INFO: JK: ajp13 listening on /0.0.0.0:8009
> Aug 13, 2007 4:46:59 PM org.apache.jk.server.JkMain start
> INFO: Jk running ID=0 time=0/234  config=null
> Aug 13, 2007 4:46:59 PM org.apache.catalina.storeconfig.StoreLoader load
> INFO: Find registry server-registry.xml at classpath resource
> Aug 13, 2007 4:46:59 PM org.apache.catalina.startup.Catalina start
> INFO: Server startup in 6984 ms
> org.apache.axis2.deployment.DeploymentException: The rampart module is
> not valid or has not been deployed.
>  at 
> org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:144)
> at 
> org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:78)
> at 
> org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:137)
> at 
> org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:571)
> at 
> org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:141)
> at 
> org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:318)
> at 
> org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:220)
> at 
> org.apache.axis2.deployment.RepositoryListener.startListener(RepositoryListener.java:312)
> at 
> org.apache.axis2.deployment.scheduler.SchedulerTask.checkRepository(SchedulerTask.java:64)
> at 
> org.apache.axis2.deployment.scheduler.SchedulerTask.run(SchedulerTask.java:71)
> at 
> org.apache.axis2.deployment.scheduler.Scheduler$SchedulerTimerTask.run(Scheduler.java:83)
> at java.util.TimerThread.mainLoop(Timer.java:512)
> at java.util.TimerThread.run(Timer.java:462)
>
>
> Do I need to wait for the rampart 1.3 release?
>
>
> Thanks
>
> --
> Don't be evil!!!
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2][VOTE]Axis2 1.3 release artifacts (#take3)

2007-08-12 Thread Ruchith Fernando

+1

Thanks,
Ruchith

On 8/10/07, Deepal jayasinghe <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi all,
>
> I have uploaded Axis2 1.3 (take3) into my Apache home location [1]
> again . As a result of we found a few issues in 1.3 take2 I had to
> upload the artifacts again and call for a new vote. I will keep open
> the vote for 72 hrs from now and will do the Axis2 1.3 release on
> Monday 13th Aug 2007.
>
> You can find both IntelliJ idea and Eclipse plugin artifacts in the
> tools folder [2]
>
> Please try to cover the following areas when testing.
> - - Code generation
> - - Sessions
> - - Web application
> - - In different application servers
> - - Both JDK 1.5 and JDK 1.4
> - - Java2WSDL
> - - POJOs
> - - And whatever the JIRA we have marked as fixed.
>
> You can find maven2 repository under my home directory as well [3]. I
> have host the web site for 1.3 in [4] please have a look at that as well
>
> I will do the final release on Friday (10th Aug 2007), here is my +1
> for the release date as well as for release artifacts.
>
>
> [1] : http://people.apache.org/~deepal/axis2/1.3-take3/
> [2] : http://www-lk.wso2.com/~deepal/1.3-tools/
> [3] : http://people.apache.org/~deepal/axis2/1.3-take3/m2-repo/
> [4] : http://www-lk.wso2.com/~deepal/axis2/
>
>
> P.S : Please note that I need to have two more PMC vote to go ahead
> with the release, so please give us the support by voting for the release.
>
>
> Thanks
> Deepal
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGvFhvjOGcXNDx0CARAh+4AJ49M1d86/v39C6Z0WnMcxsK5RgF3QCdGD8d
> 43gXJ+tvuyHhc/nI1t1u1fw=
> =sqos
> -END PGP SIGNATURE-
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 5.5.23/Rampart 1.2 not working for digital signature validation (Policy example 2)

2007-08-09 Thread Ruchith Fernando

Please see here :
http://marc.info/?l=axis-user&m=118671612624113&w=2

Thanks,
Ruchith

On 8/10/07, Ford, Jennifer M. <[EMAIL PROTECTED]> wrote:
> I've just discovered that digital signature validation appears to work
> with Tomcat 5.0.28, but not with Tomcat 5.5.23.   Is this a known bug or
> should I enter a ticket?
>
> Jennifer
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart error with MustUnderstand

2007-08-09 Thread Ruchith Fernando

Argh ... seems like the certs expired on July 21st :(

Please create the client and service keystores as described here :
http://wso2.org/library/174

Thanks,
Ruchith

On 8/10/07, Pavan Madiraju <[EMAIL PROTECTED]> wrote:
> I am trying to get samples\policy\sample2 working but getting the following
> error. Is anyone able to get the sample2 working ?
>
> Error:
>
>   [java] org.apache.ws.security.WSSecur ityException: The signature
> verification failed (The provided certificate is invalid).
>
> I am using the service.jks and client.jks that is shipped with the samples.
>
> Here is the whole error log
>
> Service log
>
> C:\Development\axis\rampart-1.2\samples\policy>ant service.02
> Buildfile: build.xml
>
> check.dependency:
>
> service.02:
>  [copy] Copying 1 file to C:\Development\axis\rampart-
> 1.2\samples\policy\bui
> ld\service_repositories\sample02\modules
>  [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\service_repositories\sample02\modules
>  [copy] Copying 1 file to C:\Development\axis\rampart-
> 1.2\samples\policy\bui
> ld\service_repositories\sample02\modules
> [mkdir] Created dir:
> C:\Development\axis\rampart-1.2\samples\policy\build\te
> mp
> [mkdir] Created dir:
> C:\Development\axis\rampart-1.2\samples\policy\build\te
> mp\META-INF
> [javac] Compiling 2 source files to
> C:\Development\axis\rampart-1.2\samples\
> policy\build\temp
>  [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\temp\META-INF
>  [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\temp
>  [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\temp
>   [jar] Building jar: C:\Development\axis\rampart-
> 1.2\samples\policy\build\s
> ervice_repositories\sample02\services\sample02.aar
>[delete] Deleting directory
> C:\Development\axis\rampart-1.2\samples\policy\bu
> ild\temp
>  [java] [SimpleHTTPServer] Starting
>   [java] [SimpleHTTPServer] Using the Axis2 Repository
> C:\Development\axis\ra
> mpart-1.2\samples\policy\build\service_repositories\sample02
>  [java] [SimpleHTTPServer] Listening on port 8080
>  [java] Aug 9, 2007 2:17:27 PM
> org.apache.axis2.deployment.ModuleDeployer de
> ploy
>  [java] INFO: Deploying module: addressing-1.2
>  [java] Aug 9, 2007 2:17:28 PM
> org.apache.axis2.deployment.ModuleDeployer de
> ploy
>  [java] INFO: Deploying module: rahas-1.2
>  [java] Aug 9, 2007 2:17:29 PM
> org.apache.axis2.deployment.ModuleDeployer de
> ploy
>  [java] INFO: Deploying module: rampart-1.2
>  [java] Aug 9, 2007 2:17:29 PM
> org.apache.axis2.deployment.ServiceDeployer d
> eploy
>  [java] INFO: Deploying Web service: sample02.aar
>  [java] [SimpleHTTPServer] Started
>  [java] Aug 9, 2007 2:17:29 PM
> org.apache.axis2.transport.http.server.Defaul
> tConnectionListener run
>  [java] INFO: Listening on port 8080
>  [java] org.apache.ws.security.WSSecurityException: The
> signature verificati
> on failed (The provided certificate is invalid)
>  [java] at
> org.apache.ws.security.processor.SignatureProcessor.verifyXML
> Signature(SignatureProcessor.java:259)
>  [java] at
> org.apache.ws.security.processor.SignatureProcessor.handleTok
> en(SignatureProcessor.java:80)
>  [java] at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> (WSSecurityEngine.java:279)
>  [java] at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> (WSSecurityEngine.java:201)
>  [java] at
> org.apache.rampart.RampartEngine.process(RampartEngine.java
> :7
> 1)
>  [java] at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartRece
> iver.java:71)
>  [java] at
> org.apache.axis2.engine.Phase.invoke(Phase.java:383)
>  [java] at
> org.apache.axis2.engine.AxisEngine.invoke
> (AxisEngine.java:203
> )
>  [java] at
> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:13
> 1)
>  [java] at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTT
> PPostRequest(HTTPTransportUtils.java :279)
>  [java] at
> org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker
> .java:216)
>  [java] at
> org.apache.axis2.transport.http.server.AxisHttpService.doServ
> ice(AxisHttpService.java:275)
>   [java] at
> org.apache.axis2.transport.http.server.AxisHttpService.handle
> Request(AxisHttpService.java:184)
>  [java] at
> org.apache.axis2.transport.http.server.HttpServiceProcessor.r
> un(HttpServiceProcessor.java :74)
>  [java] at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExec
> utor$Worker.runTask(ThreadPoolExecutor.java:665)
>  [java] at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExec
> utor$Worker.run(ThreadPoolExecutor.java:690)
>  [java] at java.lang.Thread.run(Thread.java:797)
>
>
> client log
>
>
> C:\Development\axis\r

Re: Axis2 1.2, Rampart 1.2 passwordType question

2007-08-09 Thread Ruchith Fernando

Note that the "usage" flag of the
org.apache.ws.security.WSPasswordCallback instance passed into your
callback handler implementation is set to
WSPasswordCallback#USERNAME_TOKEN in the password digest case (since
we need to supply the password to compute the digest) and in the plain
text case it is set to WSPasswordCallback#USERNAME_TOKEN_UNKNOWN and
the password received is *available* in the
org.apache.ws.security.WSPasswordCallback instance to carry out
authentication at the callback handler. Therefore you can do your
validation here at you implementation of the callback handler.

Thanks,
Ruchith

On 7/25/07, Kevin TierOne <[EMAIL PROTECTED]> wrote:
> In the axis2 client, it looks like it is possible to configure password
> authentication with clear text passwords or a password digest.  Like this:
>
>
>
> PasswordText or
>
>
> PasswordDigest
>
>
> On the Axis2 server, my inflow security is similar to rampart's sample02:
> 
>   
> UsernameToken Timestamp
>
> myClass
>   
> 
>
>
> Is it possible to configure the server to require a Password Digest?  It
> would be nice if I can configure the server to fail authentication if the
> password sent in clear text.
>
> Thanks,
> Kevin
>

-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis2 and Rampart / Rahas Client

2007-08-09 Thread Ruchith Fernando

Please see this :

http://marc.info/?l=axis-user&m=118665642802630&w=2

Thanks,
Ruchith

On 7/25/07, Chris82KS <[EMAIL PROTECTED]> wrote:
>
> Hello @all!
>
> I want to use a service as security token provider. For this task I've
> chosen Rahas 1.1 in Axis2 1.1.
> Now I want to write a client which shall call a normal web service in my
> axis2 service repository but before the client shall call the security token
> service to get a SAML token. Can anybody show me how to implement or
> configure the client?
>
> Greetrings
>
> Christian
> --
> View this message in context: 
> http://www.nabble.com/Axis2-and-Rampart---Rahas-Client-tf4141852.html#a11781509
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis2/Rampart Dispatch Errors

2007-08-09 Thread Ruchith Fernando

Hi,

Can you please send the axis2.xml file you use with the client. This
error shows that the axis2.xml file picked is incorrect. Have you set
the "axis.xml" system property to point to any other axis2.xml file by
any chance?

Thanks,
Ruchith

On 7/28/07, Ingrid Alongi <[EMAIL PROTECTED]> wrote:
>
>
> Hi All,
>
>
> We are currently trying to consume a Web Service that
> requires a WS-Security token and have decided to use Axis2 and Rampart.
>
>
> We set up and ran the sample code in the Axis2/Rampart  located here:
>
>
> http://wso2.org/library/240
>
>
>
>
>
> The sample code works correctly.  However once we generate ADB stubs and load
> the axis2.xml  we get the following
> error:
>
>
>
>
>
> org.apache.axis2.deployment.DeploymentException: The
> "Dispatch" phase is not found on the global "InFlow" phase
> of the axis2.xml file. Make sure the phase is within the axis2.xml file.
>
>
> at
>
>
> org.apache.axis2.deployment.DeploymentEngine.loadRepository(DeploymentEngine
>
>
> .java:141)
>
>
> at
>
>
> org.apache.axis2.deployment.FileSystemConfigurator.getAxisConfiguration(File
>
>
> SystemConfigurator.java:114)
>
>
> at
>
>
> org.apache.axis2.context.ConfigurationContextFactory.createConfigurationCont
>
>
> ext(ConfigurationContextFactory.java:60)
>
>
> at
>
>
> org.apache.axis2.context.ConfigurationContextFactory.createConfigurationCont
>
>
> extFromFileSystem(ConfigurationContextFactory.java:174)
>
>
>
>
>
>
>
>
> The axis2.xml obviously is not an issue as we are using the
> exact same axis2.xml file as used by the rampart samples (which work with 
> their
> stub client/services).
>
>
>
>
>
> Does anyone have any advice in tracking down this issue?
>
>
> Thanks,
> ingrid
>
>
>
>
>
> 
> Yahoo! oneSearch: Finally, mobile search
> that gives answers, not web links.
> http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [AXIS2] Problem with WS-Trust

2007-08-09 Thread Ruchith Fernando

Hi,

You can use org.apache.rahas.client.STSClient to obtain a token from
the service. Please have a look at this sample client code [1].

