Re: unsubscribe
I think i'm not the only one that see this user list is kind of dead(where is nandana?)... but please do not send unsuscribe mussages to the list.. thats not the way to unsuscribe... just send a mail to: axis-user-unsubscr...@ws.apache.org ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Thu, Nov 12, 2009 at 7:56 PM, Mary Thompson wrote: > yes, I want to unsubscribe >
Re: Retrieving faultString message
hi Again, I been trying to solve this issue for a while now, it seems that acording to the documentation in axis2 1.4 this shouldn't happen but... it still happening to me. I have found the following: http://issues.apache.org/jira/browse/RAMPART-90 Where it says that the error was fixed and the 1.4 version has the patch to solve it. it also says that: "We have to add the security phase to in the axis2.xml to use Rampart from now on" Something that I already checked: ... * * ... * * it even says: "Errors while processing security header should be reported with correct fault codes as defined in the WSS 1.0 sections " But this part has been a little dificult to check because I don't know if :Client.AuthenticationFault is a correct standar fault code, I get somethin like this: http://schemas.xmlsoap.org/soap/envelope/ "> http://schemas.oblix.com/ws/2003/08/Faults";>* p:Client.AuthenticationFault* La autenticación contra el LDAP Falló Any ideas? I would greatly appreciate your help. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Thu, Oct 22, 2009 at 8:29 AM, m4rkuz wrote: > Somebody? > > the thing is that the application is being installed in many different and > distant places, and every installation comes to different security > configuration errors, not registered ips, bad user/pass credentials, not > registered users etc, and all this errors generate correct coherent fault > string that can help to solve them, but all I get is an SOAP HEADER MISSING > error that don't help me to give support to the users. > > How can I get this for show in my App. > ___ > Marcus Sánchez Díaz. > Enterprise Developer. > SCJP - SCWCD. > > > On Wed, Oct 21, 2009 at 11:01 AM, m4rkuz wrote: > >> >> Hi Everyone, >> >> Got a question for you all, I have an application that uses Axis2 + >> Rampart, to consume some Secure Webservices, but I'm having troubles to >> display all the info in the errors the server returns, to ilustrate this I >> show the SOAP I recive from the server: >> >> >> http://schemas.xmlsoap.org/soap/envelope/";> >> >> >> http://schemas.oblix.com/ws/2003/08/Faults >> ">p:Client.AuthenticationFault >> *La autenticación contra el LDAP Falló* >> >> >> >> >> >> This happens because the user/password does not match, in my client app I >> wish to take this exact message (the one in bold, in the tag) >> but I only can get an "Axis2 SOAP header missing error" that says nothing to >> my final users... >> >> How can I capture this error message? >> >> (excuse my English, if better explanation is required, just ask) >> >> >> >> >> ___ >> Marcus Sánchez Díaz. >> Enterprise Developer. >> SCJP - SCWCD. >> > >
Re: Retrieving faultString message
Somebody? the thing is that the application is being installed in many different and distant places, and every installation comes to different security configuration errors, not registered ips, bad user/pass credentials, not registered users etc, and all this errors generate correct coherent fault string that can help to solve them, but all I get is an SOAP HEADER MISSING error that don't help me to give support to the users. How can I get this for show in my App. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Wed, Oct 21, 2009 at 11:01 AM, m4rkuz wrote: > > Hi Everyone, > > Got a question for you all, I have an application that uses Axis2 + > Rampart, to consume some Secure Webservices, but I'm having troubles to > display all the info in the errors the server returns, to ilustrate this I > show the SOAP I recive from the server: > > > http://schemas.xmlsoap.org/soap/envelope/";> > > > http://schemas.oblix.com/ws/2003/08/Faults > ">p:Client.AuthenticationFault > *La autenticación contra el LDAP Falló* > > > > > > This happens because the user/password does not match, in my client app I > wish to take this exact message (the one in bold, in the tag) > but I only can get an "Axis2 SOAP header missing error" that says nothing to > my final users... > > How can I capture this error message? > > (excuse my English, if better explanation is required, just ask) > > > > > ___ > Marcus Sánchez Díaz. > Enterprise Developer. > SCJP - SCWCD. >
Retrieving faultString message
Hi Everyone, Got a question for you all, I have an application that uses Axis2 + Rampart, to consume some Secure Webservices, but I'm having troubles to display all the info in the errors the server returns, to ilustrate this I show the SOAP I recive from the server: http://schemas.xmlsoap.org/soap/envelope/ "> http://schemas.oblix.com/ws/2003/08/Faults ">p:Client.AuthenticationFault *La autenticación contra el LDAP Falló* This happens because the user/password does not match, in my client app I wish to take this exact message (the one in bold, in the tag) but I only can get an "Axis2 SOAP header missing error" that says nothing to my final users... How can I capture this error message? (excuse my English, if better explanation is required just ask) ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.