You can see this sample in action in WSO2 WSAS 2.0 [2]

Thanks,
Ruchith

1. 
http://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java
2. http://dist.wso2.org/products/wsas/java/2.0

On 7/31/07, Jochen Zink <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I try to build a Client with Axis-1.2 for the WebService 
> https://www.vdg-portal.de/VDGAuthPortal/services/STS.
>
> The client only calls the RequestSecurityToken Method.
>
> First, I generate the client with the following command:
>
> wsdl2java -uri https://www.vdg-portal.de/VDGAuthPortal/services/STS?wsdl -p 
> de.awd.biproclient.prototype -o stubs/vdg/ticketService -u
>
> Now, I have the generated Stubs classes and everything else I need.
>
> My Sourcecode:
> ConfigurationContext ctx = 
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("repository",
>  "repository/conf/axis2.xml");
> VDGSecurTokenServiceStub stub = new VDGSecurTokenServiceStub(ctx, 
> "https://www.vdg-portal.de/VDGAuthPortal/services/STS";);
> RequestSecurityToken request = new RequestSecurityToken();
> RequestSecurityTokenType type = new RequestSecurityTokenType();
> request.setRequestSecurityToken(type);
>
> RequestSecurityTokenResponse response = stub.RequestSecurityToken(request);
>
>
> The Axis repository contains a modules folder with addressing and rampart 
> module inside.
>
> The axis2.xml contains the rampart configuration for outflowsecurity:
> 
> 
> UsernameToken
> SomeUsername
> 
> de.awd.biproclient.prototype.VDGPasswordCallback
> PasswordText
> 
> 
>
>
> That is all I need, I guess.
>
> But I get an Exception (end of this email) and I don't know what does this 
> mean, or what I do wrong.
>
> Has someone an idea?
>
> Thanks a lot!
>
> Exception in thread "main" org.apache.axis2.AxisFault: Error in extracting 
> message properties
> at 
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:63)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:433)
> at 
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:330)
> at 
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294)
> at 
> de.awd.biproclient.prototype.VDGSecurTokenServiceStub.RequestSecurityToken(VDGSecurTokenServiceStub.java:157)
> at 
> de.awd.biproclient.prototype.Prototypeclient.useCodeGenImplementation(Prototypeclient.java:74)
> at 
> de.awd.biproclient.prototype.Prototypeclient.main(Prototypeclient.java:144)
> Caused by: org.apache.rampart.RampartException: Error in extracting message 
> properties
> at 
> org.apache.rampart.RampartMessageData.(RampartMessageData.java:314)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:57)
> at 
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:57)
> ... 8 more
> Caused by: org.apache.ws.security.WSSecurityException: Error in converting 
> SOAP Envelope to Document; nested exception is:
> org.apache.axiom.om.OMException: javax.xml.stream.XMLStreamException
> at 
> org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:129)
> at 
> org.apache.rampart.RampartMessageData.(RampartMessageData.java:148)
> ... 10 more
> Caused by: org.apache.axiom.om.OMException: 
> javax.xml.stream.XMLStreamException
> at 
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> at org.apache.axiom.om.impl.dom.NodeImpl.build(NodeImpl.java:444)
> at 
> org.apache.axiom.om.impl.dom.DocumentImpl.build(DocumentImpl.java:472)
> at 
> org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:113)
> ... 11 more
> Caused by: javax.xml.stream.XMLStreamException
> at 
> org.apache.axiom.om.impl.llom.OMStAXWrapper.updateLastNode(OMStAXWrapper.java:955)
> at 
> org.apache.axiom.om.impl.llom.OMStAXWrapper.next(OMStAXWrapper.java:900)
> at 
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
>
> ___
> Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 3 Monate
> kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=00
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To

Re: Rampart Sample 4 -

2007-08-09 Thread Ruchith Fernando

Can you please post your client and service configuration?

Thanks,
Ruchith

p.s. Please *subscribe* by sending a mail to
[EMAIL PROTECTED] and post rampart related issues in
the rampart-dev@ list

On 8/4/07, Pavan Madiraju <[EMAIL PROTECTED]> wrote:
> I am trying to execute sample 4 from Rampart samples. I am getting the
> following soap fault
>
> 
> http://www.w3.org/2005/08/addressing";
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
> 
> 
> http://www.w3.org/2005/08/addressing/soap/fault
> 
> 
> 
> soapenv:Client
> WSDoAllReceiver: security processing 
> failed
> 
> 
> 
> 
>
> not sure what'z is the problem.
> Here is what I see while executing the client
> Buildfile: C:\Development\axis\rampart-1.2\samples\basic\build.xml
> check.dependency:
> client.04:
>  [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\basic\build\client_repositories\sample04\conf
>  [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\basic\build\client_repositories\sample04\modules
>  [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\basic\build\client_repositories\sample04\modules
>  [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\basic\build\temp_client
>  [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\basic\build\temp_client
>  [java] Aug 4, 2007 12:25:02 AM
> org.apache.axis2.deployment.DeploymentEngine prepareRepository
>  [java] INFO: No services directory was found under
> C:\Development\axis\rampart-1.2\samples\basic\build\client_repositories\sample04.
>  [java] Aug 4, 2007 12:25:02 AM
> org.apache.axis2.deployment.ModuleDeployer deploy
>  [java] INFO: Deploying module: addressing-1.2
>  [java] Aug 4, 2007 12:25:03 AM
> org.apache.axis2.deployment.ModuleDeployer deploy
>  [java] INFO: Deploying module: rampart-1.2
>  [java] Exception in thread "main" org.apache.axis2.AxisFault:
> WSDoAllReceiver: security processing failed
>  [java] at 
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:434)
>  [java] at 
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:373)
>  [java] at 
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294)
>  [java] at 
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:520)
>  [java] at 
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:500)
>  [java] at org.apache.rampart.samples.sample04.Client.main(Unknown Source)
>  [java] Java Result: 1
> BUILD SUCCESSFUL
> Total time: 5 seconds
>
>
> I don't see anything in the console. Not sure why. I am running WAS
> 6.1 , Axis2 1.2 and Rampart 1.2
>
> Attached are my request and response as well as the log property file.
>
> Please help.
>
> Regards,
> Pavam
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: non-repudiation with signature using rampart 1.2

2007-08-09 Thread Ruchith Fernando

On 8/4/07, Pavan Madiraju <[EMAIL PROTECTED]> wrote:
> Thanks Dimuthu,
> Does anyone have example code for WS security using only digital signature ?

Please see policy/sample02 in the Rampart distro.

Thanks,
Ruchith

>
> Tried to modify the simple example ( Sample4) to implement one way security.
> Client has only OutflowSecurity and service has only InflowSecurity.
> Can I do this using Rampart 1.2 ?
>
> Getting the following error on the client side
>
> \[java] Exception in thread "main" org.apache.axis2.AxisFault:
> WSDoAllReceiver: security processing fail
> and recieving the following error on the server
> WSDoAllReceiver: security processing 
> failed
>
>
>
>
> On 8/2/07, Dimuthu <[EMAIL PROTECTED]> wrote:
> > Hi Pavan,
> >
> > I think this issue is related to
> > https://issues.apache.org/jira/browse/RAMPART-10
> >
> > Regards,
> > Dimuthu
> >
> > On Thu, 2007-08-02 at 23:29 -0400, Pavan Madiraju wrote:
> > > Hi,
> > > I am trying to implement  non-repudiation with signature with  Axis2
> > > 1.2  &  Rampart 1.2.
> > >
> > > Here is my service.xml enabling rampart
> > >
> > >   
> > >   
> > >   
> > >   Signature
> > >   
> > > service.properties
> > >   
> > >   
> > >
> > > I have placed my service.properties file in
> > >
> > >   
> > > \base_v61\profiles\AppSrv01\installedApps\NW815856Node02Cell\axis2_war.ear\axis2.war\WEB-INF\classes
> > > folder
> > >
> > > service.properties contents are
> > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > org.apache.ws.security.crypto.merlin.keystore.type=jks
> > > org.apache.ws.security.crypto.merlin.keystore.password=servertrust
> > > org.apache.ws.security.crypto.merlin.keystore.alias=wasclient
> > > org.apache.ws.security.crypto.merlin.alias.password=servertrust
> > > org.apache.ws.security.crypto.merlin.file=servertrust.jks
> > >
> > > I am getting the following error
> > >
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R at
> > > com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
> > > [8/2/07 8:28:10:326 EDT] 0027 SystemErr R Caused by:
> > > org.apache.ws.security.components.crypto.CredentialException: Failed
> > > to load credentials. Inner Exception: [DerInputStream.getLength():
> > > lengthTag=109, too big.]
> > >   at 
> > > org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:141)
> > >   at 
> > > org.apache.ws.security.components.crypto.AbstractCrypto.(AbstractCrypto.java:97)
> > >   at 
> > > org.apache.ws.security.components.crypto.Merlin.(Merlin.java:65)
> > >   at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
> > > Method)
> > >   at 
> > > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:67)
> > >   at 
> > > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> > >
> > >
> > >
> > >
> > >   at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
> > >   at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
> > >   at 
> > > com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
> > >   at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
> > >   at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
> > >
> > > [8/2/07 8:28:10:346 EDT] 0027 SystemErr R at
> > > org.apache.ws.security.

Re: AXIS2: Rampart: Support for IssuedToken

2007-07-31 Thread Ruchith Fernando

Hi Nagi,

Yes ... Rampart does support protecting messages with IssuedTokens.
But this is not available with the parameter based configuration.
Suport for issued tokens is available with the new policy based
configuration which uses WS-SecurityPolicy.

Right now we do not automatically obtain the token from the issuer and
we expect the client developer to provide the issued token which we
can use. One can use org.apache.rahas.client.STSClient to obtain a
token from an STS (SecurityTokenService). This token should be made
available to rampart in the options object. Please see this sample
client [1] from WSO2 WSAS[2]. You can try out this sample in the
latest 2.0 release of WSAS [3]

Thanks,
Ruchith

p.s. Please subscribe and post rampart related questions to the
[EMAIL PROTECTED] list

[1] 
http://wso2.org/repos/wso2/trunk/wsas/java/modules/samples/sts-sample/src/org/wso2/wsas/sample/sts/client/Client.java
[2] http://wso2.org/projects/wsas/java
[3] http://dist.wso2.org/products/wsas/java/2.0
On 8/1/07, Par Nagi <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Does Axis2/Rampart support services that expect a SAML (or other
> issued token) at present? I.e., can I write a service.xml where I
> specify the InflowSecurity parameter as follows?
>
>   
> 
>  IssuedToken
> 
>   
>
> I get an AxisFault - WSDoAllSender: Unknown action definedIssuedToken.
>
> Clearly the items being set to IssuedToken is not right in the above
> service.xml - what is the correct value for the items tag to notify
> Axis that the service expects an issued token such as SAML?
>
> Thanks for any info
>
> - Nagi
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-- 
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Rampart] Ignore Timestamp and Addressing from client

2007-07-10 Thread Ruchith Fernando


Rampart certainly does process timestamp at
org.apache.rampart.PolicyBasedResultsValidator#verifyTimestamp()

Also WSS4J org.apache.ws.security.processor.TimestampProcessor#handleTimestamp()
verifies the timstamp before control reaches Rampart level validation.

Thanks,
Ruchith

On 7/10/07, Tony Dean <[EMAIL PROTECTED]> wrote:

Rampart does not do any processing with the Timestamp information, does it?  
However, you do make a valid point.  The client should not send a Timestamp if 
service is not expecting it.  Unfortunately, WSSE 3.0 sends one by default with 
a UsernameToken. ;-(

> -Original Message-
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 10, 2007 10:59 AM
> To: axis-user@ws.apache.org
> Subject: Re: [Rampart] Ignore Timestamp and Addressing from client
>
> Hmm ... this is not possible with Rampart-1.0 style configuration!
> (Using configuration parameters). IMHO we must validate all
> elements in the wsse:Security header of the incoming message
> and I don't think it is correct to let random unknown
> elements in. We express exactly what we expect in the
> security header in the security policy of the service and the
> client MUST send exactly as expected by the service.
> Otherwise it is the client's problem.
>
> Thanks,
> Ruchith
>
> On 7/10/07, stlecho <[EMAIL PROTECTED]> wrote:
> >
> > I completely agree with you Tony. If the client sends on top of the
> > required UsernameToken some additional and unwanted information
> > (timestamp, addressing, ...), Rampart should still be happy that it
> > finds the UsernameToken information.
> >
> > Regards, Stefan.
> >
> >
> > Tony Dean wrote:
> > >
> > > As an example suppose you want Rampart to expect and
> always process
> > > a UsernameToken.  You would set
> > > UsernameToken.  However,
> by default
> > > .net clients always send a Timestamp.  So even though the .net
> > > client sends a UsernameToken, a mismatch occurs because
> it sends a
> > > Timestamp as well.  Is there a way to configure Rampart to just
> > > ignore a Timestamp since it is not expected?  I think
> this is what
> > > Stefan is saying also.  Maybe this is against ws-security
> guidelines.  I don't know.  Thanks.
> > >
> > >> -Original Message-
> > >> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> > >> Sent: Tuesday, July 10, 2007 5:37 AM
> > >> To: axis-user@ws.apache.org
> > >> Subject: Re: [Rampart] Ignore Timestamp and Addressing
> from client
> > >>
> > >> The actions mismatch error occurs when you configure rampart to
> > >> expect security actions different to what the incoming message
> > >> contains. When you configure Rampart to process all security
> > >> operations performed on the message you will able to get rid of
> > >> this error.
> > >>
> > >> Thanks,
> > >> Ruchith
> > >>
> > >> On 7/2/07, stlecho <[EMAIL PROTECTED]> wrote:
> > >> >
> > >> > All,
> > >> >
> > >> > Is there a solution or workaround for this issue ?
> > >> >
> > >> > Regards, Stefan Lecho.
> > >> >
> > >> >
> > >> > stlecho wrote:
> > >> > >
> > >> > > Hi,
> > >> > >
> > >> > > I have configured the InflowSecurity parameter (extracted
> > >> > > included
> > >> > > underneath) on the server side with the "Signature" item.
> > >> > >
> > >> > > One of our clients is using a C# client. The SOAP
> request that
> > >> > > is received from this client contains Timestamp and
> > >> Addressing related
> > >> > > elements. This results in an "WSDoAllReceiver: security
> > >> processing
> > >> > > failed (actions mismatch)" AxisFault.
> > >> > >
> > >> > > Is there a way to "ignore" the Timestamp and
> Addressing related
> > >> > > elements on the server ?
> > >> > >
> > >> > > Extract axis2.xml:
> > >> > > 
> > >> > >   
> > >> > > Signature
> > >> > >
> interopin.properties
> > >> > >
> > >> DirectReference
> > >> > >
> > >> > >
> > >> {Element}{http://schemas.xmlsoap.org/soap/e

Re: [Rampart] Ignore Timestamp and Addressing from client

2007-07-10 Thread Ruchith Fernando


Hmm ... this is not possible with Rampart-1.0 style configuration!
(Using configuration parameters). IMHO we must validate all elements
in the wsse:Security header of the incoming message and I don't think
it is correct to let random unknown elements in. We express exactly
what we expect in the security header in the security policy of the
service and the client MUST send exactly as expected by the service.
Otherwise it is the client's problem.

Thanks,
Ruchith

On 7/10/07, stlecho <[EMAIL PROTECTED]> wrote:


I completely agree with you Tony. If the client sends on top of the required
UsernameToken some additional and unwanted information (timestamp,
addressing, ...), Rampart should still be happy that it finds the
UsernameToken information.

Regards, Stefan.


Tony Dean wrote:
>
> As an example suppose you want Rampart to expect and always process a
> UsernameToken.  You would set
> UsernameToken.  However, by default .net
> clients always send a Timestamp.  So even though the .net client sends a
> UsernameToken, a mismatch occurs because it sends a Timestamp as well.  Is
> there a way to configure Rampart to just ignore a Timestamp since it is
> not expected?  I think this is what Stefan is saying also.  Maybe this is
> against ws-security guidelines.  I don't know.  Thanks.
>
>> -Original Message-
>> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, July 10, 2007 5:37 AM
>> To: axis-user@ws.apache.org
>> Subject: Re: [Rampart] Ignore Timestamp and Addressing from client
>>
>> The actions mismatch error occurs when you configure rampart
>> to expect security actions different to what the incoming
>> message contains. When you configure Rampart to process all
>> security operations performed on the message you will able to
>> get rid of this error.
>>
>> Thanks,
>> Ruchith
>>
>> On 7/2/07, stlecho <[EMAIL PROTECTED]> wrote:
>> >
>> > All,
>> >
>> > Is there a solution or workaround for this issue ?
>> >
>> > Regards, Stefan Lecho.
>> >
>> >
>> > stlecho wrote:
>> > >
>> > > Hi,
>> > >
>> > > I have configured the InflowSecurity parameter (extracted included
>> > > underneath) on the server side with the "Signature" item.
>> > >
>> > > One of our clients is using a C# client. The SOAP request that is
>> > > received from this client contains Timestamp and
>> Addressing related
>> > > elements. This results in an "WSDoAllReceiver: security
>> processing
>> > > failed (actions mismatch)" AxisFault.
>> > >
>> > > Is there a way to "ignore" the Timestamp and Addressing related
>> > > elements on the server ?
>> > >
>> > > Extract axis2.xml:
>> > > 
>> > >   
>> > > Signature
>> > > interopin.properties
>> > >
>> DirectReference
>> > >
>> > >
>> {Element}{http://schemas.xmlsoap.org/soap/enve
>> lope/}Body
>> > >   
>> > > 
>> > >
>> > >
>> > > Regards, Stefan Lecho.
>> > >
>> >
>> > --
>> > View this message in context:
>> >
>> http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-c
>> > lient-tf3882252.html#a11392800 Sent from the Axis - User
>> mailing list
>> > archive at Nabble.com.
>> >
>> >
>> >
>> -
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAIL PROTECTED]
>> >
>> >
>>
>>
>> --
>> www.ruchith.org
>> www.wso2.org
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>

--
View this message in context: 
http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-client-tf3882252.html#a11521124
Sent from the Axis - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Rampart] Ignore Timestamp and Addressing from client

2007-07-10 Thread Ruchith Fernando


There's no way to ignore the Timestamp if it is sent. In that case you
should update Rampart configuration to expect the timestamp or fix the
to behave correctly according to the policy expressed by the service.

Thanks,
Ruchith

On 7/10/07, Tony Dean <[EMAIL PROTECTED]> wrote:

As an example suppose you want Rampart to expect and always process a UsernameToken.  You would set 
UsernameToken.  However, by default .net 
clients always send a Timestamp.  So even though the .net client sends a UsernameToken, a mismatch 
occurs because it sends a Timestamp as well.  Is there a way to configure Rampart to just ignore a 
Timestamp since it is not expected?  I think this is what Stefan is saying also.  Maybe this is against 
ws-security guidelines.  I don't know.  Thanks.

> -Original Message-----
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 10, 2007 5:37 AM
> To: axis-user@ws.apache.org
> Subject: Re: [Rampart] Ignore Timestamp and Addressing from client
>
> The actions mismatch error occurs when you configure rampart
> to expect security actions different to what the incoming
> message contains. When you configure Rampart to process all
> security operations performed on the message you will able to
> get rid of this error.
>
> Thanks,
> Ruchith
>
> On 7/2/07, stlecho <[EMAIL PROTECTED]> wrote:
> >
> > All,
> >
> > Is there a solution or workaround for this issue ?
> >
> > Regards, Stefan Lecho.
> >
> >
> > stlecho wrote:
> > >
> > > Hi,
> > >
> > > I have configured the InflowSecurity parameter (extracted included
> > > underneath) on the server side with the "Signature" item.
> > >
> > > One of our clients is using a C# client. The SOAP request that is
> > > received from this client contains Timestamp and
> Addressing related
> > > elements. This results in an "WSDoAllReceiver: security
> processing
> > > failed (actions mismatch)" AxisFault.
> > >
> > > Is there a way to "ignore" the Timestamp and Addressing related
> > > elements on the server ?
> > >
> > > Extract axis2.xml:
> > > 
> > >   
> > > Signature
> > > interopin.properties
> > >
> DirectReference
> > >
> > >
> {Element}{http://schemas.xmlsoap.org/soap/enve
> lope/}Body
> > >   
> > > 
> > >
> > >
> > > Regards, Stefan Lecho.
> > >
> >
> > --
> > View this message in context:
> >
> http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-c
> > lient-tf3882252.html#a11392800 Sent from the Axis - User
> mailing list
> > archive at Nabble.com.
> >
> >
> >
> -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Rampart] Ignore Timestamp and Addressing from client

2007-07-10 Thread Ruchith Fernando


The actions mismatch error occurs when you configure rampart to expect
security actions different to what the incoming message contains. When
you configure Rampart to process all security operations performed on
the message you will able to get rid of this error.

Thanks,
Ruchith

On 7/2/07, stlecho <[EMAIL PROTECTED]> wrote:


All,

Is there a solution or workaround for this issue ?

Regards, Stefan Lecho.


stlecho wrote:
>
> Hi,
>
> I have configured the InflowSecurity parameter (extracted included
> underneath) on the server side with the "Signature" item.
>
> One of our clients is using a C# client. The SOAP request that is received
> from this client contains Timestamp and Addressing related elements. This
> results in an "WSDoAllReceiver: security processing failed (actions
> mismatch)" AxisFault.
>
> Is there a way to "ignore" the Timestamp and Addressing related elements
> on the server ?
>
> Extract axis2.xml:
> 
>   
> Signature
> interopin.properties
> DirectReference
>
> 
{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body
>   
> 
>
>
> Regards, Stefan Lecho.
>

--
View this message in context: 
http://www.nabble.com/-Rampart--Ignore-Timestamp-and-Addressing-from-client-tf3882252.html#a11392800
Sent from the Axis - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Is wss4j still an active project? (was: Rampart configuration question)

2007-07-10 Thread Ruchith Fernando

Hi,

On 7/9/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:

Hi,

I didn't see any replies to the question below, so I started digging through 
the rampart/wss4j code. I found a workaround that will allow me to hard-code 
the private key into my client and server, and not have to have absolute paths 
to key files. This involves making a small change to one of the wss4j classes.

I got the wss4j source code and tried to build it. Unfortunately it was build 
with axis version 1, and I'm using axis2. It's trying to import org.apache.axis 
packages whereas the new version's package names begin with org.apache.axis2. 
Moreover, some classes from the old version have moved since the new one. For 
example, wss4j tries to import org.apache.axix.Message, but there is no such 
class org.apache.axis2.Message, so I can't just change the package names.

WSS4J project contains Axis 1.x handlers and we have the Axis jars in
the lib dir [1]. You can include these in the classpath to fix
compilation issues.

WS-Sec* support for Axis2 is available in Apache Rampart[2] and
Rampart depends on WSS4J.

And yes WSS4J is still active!