Re: +Rampart Sign with two Certificates
Thanks Prabath, I apologize for my English or my description, I see now it was misleading, and thanks for the clarification, I have now a preliminary demo working fine, the thing was I thought I need to specify two users in my policy file, but after importing the public key of my server into my client it start to work fine Thanks Again, Marcus ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Wed, Oct 14, 2009 at 4:53 PM, Prabath Siriwardena wrote: > Hi Marcus; > > The 'subject' of the mail doesn't seem to reflect the same in the > 'description' of the mail - if I understood correctly... > > If you want the client to sign the message with one certificate and the > service to sign with another certificate - then it is already supported > under AsymmetricBinding. > > Or - do you want either the client or the service to sign the message with > two different certificates ? > > Thanks & regards. > -Prabath > > m4rkuz wrote: > >> >> ___ >> Marcus Sánchez Díaz. >> Enterprise Developer. >> SCJP - SCWCD. >> >> >> -- Forwarded message -- >> From: *m4rkuz* mailto:m4r...@gmail.com>> >> Date: Wed, Oct 14, 2009 at 10:50 AM >> Subject: +Rampart Sign with two Certificates >> To: axis-user@ws.apache.org <mailto:axis-user@ws.apache.org> >> >> >> >> Hello Everyone, >> >> I've been using axis2+rampart for a while now, I have an application that >> uses Axis2+Rampart for signing a validate the messages, it does this using >> only one .JKS with a key, the same .JKS, but now I been requested to change >> this behavior and make the app Sign the messages with one certificate and >> then validate the response with another certificate... >> >> How can I accomplish this? >> >> This is my current policy.xml : >> >> >> >> >> > xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> " >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> >> >> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> >> >> >> > sp:IncludeToken=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; >> /> >> >> >> > sp:IncludeToken=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> "> >> >> >> >> >> >> >> >> >> > sp:IncludeToken=" >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> "> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> >> >> http://ws.apache.org/rampart/policy";> >> sam >> dave >> co.como.security.axis2.PWCBHandler >> >> >> >> > >> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS >> >> tomcatdir/webapps/qxIntegradorRunt/WebContent/keystore/keystore.jks >> >> > >> name="org.apache.ws.security.crypto.merlin.keystore.password">mytestkeystore >> >> >> >> >> >> >> >> >> >> Any input, will be appreciated. >> >> Thanks >> >> >> ___ >> Marcus Sánchez Díaz. >> Enterprise Developer. >> SCJP - SCWCD. >> >> >
+Rampart Sign with two Certificates
___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. -- Forwarded message -- From: m4rkuz Date: Wed, Oct 14, 2009 at 10:50 AM Subject: +Rampart Sign with two Certificates To: axis-user@ws.apache.org Hello Everyone, I've been using axis2+rampart for a while now, I have an application that uses Axis2+Rampart for signing a validate the messages, it does this using only one .JKS with a key, the same .JKS, but now I been requested to change this behavior and make the app Sign the messages with one certificate and then validate the response with another certificate... How can I accomplish this? This is my current policy.xml : http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; /> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> http://ws.apache.org/rampart/policy";> sam dave co.como.security.axis2.PWCBHandler JKS tomcatdir/webapps/qxIntegradorRunt/WebContent/keystore/keystore.jks mytestkeystore Any input, will be appreciated. Thanks ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.