Thanks,
Ruchith

[1] https://svn.apache.org/repos/asf/webservices/wss4j/trunk/lib
[2] https://svn.apache.org/repos/asf/webservices/rampart/trunk/java

Anyway, is wss4j still in active development? It doesn't look like it. Has 
anyone moved the source to be compatible with axis2?

cheers,
md

> -Original Message-
> From: Davis, Michael
> Sent: Friday, July 06, 2007 2:28 PM
> To: 'axis-user@ws.apache.org'
> Subject: Rampart configuration question
>
>
> Hi,
>
> I'm trying to use Rampart to encrypt my message body using a
> symetric secret key.
>
> Sample 9, included with the Rampart distibution, does just
> this. The actual key is hard-coded in a callback function
> both on the client and the server. My understanding is that
> the key is the only piece of data needed to encode the message.
>
> I was wondering why this part of the client config file:
>
> 
> Encrypt
> client
>
> EmbeddedKeyName
>
> org.apache.rampart.samples.sample09.
> PWCBHandler
> client.properties
> SessionKey
> 
>
> contains the encryptionPropFile property. The said property
> file contains this:
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=apache
> org.apache.ws.security.crypto.merlin.file=client.jks
>
> Now, I can see why we need to configure the provider class.
> But why does Rampart need the keystore? I'm not using
> public/private keys or certificates, just one secret key.
>
> The code works, but I'd like to simplify it as much as
> possible. The properties and keystore files shouldn't be
> necessary, unless I'm misunderstanding something.
>
> Many thanks
> Michael Davis
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart configuration question

2007-07-10 Thread Ruchith Fernando


I agree we should not require the
"client.properties" entry.

Can you please try removing it?

Thanks,
Ruchith

On 7/6/07, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:

Hi,

I'm trying to use Rampart to encrypt my message body using a symetric secret 
key.

Sample 9, included with the Rampart distibution, does just this. The actual key 
is hard-coded in a callback function both on the client and the server. My 
understanding is that the key is the only piece of data needed to encode the 
message.

I was wondering why this part of the client config file:


Encrypt
client
EmbeddedKeyName

org.apache.rampart.samples.sample09.PWCBHandler
client.properties
SessionKey


contains the encryptionPropFile property. The said property file contains this:

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=apache
org.apache.ws.security.crypto.merlin.file=client.jks

Now, I can see why we need to configure the provider class. But why does 
Rampart need the keystore? I'm not using public/private keys or certificates, 
just one secret key.

The code works, but I'd like to simplify it as much as possible. The properties 
and keystore files shouldn't be necessary, unless I'm misunderstanding 
something.

Many thanks
Michael Davis

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: rampart causes problems with hierarchies

2007-07-05 Thread Ruchith Fernando

You can engage rampart per operation by adding the "" in the operation element of the services.xml. If the
operation dispatching happens before the message reaches the security
in handler then it should work.

Thanks,
Ruchith

On 7/6/07, Jorge Fernandez <[EMAIL PROTECTED]> wrote:

While this issue is not fixed, Is there a way I can engage the rampart
module per operation, so I can desactivate it for those operations having
problems??? I tried in the services.xml but it's not possible.

Thanks,

Jorge Fernández

Jorge Fernandez <[EMAIL PROTECTED]> escribió:
 https://issues.apache.org/jira/browse/RAMPART-53 created

Davanum Srinivas <[EMAIL PROTECTED]> escribió:
 Jorge,

Please log a new bug with your test case.

thanks,
dims

On 7/4/07, Jorge Fernandez wrote:
> Hi,
>
> Some months ago, I had some problems with the use of hierarchies with adb
> and xmlbeans. Apparently they were resolved with adb but know, I'm getting
> the same error.
>
> For example: I have an array of an object called "parent" and I put into
> that array instances of "child1" or "child2" (those inherit from parent).
In
> the xml generated from that array should appear the xsi:type attribute but
> when I engage rampart module, that attribute dissapears. So maybe that was
> the cause of the problems I had before. See
> https://issues.apache.org/jira/browse/XMLBEANS-329 and
> https://issues.apache.org/jira/browse/AXIS2-2578.
>
>
>
>
> 
>
> ¡Descubre una nueva forma de obtener respuestas a tus preguntas!
> Entra en Yahoo! Respuestas.
>
>
>

--
Davanum Srinivas :: http://davanum.wordpress.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

¡Descubre una nueva forma de obtener respuestas a tus preguntas!
Entra en Yahoo! Respuestas.

Sé un Mejor Amante del Cine
¿Quieres saber cómo? ¡Deja que otras personas te ayuden! .

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Please VOTE for your favorite bug to be fixed.

2007-07-02 Thread Ruchith Fernando

Yes   we will be releasing Rampart along with Axis2 as soon as 1.3 goes out!

Thanks,
Ruchith

On 7/2/07, stlecho <[EMAIL PROTECTED]> wrote:

Is this cleaning up phase also applicable for the Rampart module or only for
the Axis2 framework ?
In other words, can I vote for JIRA issues related to Rampart ?

Regards, Stefan Lecho.

dims wrote:
>
> Dear Axis2 Users,
>
> We are working hard on cleaning up the issues in JIRA.
>

--
View this message in context: 
http://www.nabble.com/-Axis2--Please-VOTE-for-your-favorite-bug-to-be-fixed.-tf3996952.html#a11391423
Sent from the Axis - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: WS-Security - UsernameToken doesnt work, is this a Rampart BUG?

2007-06-17 Thread Ruchith Fernando


Hi,

Can you please post the rampart configuration of the service? (policy
and services.xml)

Thanks,
Ruchith

On 6/16/07, Eduardo Muller <[EMAIL PROTECTED]> wrote:


 With this configuration (see
http://www-usr.inf.ufsm.br/~muller/rampart.jpg ),

where the tag  is replaced with ,

the web service will be call without pass through the class
ServerPWCBHandler.

 That means, authentication doesnt work. Is this a rampart BUG?

I know how to fix this in the
org.apache.rampart.handler.WSDoAllReceiver class.
But i want to know if this is necessary (means there is a BUG) or i forgot
some configuration??

Atenciosamente Eduardo!!





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem deploying Rahas

2007-06-17 Thread Ruchith Fernando


Hi,

Seems like you are missing the wss4j jar in the classpath.
Please include all jars in the lib dir of the rampart-distro in the
classpath in addition to the jars in the axis2 bin distro.

Thanks,
Ruchith

On 6/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

Hi all,

I would like to use Rampart and Rahas in order to create a WS-Trust STS,
that exchanges SAML2.0 tokens (using OpenSAML? I don't know, suggestions
are welcome!).

I use JBoss 4.0.5GA. I've unpacked the Axis2 .war file, I put the .mar in the
WEB-INF/modules/ and I edited modules.list.

I got this error, from JBoss:

16:00:50,087 INFO  [TomcatDeployer] deploy, ctxPath=/axis2,
warUrl=.../tmp/deploy/tmp46200axis2-exp.war/
16:00:53,594 INFO  [ModuleDeployer] Deploying module: addressing-1.2
16:00:54,511 INFO  [ModuleDeployer] Deploying module: rahas-1.1
16:00:58,808 ERROR [STDERR] java.lang.ClassNotFoundException: No
ClassLoaders found for: org.apache.ws.security.transform.STRTransform
16:00:58,813 ERROR [STDERR] at
org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:306)
16:00:58,814 ERROR [STDERR] at
org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:511)
16:00:58,814 ERROR [STDERR] at
org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:405)
16:00:58,815 ERROR [STDERR] at
java.lang.ClassLoader.loadClass(ClassLoader.java:251)
16:00:58,816 ERROR [STDERR] at
java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
16:00:58,817 ERROR [STDERR] at java.lang.Class.forName0(Native Method)
16:00:58,817 ERROR [STDERR] at java.lang.Class.forName(Class.java:164)
16:00:58,818 ERROR [STDERR] at
org.apache.xml.security.transforms.Transform.register(Unknown Source)
16:00:58,818 ERROR [STDERR] at
org.apache.ws.security.WSSConfig.(WSSConfig.java:83)
16:00:58,819 ERROR [STDERR] at
org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:95)
16:00:58,820 ERROR [STDERR] at
org.apache.ws.security.WSSConfig.(WSSConfig.java:47)
16:00:58,821 ERROR [STDERR] at
org.apache.ws.security.WSSecurityEngine.(WSSecurityEngine.java:51)
16:00:58,822 ERROR [STDERR] at
org.apache.ws.security.handler.WSHandler.(WSHandler.java:62)
16:00:58,823 ERROR [STDERR] at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)



Have you any ideas?

Thank you for your work,

Massimiliano Masi





This message was sent using IMP, the Internet Messaging Program.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: WS-Security - UsernameToken doesnt work, is this a Rampart BUG?

2007-06-17 Thread Ruchith Fernando

My guess is there's some missing config. Remember just engaging
rampart is not sufficient! One MUST provide the policy/configuration
for Rampart to enforce.

Thanks,
Ruchith

On 6/16/07, Glen Mazza <[EMAIL PROTECTED]> wrote:

That would appear, indeed, to be an alarmingly big security hole.  We
are most probably misunderstanding something though.  But as for
forgetting some configuration, one would guess what you have done should
fail by default anyway (i.e., no special configuration should be
necessary to *enable* security if the tags are missing, only perhaps to
*disable*).

Glen

Am Freitag, den 15.06.2007, 17:45 -0300 schrieb Eduardo Muller:
>  With this configuration (see
> http://www-usr.inf.ufsm.br/~muller/rampart.jpg ),
>
> where the tag  is replaced with
> ,
>
> the web service will be call without pass through the class
> ServerPWCBHandler.
>
>  That means, authentication doesnt work. Is this a rampart BUG?
>
> I know how to fix this in
> the org.apache.rampart.handler.WSDoAllReceiver class.
> But i want to know if this is necessary (means there is a BUG) or i
> forgot some configuration??
>
> Atenciosamente Eduardo!!
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Rampart 1.2 Configuration

2007-06-17 Thread Ruchith Fernando


Hi Anthony,

Rampart-1.2 uses the same WS-Policy and WS-SecurityPolicy based config
that we introduced in RAmpart-1.1

Please look at the samples/policy dir in the rampart-bin distro.

Thanks,
Ruchith

On 6/18/07, Anthony Bull <[EMAIL PROTECTED]> wrote:

Hi, can anyone point me to some examples of the newer style Rampart
configuration? The example links on the Rampart homepage are broken, and
the Rampart 1.2 samples/examples in the distro are all for the former
Rampart 1.0 configuration setup (which I already have working).

cheers,
Anthony.

--
Anthony
-
Anthony Bull
Senior Developer
Black Coffee Software Ltd
PO Box 10-192 The Terrace
Wellington, New Zealand

[EMAIL PROTECTED]
Ph  +64 4 472 8818
Fax +64 4 472 8811
Mobile 021 303 692
-
www.bcsoft.co.nz
---
This email may contain confidential or privileged information,
and is intended for use only by the addressee, or addressees.
If you are not the intended recipient please advise the sender
immediately and do not copy, use or disclose the contents to
any other person or organisation.
Black Coffee Software Ltd accepts no responsibility for viruses
received with this email, or to any changes made to the original
content. Any views or opinions expressed in this email may be
personal to the sender and are not necessarily those of Black
Coffee Software Ltd.
---



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2][Rampart]setOperationContext does not get a chance to run

2007-06-11 Thread Ruchith Fernando


IMHO it involves a bit of changes to WSS4J core. I'll try to get this
fixed in the next release :-)

Thanks,
Ruchith

On 6/12/07, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:



Ruchith Fernando wrote:
> The rampart inflow handlers are invoked way before the message
> receiver. And the MessageContext.getCurrentContext() will only work
> after the message receiver is invoked. Therefore calling
> MessageContext.getCurrentContext() will not yield anything.
>
> Also at the moment we cannot access the message context from the
> password callback handler.
Is that possible for you to make MC available to password callback handler ?

Thanks
Deepal


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2][Rampart]setOperationContext does not get a chance to run

2007-06-11 Thread Ruchith Fernando


The rampart inflow handlers are invoked way before the message
receiver. And the MessageContext.getCurrentContext() will only work
after the message receiver is invoked. Therefore calling
MessageContext.getCurrentContext() will not yield anything.

Also at the moment we cannot access the message context from the
password callback handler.

Thanks,
Ruchith

On 6/12/07, Chad DeBauch <[EMAIL PROTECTED]> wrote:

Deepal...that is what I don't understand.  The MessageContext is not passed
to the PasswordCallback.  Here is an example PasswordCallback:

import java.io.IOException;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import
javax.security.auth.callback.UnsupportedCallbackException;
 import org.apache.ws.security.WSPasswordCallback;

 public class PWCallback implements CallbackHandler {
 public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
 for (int i = 0; i < callbacks.length; i++) {
 if (callbacks[i] instanceof WSPasswordCallback) {
 WSPasswordCallback pc =
(WSPasswordCallback)callbacks[i];
 // set the password given a username
 if ("wss4j".equals(pc.getIdentifer())) {
 pc.setPassword("security");
 }
 } else {
 throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
 }
 }
 }
 }

In Axis1 I could call MessageContext.getCurrentContext();
and get the MessageContext within the PasswordCallback class.  But in Axis2
if I call MessageContext.getCurrentMessageContext(); it
returns null.  Any ideas?

Thanks
Chad


On 6/11/07, Deepal Jayasinghe <[EMAIL PROTECTED]> wrote:
> Hi Chad ,
> What I told was , Message context is available to security handler , and
> security handler is the one who call PasswordCallback , so that handler
> should pass the MC to the PasswordCallback.
>
> Thanks
> Deepal
> > Thanks Deepal for your response.  If I understand you correctly it is
> > possible to get the MessageContext from within the PasswordCallback.
> > Can you give an example?
> >
> > Thanks
> > Chad
> >
> > On 6/11/07, *Deepal Jayasinghe* <[EMAIL PROTECTED]
> > > wrote:
> >
> > Hi Chad ,
> > > With Axis1 this was possible by calling
> > > MessageContext.getCurrentContext();  This doesn't
appear to be
> > > possible in Axis2, is that right?
> > It does , but only for the service impl class, not for others.
> > Since all
> > the handlers have access to message context directly.
> >
> > Thanks
> > Deepal
> >
> >
> >
-
> > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> > 
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > 
> >
> >
>
> --
> Thanks,
> Deepal
>

> "The highest tower is built one brick at a time"
>
>
>
>
-
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: No Password sent out by client

2007-06-09 Thread Ruchith Fernando


Hi Hailong,

Please capture the req/response (using something like tcpmon[1]) and send!

Thanks,
Ruchith

[1] http://ws.apache.org/commons/tcpmon/

On 6/8/07, Wang, Hailong (NIH/CIT) [C] <[EMAIL PROTECTED]> wrote:

Hi Dims,

It's very urgent and I need your help. When I try to use UsernameToken,
Sign and Encrypt in policy file. Sign and Encrypt work fine and username
was sent out by client. But the password was not sent out by the client.
Is this a bug of Rampart?


Below is my policy file. Thanks in advance.



http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>






http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient">











http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/Never">


























http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient" />


http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>





http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>


http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>



http://ws.apache.org/rampart/policy";>
client

service


gov.nih.ndar.webservices.security.PWCBHandler




JKS
client.jks
apache




JKS
client.jks
apache









Hailong

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache Rampart 1.2 Released

2007-06-02 Thread Ruchith Fernando


You can download the release artifacts from :
http://www.apache.org/dyn/closer.cgi/ws/rampart/1_2

:-)

Thanks,
Ruchith

On 6/2/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:

This is the 1.2 release of Apache Rampart.

Apache Rampart 1.2 is a toolkit that provides implementations of the
WS-Sec* specifications for Apache Axis2 1.2, based on Apache WSS4J 1.5.2
and the Apache AXIOM-DOOM 1.2.4 implementations.

There are two main Apache Axis2 modules provided with this release.

* rampart-1.2.mar
  This provides support for WS-Security and WS-SecureConversation
features.
* rahas-1.2.mar
  This module provides the necessary components to enable
SecurityTokenService functionality on a service.

Apache Rampart 1.2 uses a configuration model based on WS-Policy and
WS-Security Policy and it is important to note that Apache Rampart 1.0
style configuration is also available even though being marked as
deprecated.

Apache Rampart 1.2 can be successfully used with the next Apache
Sandesha2 release targeted towards Apache Axis2 1.2 to configure
WS-SecureConversation + WS-ReliableMessaging scenarios.

The rampart module was successfully tested for interoperability with
other WS-Security implementations.

WS - Sec* specifications supported by Apache Rampart are as follows:

* WS - Security 1.0
* WS - Secure Conversation - February 2005
* WS - Security Policy - 1.1 - July 2005
* WS - Trust - February 2005
* WS - Trust - WS-SX spec - EXPERIMENTAL

Thank you for using Apache Rampart.

Apache Rampart team







--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Apache Rampart 1.2 Released

2007-06-02 Thread Ruchith Fernando

This is the 1.2 release of Apache Rampart.

Apache Rampart 1.2 is a toolkit that provides implementations of the
WS-Sec* specifications for Apache Axis2 1.2, based on Apache WSS4J 1.5.2
and the Apache AXIOM-DOOM 1.2.4 implementations.

There are two main Apache Axis2 modules provided with this release.

* rampart-1.2.mar
  This provides support for WS-Security and WS-SecureConversation
features.
* rahas-1.2.mar
  This module provides the necessary components to enable
SecurityTokenService functionality on a service.

Apache Rampart 1.2 uses a configuration model based on WS-Policy and
WS-Security Policy and it is important to note that Apache Rampart 1.0
style configuration is also available even though being marked as
deprecated.

Apache Rampart 1.2 can be successfully used with the next Apache
Sandesha2 release targeted towards Apache Axis2 1.2 to configure
WS-SecureConversation + WS-ReliableMessaging scenarios.

The rampart module was successfully tested for interoperability with
other WS-Security implementations.

WS - Sec* specifications supported by Apache Rampart are as follows:

* WS - Security 1.0
* WS - Secure Conversation - February 2005
* WS - Security Policy - 1.1 - July 2005
* WS - Trust - February 2005
* WS - Trust - WS-SX spec - EXPERIMENTAL

Thank you for using Apache Rampart.

Apache Rampart team




signature.asc
Description: OpenPGP digital signature

Apache WSS4J 1.5.2 Released

2007-05-31 Thread Ruchith Fernando

Apache WSS4J Team is happy to announce the WSS4J-1.5.2 release.

You can download the releases from:
http://www.apache.org/dyn/closer.cgi/ws/wss4j/1_5_2

Apart from the binary and source distributions, We have an additional
ZIP file that contains other required JAR files to install and run WSS4J.

This release of wss4j uses Apache XML Security 1.4.0.

Please refer to the *readme.* files in the distribution for
further information regarding implemented features, additional
information, links to the Wiki pages, etc.

Enjoy !

The WSS4J team


signature.asc
Description: OpenPGP digital signature

Re: Axis2: Retrieving particular tags from SOAP message headers

2007-05-31 Thread Ruchith Fernando


Hi Inder,

Axis2 uses AXIOM[1] as the object model and you can use the AXIOM API
[2] to navigate the XML nodes of a SOAP envelope. Also AXIOM has XPath
support [3].

Thanks,
Ruchith

[1] http://ws.apache.org/commons/axiom/
[2] http://ws.apache.org/commons/axiom/OMTutorial.html
[3] http://wso2.org/library/265

On 5/31/07, Inder Dhillon <[EMAIL PROTECTED]> wrote:





Hello



I wanted to find some specific XML tags in the headers of the SOAP message
and retrieve the corresponding content. Can someone please suggest me how to
do it.



Thanks

Inder



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis1.2 with Rampart-SNAPSHOT

2007-05-30 Thread Ruchith Fernando


Hi Snehil,

Please try the proposed Rampart-1.2 artifacts available here :

http://people.apache.org/~ruchithf/rampart/1_2/

Thanks,
Ruchith

On 5/30/07, snehil Brajpuriya <[EMAIL PROTECTED]> wrote:

Hi,
Referring to issue -
http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200705.mbox/[EMAIL 
PROTECTED]

Should I still be getting same error if I take and build latest Rampart
source.
I did same and still getting error while trying to run that client of
Sample02 that comes with Ramprt (sending username token).
Error is -
client.run:
 [java] May 30, 2007 6:01:22 PM
org.apache.axis2.deployment.DeploymentEngine
 prepareRepository
 [java] INFO: No services directory was found under
C:\axis2\samples\sample0
 2\axis-repo.
 [java] May 30, 2007 6:01:34 PM
org.apache.axis2.deployment.ModuleDeployer d
eploy
 [java] INFO: Deploying module: rampart-1.99
 [java] java.lang.NoSuchMethodError:
org.apache.axis2.context.MessageContext.isEngaged
(Ljavax/xml/namespace/QName;)Z
 [java] at
org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava
---
Its very critical for me to be able to complete use Rampart with axis2 1.2 .
Any help here is immensly appreciated.

Thanks
Snehil





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: MessageContext.getCurrentMessageContext() returns null.

2007-05-29 Thread Ruchith Fernando


Hi,

MessageContext.getCurrentMessageContext() will return the message
context only after the message reaches the message receiver. The
callback handler is called way before this and at this point this will
be null.

Thanks,
Ruchith

On 5/29/07, Wang, Hailong (NIH/CIT) [C] <[EMAIL PROTECTED]> wrote:





Hi,



I happened a problem. After I used Rampart in the axis2, from the
CallbackHandler in the server side I can not get MessageContext Instance
throught MessageContext.getCurrentMessageContext(). Is
there anyone has any clue on this problem? Thanks in advance.



Hailong Wang

National Database for Autism Research(NDAR)

NIH/CIT/DECA (MOM CONTRACTOR)

9000 Rockville Pike, Bld 12A/Room 2027

Bethesda, MD 20892

Phone:  301-402-3045

Fax:   301-480-0028

Email:   [EMAIL PROTECTED]

URL:   http://ndar.nih.gov





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2]: Rampart and Axis2

2007-05-19 Thread Ruchith Fernando


Hi,

Rampart depends on WSS4J and we are working to get WSS4J 1.5.2 out as
ASAP. Also I'm working on the Rampart release build to package the
rampart release. Will make the Rampart SNAPSHOTs available (hopefully
today) and we can have 1.2 right after WSS4J release.

Thanks,
Ruchith

On 5/18/07, Darshan Karandikar <[EMAIL PROTECTED]> wrote:





Hi,



Does anyone have any idea about when is the Axis2 compatible version of
Apache Rampart is going to be released? I am eagerly waiting for it as I am
not able to move on with my Axis2 PoC due to rampart incompatibility.



Regards,

Darshan.
http://www.patni.com
 World-Wide Partnerships. World-Class Solutions.
_

 This e-mail message may contain proprietary, confidential or legally
privileged information for the sole use of the person or entity to whom this
message was originally addressed. Any review, e-transmission dissemination
or other use of or taking of any action in reliance upon this information by
persons or entities other than the intended recipient is prohibited. If you
have received this e-mail in error kindly delete this e-mail from your
records. If it appears that this mail has been forwarded to you without
proper authority, please notify us immediately at [EMAIL PROTECTED] and
delete this mail.
_



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis2 + rampart + other web service platform

2007-05-17 Thread Ruchith Fernando


Hi Mikhail,

Rampart only supports WS-SecurityPolicy 1.1 (July 2005) specification.
The policy you are using seems to be from an older version.

Thanks,
Ruchith

On 5/17/07, Paul Fremantle <[EMAIL PROTECTED]> wrote:

Mikhail

I've seen this error before and in my experience its because the
rampart policy isn't quite right.
When I get a chance I'll take a look.

Ruchith - any ideas?

Paul

On 5/17/07, Mikhail Maroukhine <[EMAIL PROTECTED]> wrote:
> Paul
>
> Yes I'm trying to create proper rampart policy file for the .net service
> client but I always get the next error :
>
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.rampart.util.RampartUtil.addWsuIdToElement(RampartUtil.java:463)
> at
> 
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:277)
> at
> 
org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:85)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:129)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:59)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:518)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:651)
> at
> 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:365)
> at
> 
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:295)
> at org.tempuri.JobStub.ListJobAreas(JobStub.java:185)
> at org.tempuri.Client.main(Client.java:42)
>
> For example I just copy policy file from policy sample01 and run client
> with it (without .net policy).
> I expected that server rejects such message but rampart fails before
> that with error above.
> I even tried empty policy file:
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
>   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>
>  
>
> But result is same.
>
>
> Mikhail
>
>
> Paul Fremantle wrote:
> > Mikhail
> >
> > My rampart.xml example was just that. A *cut-down* example!
> >
> > I think you need more in there. Have you looked at the samples that
> > come with Rampart?
> >
> > Paul
> >
>
> --
> WBR,
> Mikhail
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
Paul Fremantle
VP/Technology, WSO2 and OASIS WS-RX TC Co-chair

http://bloglines.com/blog/paulfremantle
[EMAIL PROTECTED]

"Oxygenating the Web Service Platform", www.wso2.com




--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [axis2]WS Security Policy includeToken option problem

2007-05-12 Thread Ruchith Fernando


"IncludeToken/Once" is not handled properly in Rampart. Please file a bug [1]

Thanks,
Ruchith

[1] https://issues.apache.org/jira/browse/RAMPART

On 5/2/07, Nencho Lupanov <[EMAIL PROTECTED]> wrote:

Hi All ,

I am trying the rampart sample that comes with the distro.
I am going with sample01, only that i wanted it to be slightly different:
I change the sp:IncludeToken attribute, so instead of:


http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>



http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/
AlwaysToRecipient" />







I have:

http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>



http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once"; />





I am saying that in both requests i can found the following soap with
tcpmon:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-1673653">my_usernamehttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
">my_password

Does this means that the username and password will be sent only the first
time?I tryed this but I still get the whole Usernametoken trasffered every
time?Is this supposed to work like this or is there a bug in the rampart
handling of the security policy?

Thanks,

Nencho




--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: REST and Rampart

2007-05-12 Thread Ruchith Fernando


It should throw a fault! provided that axis2 dispatched up to the
point where policy is applied.

Thanks,
Ruchith

On 5/1/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:



Hi
 The same service can be accessed by SOAP as well as REST interface. In
case i have enabled rampart secuirty  on my service and try to invoke that
service throug a GET / POST mechanism would the Soap Engine throw an error
saying that it could not find the appropriate headers or it will let the
request go through.

Vibhor



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis] Rampart examples - Username token password verification

2007-05-08 Thread Ruchith Fernando


Hi,

On 5/8/07, Stefan Magnus Landrø <[EMAIL PROTECTED]> wrote:

Thanks for your reply. I believe I got a bit confused by a
callbackhandler that performs two totally different tasks.

I believe it would be a good idea to restructure some of the examples
in rampart to clarify this. In my opinion it would also be smart to
use maven2 for building the examples instead of ant. Using maven would
make it easier to understand the difference between client and server.
Would you be interested in a contribution of examples ported to
maven2?


Sure ! please create a JIRA [1] issue and send in the patches!

Thanks,
Ruchith

[1] https://issues.apache.org/jira/browse/RAMPART


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis] Rampart examples - Username token password verification

2007-05-04 Thread Ruchith Fernando


On 5/3/07, Stefan Magnus Landrø <[EMAIL PROTECTED]> wrote:

Hi,

I've been looking at the rampart examples recently, but there are a
couple things that I don't understand:

How do the sample services in the rampart distribution verify the password?
Why do the services.xml include a reference to a password callback handler?


The password callback handler carries out the authentication.

Please see : 
https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java

To understand this a bit more you can also read:
http://www.wso2.org/library/240

Thanks,
Ruchith

p.s. Please subscribe to [EMAIL PROTECTED] (send a mail to
[EMAIL PROTECTED]) and post rampart related
questions there.



Cheers,

Stefan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Security using rampart

2007-05-04 Thread Ruchith Fernando


Hi Vibhor,

On 4/28/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:



Hi Ruchith
 We are deploying the web services solution created by Axis2 1.1.1 and
security using rampart1.1.

The deployment comprises of the Apache Web server which receives the HTTP
requests and then routes the requests to the Jboss Application server, where
axis2 web application along with the services are deployed.

I want to have encryption and digital signature in place using rampart. I
have tested the application with the sample certifcates in the development
environment and it works fine. The questions are pertaining to the
production deployment.

a) Do i need to have the certifcates key store(signed server certificate, CA
self signed certifcate) maintained at the
Apache web server?  I guess this would be required in case i want to
have transport layer security enabled right.


Yes, you will only need to have the keystore in the Apache web server
only if you use transport layer security : HTTPS



b) Since rampart  would reside at the Jboss server i would need the keystore
at Jboss server also right? this will be required for handling
the encrypted and digitaly signed SOAP messages. This keystore would
have the private keys of the server, CA self signed certificate, and the
signed certificate of the server by the CA.


For rampart's configuration it doesn't matter where you store the
keystore! You simply have to provide the path (relative or absolute)
to the keystore in rampart configuration.



c) I hope the Apache web server does not create issues with the encrypted
soap request coming in when the transport layer security is also
enabled. It must let it pass through to Jboss as is.


Yes



d) If  rampart is enabled for the web services and the axis2 engine is
enabled/configured for REST based services too, would Axis2 engine
expect encrypted and digitally signed messages when the consumer sends a
POST request?


Yes! Therefore when you enable rampart on a service that service will
not be accessible via REST/POST.

HTH and apologies about the late response!

Thanks,
Ruchith



It is a long mail but will help us in the deployment of the web services in
the production environment.

Thanks
Vibhor



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[Axis2] [ANN] Training courses on Apache Axis2 and Apache Rampart

2007-04-27 Thread Ruchith Fernando


Hi All,

I will be in Maryland, US in the second week of May. Is anybody
interested in attending tutorials on Apache Axis2 and Apache Rampart?
Both are 1/2 day programs.

This would be on Thursday the 10th of May.

Please drop me a note at [EMAIL PROTECTED] and let me know.

Thanks,
Ruchith

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: AXIS2 and LoginModule

2007-04-22 Thread Ruchith Fernando


Apologies for the delay in my response !

According to the scenario explained in the original post ... a web
service calls secured methods on the EJB. When the subject is
authenticated  into the web service by Rampart using the callback
handler provided by the user ... a java.security.Principal instance
will be available in the rampart processing results [1].

IMHO at this point if we want to call the secured method on the EJB,
the web service developer will have to set the Principal instance in a
context that the J2EE container uses to extract the authenticated
Principal.

Thanks,
Ruchith

[1] http://www.wso2.org/library/169

On 4/18/07, Tony Dean <[EMAIL PROTECTED]> wrote:

right, you can configure basic auth security constraints in web.xml... but, as 
for web services clients send credentials in security header, not http header.  
as such, container needs to be aware of this... native web service engines like 
websphere, weblogic have integrated this type of security into their container 
by letting you configure security constraints on individual web services... 
eg., webservice A must supply UsernameToken.  the container will then parse the 
UsernameToken and perform the necessary authentication as configured with these 
credentials...

my question to Ruchith would be how can Axis2/rampart integrate in this way 
with the container since its only a another servlet to the native container...

thanks.

> -Original Message-
> From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, April 18, 2007 10:12 AM
> To: Tony Dean
> Cc: axis-user@ws.apache.org
> Subject: Re: AXIS2 and LoginModule
>
> Tony,
>
> you can configure the security constraints in web.xml since
> Axis2 is just another servlet. What's missing is we don't do
> any authorization checks from inside Axis2.
>
> Above info is w/o rampart. I'll let Ruchith chime in regarding that.
>
> thanks,
> -- dims
>
> On 4/18/07, Tony Dean <[EMAIL PROTECTED]> wrote:
> > hi dims,
> >
> > so today, if you wanted to configure a JAAS security domain
> for your Jboss axis2 servlet as follows:
> >
> > jboss-web.xml
> > -
> > 
> >java:/jaas/some_JAAS_context
> > 
> >
> > how can I put security constraints on the axis2 servlet
> such that the security header for all incoming web service
> requests is parsed, and the realized credentials are then
> used to perform JAAS authentication as configured by the container.
> >
> > for webApps this is done by configuring secuirty
> constraints in web.xml (eg., basic auth).  then the container
> requires basic authentication for the configured URLS and the
> realized credentials are used to perform JAAS authentication
> as configured by the container.  if authentication is
> successful, the impl class can acquire the authenticated
> Subject for further authorization checks.
> >
> > I do not know how Axis2 would integrate this behavior into
> the container.  You would have to configure rampart to
> require UsernameToken.  Once rampart obtained credentials, it
> would somehow have to pass them unto the container for JAAS
> authentication.  How this would be done is unknown to me.
> >
> > --Tony
> >
> >
> >
> > > -Original Message-
> > > From: Davanum Srinivas [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, April 18, 2007 9:21 AM
> > > To: axis-user@ws.apache.org
> > > Subject: Re: AXIS2 and LoginModule
> > >
> > > we do have an issue in jira -
> > > https://issues.apache.org/jira/browse/AXIS2-164
> > >
> > > -- dims
> > >
> > > On 4/18/07, Tony Dean <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > > I wasn't aware that Axis2 could hook into JAAS...  when you
> > > develop a
> > > > J2EE web service, the container takes care of parsing
> the security
> > > > header for credentials and using those credentials to
> authenticate
> > > > against a defined login context (ie., loginModules defined for
> > > > that login context).  If authentication is successful,
> a Subject
> > > > is available for this current call thread.  This Subject is
> > > used for determining webApp and EJB authorization.
> > > > Axis2 does not provide such integration to my knowledge.
> > > It would be
> > > > great if it did.  Anyone, please correct me if I am wrong.
> > > >
> > > > --Tony
> > > >
> > > >
> > > >  
> > > >  From: Joseph L Shimkus [mailto:[EMAIL PROTECTED]
> > > > Sent: Wednesday, April 18, 2007 8:16 AM
> > > > To: axis-user@ws.apache.org
> > > > Subject: AXIS2 and LoginModule
> > > >
> > > >
> > > >
> > > > I have implemented the Rampart module in my AXIS2
> > > webservice with my
> > > > own CallbackHandler.  However, once authenticated my
> > > webservice calls
> > > > secured methods on an EJB session bean which fail.  It appears
> > > > that the LoginModule which normal stores the authenticated
> > > > principals in context is not doing so, or not doing so in a way
> > > > which the
> > > EJBs can
> > > > understand.  Since the Rampart configuration only exposed t

Re: I have fixed the some bugs in axis2 and attaching updates

2007-03-29 Thread Ruchith Fernando


Hi Donald,

Please attach the patches to the JIRA issues and make sure you grant
license to ASF for inclusion in ASF works.

Thanks,
Ruchith

On 3/29/07, donald yang <[EMAIL PROTECTED]> wrote:

Hi, I have fixed some bugs in axis2, but I don't know how to update the
source code repositry. Could you check it and put the update into AXIS2-1.2
final release?

1. Hot update web services that load native library.

When you develop web services as a wrapper of native library(e.g., .dll or
.so library), you can NOT hot update the web service as JVM will tell you
that the dll has been loaded.

The simple solution is to force JVM run garbage collector. So I updated
DeploymentEngine.java and what I have changed is to add System.gc() twice at
end of the method unDeploy()(Line number 681 and 682).

2. Bug AXIS2-2253

Currently AXIS2 can not map java data types(BigDecimal, BigInteger, Day,
Duration, Month, MonthDay, Time, Year, YearMonth) to corresponding XML data
type and deserialize them. I have fixed the bug and test it. It is fine.

To solve mapping from these data types to XML data type, I updated
TypeTable.java and added these mapping into the method populateSimpleTypes()
(from Line number 82 - 103)

To solve the deserialized problem, I updated SimpleTypeMapper.java.
1) First I defined String variables for these data types (Line number 56 -
68)
2) I added some codes to return these type objects into the method
getSimpleTypeObject (from Line number 117 - 146)
3) I added some codes to indicate these type objects are simpleTypeObject
into the method isSimpleType. (from Line number 246 -261)


Could you please update the source tree?

best regards
donald

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2][Rampart] How to extract User Information?

2007-03-29 Thread Ruchith Fernando


At each operation invocation we can figure out the user that invoked
that operation [1]

Use MessageContext.getCurrentMessageContext() to obtain the message
context at the service.

Thanks,
Ruchith

[1] http://wso2.org/library/169

On 3/29/07, Jochen Zink <[EMAIL PROTECTED]> wrote:

Hi at all,

I have a state full webservice and use rampart authentication with 
usernametoken. It works, but is there any possibility to extract the user 
information?

With the PaswordCallback class I can authenticate the user. But in the 
ServiceMethod I want to know, which user has called the method. Is this 
possible?

I tried to put the user manually in the MessageContext inside the 
PasswordCallbackClass. But the MessageContext is not available inside this 
class.

Is there another possibility as parsing the soap envelope by hand?

Thanks for your help!

___
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis2 Client Stub not Generating WS-Security Headers

2007-03-28 Thread Ruchith Fernando


Hi Ted,

On 3/28/07, Ted Jones <[EMAIL PROTECTED]> wrote:

Thank you for the reply Ruchith. I am following these instructions with
the exception of the service invocation since I am using my generated
client stub. Does the client repository location need to be included in
order to generate the proper stub logic for inserting the WS-Security
headers?


When you codegen the stub will *not* contain any logic related to rampart.


Also, the code sample links are broken on the link you gave me.


The link is now fixed.

Thanks,
Ruchith



Thanks,
Ted

-Original Message-
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 27, 2007 11:04 PM
To: axis-user@ws.apache.org
Subject: Re: Axis2 Client Stub not Generating WS-Security Headers

Hi Ted,

Please see this :
http://www.wso2.org/library/240

Thanks,
Ruchith

On 3/28/07, Ted Jones <[EMAIL PROTECTED]> wrote:
>
>
> I have an Axis2 1.1.1 ADB generated client stub that is instantiated
> using a client axis2.xml config and pointing to a client repository
> that has the rampart and addressing mar files. The config file and
> repository location are loaded via URL. In debug, I can see the
> rampart and addressing modules are engaged. In my client code, I have
> added the following properties to the serviceclient's options
instance:
>
>  options.setProperty(WSConstants.WSSE_NS ,
> WSConstants.USERNAME_TOKEN_LN);
> options.setProperty(WSConstants.USERNAME_LN,getConnectionProperties().
> getUserid());
> options.setProperty(WSConstants.PASSWORD_LN,getConnectionProperties().
> getPassword());  options.setProperty(WSConstants.PASSWORD_TYPE_ATTR,
> WSConstants.PASSWORD_TEXT);
>
> The WS-Security headers are never inserted into the soap request and I

> receive the ever-popular "org.apache.axis2.AxisFault: WSDoAllReceiver:
> Incoming message does not contain required Security header".
>
> This web service and the ws-security logic works using soapUI (a great
> *free* tool by the way).
>
> Is there some other property I need to set in the options or something

> else I need to be doing?
>
> Thanks
> Ted
>
>


--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis2 Client Stub not Generating WS-Security Headers

2007-03-27 Thread Ruchith Fernando


Hi Ted,

Please see this :
http://www.wso2.org/library/240

Thanks,
Ruchith

On 3/28/07, Ted Jones <[EMAIL PROTECTED]> wrote:



I have an Axis2 1.1.1 ADB generated client stub that is instantiated using a
client axis2.xml config and pointing to a client repository that has the
rampart and addressing mar files. The config file and repository location
are loaded via URL. In debug, I can see the rampart and addressing modules
are engaged. In my client code, I have added the following properties to the
serviceclient's options instance:

 options.setProperty(WSConstants.WSSE_NS , WSConstants.USERNAME_TOKEN_LN);
options.setProperty(WSConstants.USERNAME_LN,getConnectionProperties().getUserid());
options.setProperty(WSConstants.PASSWORD_LN,getConnectionProperties().getPassword());
 options.setProperty(WSConstants.PASSWORD_TYPE_ATTR,
WSConstants.PASSWORD_TEXT);

The WS-Security headers are never inserted into the soap request and I
receive the ever-popular "org.apache.axis2.AxisFault: WSDoAllReceiver:
Incoming message does not contain required Security header".

This web service and the ws-security logic works using soapUI (a great
*free* tool by the way).

Is there some other property I need to set in the options or something else
I need to be doing?

Thanks
Ted





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Axis2 1.2 RC1 Released

2007-03-26 Thread Ruchith Fernando


Hi Dennis,

We certainly will have to do a Rampart-1.2 release for the Axis2-1.2
release and an RC to go with the axis2-1.2-RC would be great! Right
now we have some pending issues and improvements to be resolved [1].
Also I need some help with the rampart release build as I'm not a
maven2 expert :-(

[1] https://issues.apache.org/jira/browse/RAMPART

On 3/27/07, Dennis Sosnoski <[EMAIL PROTECTED]> wrote:

Hi Ruchith,

It'd be best to have a Rampart RC to go along with the Axis2 RC, since
it's crucial to many users that this works properly. What are the plans
for a new Rampart release?

Thanks,

  - Dennis

Ruchith Fernando wrote:
> Hi,
>
> There were changes to the Module/Handler interfaces in Axis2.
> Therefore Rampart-1.1 will not work with Axis2-1.2-*.
>
> The latest rampart trunk is available here :
>
> https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
>
> Thanks,
> Ruchith
>
> On 3/27/07, Jorge Fernandez <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> I get the following Exception when executing my client with the new
>> release.
>> i'm using Rampart 1.1 module but it's only engaged, not used, actually:
>>
>> Exception in thread "main" java.lang.NoSuchMethodError:
>> 
org.apache.axis2.context.MessageContext.isEngaged(Ljavax/xml/namespace/QName;)Z
>>
>> at
>> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:53)
>> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
>> at
>> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
>> at
>> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:433)
>> at
>> 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:330)
>>
>> at
>> 
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294)
>>
>> at
>> client.Medici_LinkStub.validateSystem(Medici_LinkStub.java:2234)
>> at
>> client.ClientUtilities.validateSystemTest(ClientUtilities.java:62)
>> at client.Client.main(Client.java:33)
>>
>>
>> And this one when I use axis2 1.1.1 in my client and the new release
>> at the
>> service:
>>
>>
>> org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
>> incorrecta'; nested exception is:
>> org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
>> incorrecta'; nested exception is:
>> org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
>> incorrecta'; nested exception is:
>> org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
>> incorrecta'
>> at
>> 
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:227)
>>
>> at
>> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:674)
>> at
>> 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237)
>>
>> at
>> 
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
>>
>> at
>> client.Medici_LinkStub.validateSystem(Medici_LinkStub.java:2234)
>> at
>> client.ClientUtilities.validateSystemTest(ClientUtilities.java:62)
>> at client.Client.main(Client.java:33)
>> Caused by: org.apache.axis2.AxisFault: HTTP Transport error : '400' -
>> 'Petici?n incorrecta'; nested exception is:
>> org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
>> incorrecta'
>> at
>> 
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:344)
>>
>> at
>> 
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:204)
>>
>> ... 6 more
>> Caused by: org.apache.axis2.AxisFault: HTTP Transport error : '400' -
>> 'Petici?n incorrecta'
>> at
>> 
org.apache.axis2.transport.http.SOAPOverHTTPSender.send(SOAPOverHTTPSender.java:144)
>>
>> at
>> 
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:335)
>>
>> ... 7 more
>>
>>
>>
>>
>> If I use axis2 1.1.1 in both service and client it works perfectly. I
>> don't
>> know if with the new release I need to do any aditional configuration.
>>
>>
>> Regards,
>>
>> Jorge Fernández
>>

Re: [Axis2] Axis2 1.2 RC1 Released

2007-03-26 Thread Ruchith Fernando

Hi,

There were changes to the Module/Handler interfaces in Axis2.
Therefore Rampart-1.1 will not work with Axis2-1.2-*.

The latest rampart trunk is available here :

https://svn.apache.org/repos/asf/webservices/rampart/trunk/java

Thanks,
Ruchith

On 3/27/07, Jorge Fernandez <[EMAIL PROTECTED]> wrote:

Hi,

I get the following Exception when executing my client with the new release.
i'm using Rampart 1.1 module but it's only engaged, not used, actually:

Exception in thread "main" java.lang.NoSuchMethodError:
org.apache.axis2.context.MessageContext.isEngaged(Ljavax/xml/namespace/QName;)Z
at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:53)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at
org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:433)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:330)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:294)
at
client.Medici_LinkStub.validateSystem(Medici_LinkStub.java:2234)
at
client.ClientUtilities.validateSystemTest(ClientUtilities.java:62)
at client.Client.main(Client.java:33)

And this one when I use axis2 1.1.1 in my client and the new release at the
service:

org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
incorrecta'; nested exception is:
org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
incorrecta'; nested exception is:
org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
incorrecta'; nested exception is:
org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
incorrecta'
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:227)
at
org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:674)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:237)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
at
client.Medici_LinkStub.validateSystem(Medici_LinkStub.java:2234)
at
client.ClientUtilities.validateSystemTest(ClientUtilities.java:62)
at client.Client.main(Client.java:33)
Caused by: org.apache.axis2.AxisFault: HTTP Transport error : '400' -
'Petici?n incorrecta'; nested exception is:
org.apache.axis2.AxisFault: HTTP Transport error : '400' - 'Petici?n
incorrecta'
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:344)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:204)
... 6 more
Caused by: org.apache.axis2.AxisFault: HTTP Transport error : '400' -
'Petici?n incorrecta'
at
org.apache.axis2.transport.http.SOAPOverHTTPSender.send(SOAPOverHTTPSender.java:144)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:335)
... 7 more

If I use axis2 1.1.1 in both service and client it works perfectly. I don't
know if with the new release I need to do any aditional configuration.

Regards,

Jorge Fernández

Charitha Kankanamge <[EMAIL PROTECTED]> escribió:

I also observed the same and added a JIRA
https://issues.apache.org/jira/browse/AXIS2-2393

regards
Charitha

>Hi,
>
>I've just deployed the war file on tomcat 6.0.10 (NIO connector), but
>when I hit
http://localhost:8080/axis2/axis2-admin/listService I get a
>HTTP error 500. The server logs reports
>
>
>26-Mar-2007 13:29:40
org.apache.axis2.transport.http.AbstractAgent
>handle
>WARNING: Error dispatching request /axis2/axis2-admin/listService
>java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at
>org.apache.axis2.transport.http.AbstractAgent.handle(AbstractAgent.java:77)
> at
>org.apache.axis2.transport.http.AdminAgent.handle(AdminAgent.java:113)
> at
>org.apache.axis2.transport.http.AxisAdminServlet.doGet(AxisAdminServlet.java:44)
> at
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> at
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at
>org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
>org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
> at
>org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at
>org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at
>org.apache.catalina.valves.ErrorReportValve.invoke

Re: org.apache.rampart.RampartException: Error in extracting message properties

2007-03-25 Thread Ruchith Fernando


Hi,

Can you please send the message that caused this error?

Thanks,
Ruchith

On 3/24/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:





Any reason why this is coming?





[java] org.apache.rampart.RampartException: Error in
extracting message properties

[java] at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)

[java] at
org.apache.axis2.engine.Phase.invoke(Phase.java:382)

[java] at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)

[java] at
org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655)

[java] at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.jav

)

[java] at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.

202)

[java] at
com.gryphonnetworks.ws.certify.stub.CertifyChannelStub.certifyContact(Unknown
Sou



[java] at
com.gryphonnetworks.ws.certify.client.CertifyClient.main(Unknown
Source)

[java] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

[java] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

[java] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java



[java] at java.lang.reflect.Method.invoke(Method.java:585)

[java] at
org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202)

[java] at
org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134)

[java] at
org.apache.tools.ant.taskdefs.Java.run(Java.java:710)

[java] at
org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178)

[java] at
org.apache.tools.ant.taskdefs.Java.execute(Java.java:84)

[java] at
org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)

[java] at
org.apache.tools.ant.Task.perform(Task.java:364)

[java] at
org.apache.tools.ant.Target.execute(Target.java:341)

[java] at
org.apache.tools.ant.Target.performTasks(Target.java:369)

[java] at
org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)

[java] at
org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(SingleCheckExecuto

a:37)

[java] at
org.apache.tools.ant.Project.executeTargets(Project.java:1068)

[java] at
org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:382)

[java] at
org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:107)

[java] at
org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)

[java] at
org.apache.tools.ant.Task.perform(Task.java:364)

[java] at
org.apache.tools.ant.Target.execute(Target.java:341)

[java] at
org.apache.tools.ant.Target.performTasks(Target.java:369)

[java] at
org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)

[java] at
org.apache.tools.ant.Project.executeTarget(Project.java:1185)

[java] at
org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:4



[java] at
org.apache.tools.ant.Project.executeTargets(Project.java:1068)

[java] at
org.apache.tools.ant.Main.runBuild(Main.java:668)

[java] at
org.apache.tools.ant.Main.startAnt(Main.java:187)

[java] at
org.apache.tools.ant.launch.Launcher.run(Launcher.java:246)

[java] at
org.apache.tools.ant.launch.Launcher.main(Launcher.java:67)

[java] Caused by: org.apache.rampart.RampartException:
Error in extracting message properties

[java] at
org.apache.rampart.RampartMessageData.(RampartMessageData.java:294)

[java] at
org.apache.rampart.MessageBuilder.build(MessageBuilder.java:56)

[java] at
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:59)

[java] ... 37 more

[java] Caused by:
org.apache.ws.security.WSSecurityException: Error in
converting SOAP Envelope

ocument; nested exception is:

[java] org.apache.axiom.om.OMException:
javax.xml.stream.XMLStreamException

[java] at
org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:121)



[java] at
org.apache.rampart.RampartMessageData.(RampartMessageData.java:146)

[java] ... 39 more



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2][Rampart] Different soap data with Ramaprt

2007-03-22 Thread Ruchith Fernando

Hi,

Can you please create a JIRA issue [1] on this and help us recreate
the issue. Please attach your service/client info to the issue.

Thanks,
Ruchith

[1] https://issues.apache.org/jira/browse/RAMPART

On 3/22/07, Jochen Zink <[EMAIL PROTECTED]> wrote:

Hello,

I have a little Webservice, which receives a File with MTOM form a Client. The
Service works fine. Now, I want to secure the soap messages with rampart. I got
an Exception on Server side, while axis parses the soap message.

This is the Exception:
org.apache.axis2.AxisFault: java.lang.RuntimeException: Unexpected subelement
data

Therefore I debugged the parsing sequence. First without rampart, and second
with rampart.

Here is the relevant SOAP-Message Part WITHOUT Rampart
http://comchannel.comserver.edocbox.nepatec.de/xsd";>

Portable Document Format
1
pdf
3.0

Everything looks good, the service receives the file correctly. No exception is
thrown.

Now the relevant SOAP-Message Part WITH Rampart
http://www.w3.org/2001/04/xmlenc#";
xmlns:wsa="http://www.w3.org/2005/08/addressing"; xmlns:ns1="http://comchannel.comserver.edocbox.nepatec.de/xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>

http://comchannel.comserver.edocbox.nepatec.de/xsd";>

Portable Document Format
1
pdf
3.0

http://www.w3.org/2001/XMLSchema";>

As you can see, the messages are different. And the message with rampart is not
correct and the service fails.

Has someone any idea what I do wrong?

Thanks for every reply!

Here are the service.xml from the service:

true

Timestamp Signature Encrypt

de.nepatec.edocbox.comserver.comchannel.serviceimpl.PWCBHandler

service.properties

Timestamp Signature Encrypt
service

de.nepatec.edocbox.comserver.comchannel.serviceimpl.PWCBHandler

service.properties

DirectReference

SKIKeyIdentifier
useReqSigCert

... // MessageReceivers and so on

And the axis2.xml from the clients context:

Timestamp Signature Encrypt
client

de.nepatec.edocbox.comserver.client.PWCBHandler
client.properties
DirectReference
SKIKeyIdentifier
service

//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue

Timestamp Signature Encrypt

de.nepatec.edocbox.comserver.client.PWCBHandler
client.properties

true

... // normal stuff
___
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Axis 1.4 Security using UsernameToken

2007-03-21 Thread Ruchith Fernando


Rampart works with Axis2 not Axis 1.x.

Thanks,
Ruchith

On 3/22/07, John Kristian <[EMAIL PROTECTED]> wrote:

Rampart can do this, but not easily.  Search this mailing list for
'Rampart' to find some problems.
http://ws.apache.org/axis2/modules/rampart/1_0/security-module.html

I sincerely hope someone knows a better way.

- John Kristian

-Original Message-
From: herbison [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 21, 2007 12:46 PM
To: axis-user@ws.apache.org
Subject: Axis 1.4 Security using UsernameToken

I'm tring to access a .NET service, using code generated by wsdl2java,
where
I have to set the UsernameToken fields Username and Password in the soap
header.  How is this done?!!  I've been going around in circles all
morning
and nothing seems to get me any closer in setting the soap fields.  This
is
what the client looks like now:

String id="user";
String key="password";
PWCallback pwCallback = new PWCallback();
pwCallback.setUsername(id);
pwCallback.setPassword(key);

ClaimProcessorLocator loc = new ClaimProcessorLocator();
Remote remote = loc.getPort( Claim.class);
Stub axisPort = (Stub)remote;
axisPort._setProperty(UsernameToken.PASSWORD_TYPE,
WSConstants.PASSWORD_DIGEST);
axisPort._setProperty(WSHandlerConstants.USER, id);
axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF, pwCallback);

IClaim iclaim = (IClaim) loc.getBasicHttpBinding_IClaim();
Claim claim = iclaim.getClaim();

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: x509 certificate usage in rampart

2007-03-21 Thread Ruchith Fernando


Hi Vibhor,

Yes to all questions

:-)

Thanks,
Ruchith

On 3/21/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:



Hi
We would be exposing our web services and utilize the methodology
described in the article

http://wso2.org/library/255


We want to distribute our certifcates having the public key to the clients
who will be consuming our web services.
Just wanted to confirm the approach

a) We distribute our publc key in the certificate to the clients.
b) We maintain our private key certificate in our key store protected by a
password.
c) The client stores our public key certificate in his key store protected
by a passoword.
d) Can we use Bouncy castle as the JCE provider fro the production system.

Thanks
Vibhor



--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent)

2007-03-20 Thread Ruchith Fernando

Hi Vibhor,

On 3/21/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:

Thanks Ruchith for your patience, it is just that i'm new to this stuff and 
need to clarify it.

so  it means that
org.bouncycastle.jce.provider.BouncyCastleProvider
is not the implementation of org.apache.ws.security.crypto.provider?

Nope ... org.bouncycastle.jce.provider.BouncyCastleProvider is the JCE provider.

My concern was since we pass the properties file name (service.properties, 
client.properties) in the service.xml and axis2.xml, these values are read by 
the wss4j to instantiate the provider right.

If  org.bouncycastle.jce.provider.BouncyCastleProvider  is not the correct 
value then what is the provider name we should give in the properties file? 
Merling seems to fit the requirement but it confuses me :-)

So if we are giving Merlin as the provider, it means that Merlin uses 
BouncyCastle internally right?

Rampart needs to access the key information configured by the user to
perform cryptographic operations. The implementation of the Crypto
interface provides access to the users keys/certs. Merlin is one such
implementation that extracts keys from keystore files. (These keystore
files can be created and modified with the "keytool" available with
the JDK).

Bouncycastle is picked up as the JCE implementation when we do things
such as Cipher.getInstance(). This provides implementation of
cryptographic algorithms.

Thanks,
Ruchith

It works for me now.

Thanks
Vibhor

________

From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Tue 3/20/2007 7:43 PM
To: axis-user@ws.apache.org
Subject: Re: Issues with Rampart1.1 and Axis2 1.1.1 (Urgent)

Hi Vibhor,

The value of the "org.apache.ws.security.crypto.provider" property
MUST be an implementation of
org.apache.ws.security.components.crypto.Crypto interface.

Can you please try moving the bouncycastle jar to the parent most
classpath of JBOSS?

Thanks,
Ruchith

On 3/21/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:
> Hi Ruchith
>I tried one more thing
> I changed the name of the provider in the client.properties and
> service.properties file. I changed the name of the provider to
> BouncyCastle
>
> org.apache.ws.security.crypto.provider=org.bouncycastle.jce.provider.Bou
> ncyCastleProvider
>
> I get the following errors
>
> [java] java.lang.NoSuchMethodException:
> org.bouncycastle.jce.provider.BouncyCastleProvider.(java.util.Prop
> erties, j
> [java] at java.lang.Class.getConstructor0(Class.java:1937)
> [java] at java.lang.Class.getConstructor(Class.java:1027)
> [java] at
> org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoF
> actory.java:179)
> [java] at
> org.apache.ws.security.components.crypto.CryptoFactory.getInstance(Crypt
> oFactory.java:153)
> [java] at
> org.apache.ws.security.handler.WSHandler.loadSignatureCrypto(WSHandler.j
> ava:347)
> [java] at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1
> 24)
> [java] at
> org.apache.rampart.handler.WSDoAllSender.processBasic(WSDoAllSender.java
> :254)
> [java] at
> org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.ja
> va:86)
> [java] at
> org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:74)
> [java] at org.apache.axis2.engine.Phase.invoke(Phase.java:382)
> [java] at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
> [java] at
> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:655)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOper
> ation.java:237)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisO
> peration.java:202)
> [java] at
> com.gryphonnetworks.ws.certify.stub.CertifyChannelStub.certifyContact(Un
> known Source)
> [java] at
> com.gryphonnetworks.ws.certify.client.CertifyClient.main(Unknown Source)
> [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> [java] at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
> a:39)
> [java] at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
> Impl.java:25)
> [java] at java.lang.reflect.Method.invoke(Method.java:324)
> [java] at
> org.apache.tools.ant.taskdefs.ExecuteJava.run(ExecuteJava.java:202)
> [java] at
> org.apache.tools.ant.taskdefs.ExecuteJava.execute(ExecuteJava.java:134)
> [java] at org.apache.tools.ant.taskdefs.Java.run(Java.java:710)
> [java] at
> org.apache.tools.ant.taskdefs.Java.executeJava(Java.java:178)
> [java] at org.apache.tools.ant.taskdefs.Java.execute(Java.java:84)
> [java] at
> org.apache.tools.ant.UnknownElement.execut

Re: QUESTION PERTAINING TO JCE PROVIDER FOR RAMPART AND AXIS2

2007-03-20 Thread Ruchith Fernando


Hi,

On 3/21/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:





Hi

Few questions about rampart



a) Is it mandatory to use BouncyCastle as the JCE provider for Rampart to
work? or we can plug in any provider with Rampart?


I have not tried any other JCE implementation that with Rampart/WSS4J
(Core of Rampart is WSS4J) that supports the required algorithms. (The
default Sun impl does not seem to provide some of the implementations
such as http://www.w3.org/2001/04/xmlenc#rsa-1_5). However I believe
Rampart will work with some other JCE impl that provides required
support. I think Werner tried out some stuff with WSS4J. Maybe he can
give you a better answer :-)



Even plugging BouncyCastle is giving errors as WSS4J is not able to
instantiate the Provider. So what is the guarantee that it will plug
seamlessly with other providers?


If you are referring to setting the
rg.apache.ws.security.crypto.provider property in the .properties file
this is incorrect. We have been using bouncycastle without any issues.



b) If we have to use any other provider what are the configurations needed
(apart from jre/lib/security --à jar files, java.security, client.properties
and service.properties file).



You should not change the .properties files. Changes to java.security
and having the JCE impl jar in the classpath should work.




c) If we set the provider definition in the java.security file why do we
require it again in the client.properties and service.properties file?


No. These properties file configure the crypto impl for WSS4J which is
a class that implements the
org.apache.ws.security.components.crypto.Crypto interface.





d) Which version of Java is recommended; with which Rampart will work
seamlessly? Any special configuration for JDK version required?


We have successfully tested Rampart with JDK 1.4 and JDK 1.5.




Please point me to a link which will help me to set up an framework which
can sign and encrypt a soap request and response.


Please have a look at this :

http://wso2.org/library/255

Thanks,
Ruchith




Thanks

Vibhor





--
www.ruchith.org
www.wso2.org

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

1 2 3 4 5 >

1 - 100 of 448 matches

Mail list logo