Re: Error messages on a secured ws are not secured
Hi Nandana, mmm thanks again, I totally get it if the security is not well setup there is no point in trying to secured the error message, the misunderstanding emerge when I was told the OWSM handled this smoothly and it was required for me to do so in axis2. but after this and a little chat with the oracle web services manager guys everything was cleared. Thanks Nandana, I really appreciate your help ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. SCDJWS on Going... On Thu, Jul 9, 2009 at 1:25 AM, Nandana Mihindukulasooriya < nandana@gmail.com> wrote: > Hi Marcus, > Rampart expect only service faults to be secured. Security faults > are not expected to be secured. You can find more details in this JIRA [1]. > Can you also post the response message ? > > regards, > Nandana > > [1] - https://issues.apache.org/jira/browse/RAMPART-90 > > > On Thu, Jul 9, 2009 at 2:22 AM, m4rkuz wrote: > >> >> Hi Everyone, >> >> Here again, now I think I have a question instead of a problem, you see >> I'm consuming a ws from an oracle web services manager, this ws is secured >> (signed and authenticated) but when I get an error from OWSM this messages >> comes with out security headers with a description of the fault, but my >> axis client is always expecting a secured response so it crash... is this a >> normal behavior ? is there a work around? any ideas? >> >> looking forward for your input, >> >> >> Marcus Sánchez Díaz. >> Enterprise Developer. >> SCJP - SCWCD. >> SCDJWS on Going... >> >> PD: hope I made myself understood, if not.. just ask me anything you want >> :) >> > > > >
Error messages on a secured ws are not secured
Hi Everyone, Here again, now I think I have a question instead of a problem, you see I'm consuming a ws from an oracle web services manager, this ws is secured (signed and authenticated) but when I get an error from OWSM this messages comes with out security headers with a description of the fault, but my axis client is always expecting a secured response so it crash... is this a normal behavior ? is there a work around? any ideas? looking forward for your input, Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. SCDJWS on Going... PD: hope I made myself understood, if not.. just ask me anything you want :)
Re: Setting Username/password Programaticly
Hi Nandana,
Don't mind my last message, reading carefully I've found everything I need
in the example you provide..
Thanks again.
___
Marcus Sánchez Díaz.
Enterprise Developer.
SCJP - SCWCD.
On Tue, Jul 7, 2009 at 1:10 PM, m4rkuz wrote:
> Hi Nandana,
> I can't help to ask if there is a way to dynamically set the user and
> password w/o having a password call back handler... is there any?
>
>
> Thanks for your your valuable input.
>
> ___
> Marcus Sánchez Díaz.
> Enterprise Developer.
> SCJP - SCWCD.
>
>
> On Tue, Jul 7, 2009 at 11:56 AM, Nandana Mihindukulasooriya <
> nandana@gmail.com> wrote:
>
>> Hi Marcus,
>> You are using the deprecated configuration of Apache Rampart.
>> Apache Rampart recommends policy based configuration. The latter option only
>> works with policy based configuration. If you have the option of moving in
>> to policy based configuration, following tutorials might help you.
>>
>> Web Services Security with Apache Rampart - Part 1 (Transport Level
>> Security) <http://wso2.org/library/3190>
>> Understanding WS - Security Policy Language<http://wso2.org/library/3132>
>>
>> thanks,
>> Nandana
>>
>>
>> On Mon, Jul 6, 2009 at 7:29 PM, m4rkuz wrote:
>>
>>>
>>> Hi Everyone,
>>>
>>> I'm trying to set username/password dynamically on my ws app I've googled
>>> a lot and find some workarounds but the only one that has worked for me
>>> contains deprecated code, and used a password call back handler that really
>>> mess with what i want to do, this is the code:
>>>
>>> * **OutflowConfiguration outflowConfig = new OutflowConfiguration();*
>>> *
>>> *
>>> * **outflowConfig.setActionItems("UsernameToken");*
>>> *
>>> *
>>> * **outflowConfig.setUser("username");*
>>> *
>>> *
>>> * **outflowConfig*
>>> * **.setPasswordCallbackClass("com.xxx.xxx.security.PWCBHandler");*
>>> *
>>> *
>>> * **outflowConfig.setPasswordType("PasswordText");*
>>> *
>>> *
>>> * **
>>> _serviceClient.getOptions().setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
>>> ** **outflowConfig.getProperty());*
>>>
>>>
>>> This works like a charm but I have to search for the username/password in
>>> base of some parameters I won't have available in the PWDCBHandler class, so
>>> what I'm looking for is a way to set the password directly w/o using a
>>> password call back handler.
>>>
>>> About this I've found some code that claims to do so:
>>>
>>> * **_serviceClient.getOptions().setUserName("15374159");*
>>> * ** *
>>> * ** _serviceClient.getOptions().setPassword("admin123");*
>>>
>>> but it''s not working for me...
>>>
>>> Any Ideas?
>>>
>>> I would really appreciate your input,
>>>
>>>
>>> Thanks in advance,
>>>
>>>
>>> ___
>>> Marcus Sánchez Díaz.
>>> Enterprise Developer.
>>> SCJP - SCWCD.
>>> SCDJWS on going...
>>>
>>
>>
>>
>> --
>> Nandana Mihindukulasooriya
>> WSO2 inc.
>>
>> http://nandana83.blogspot.com/
>> http://www.wso2.org
>>
>
>
Re: Setting Username/password Programaticly
Hi Nandana,
I can't help to ask if there is a way to dynamically set the user and
password w/o having a password call back handler... is there any?
Thanks for your your valuable input.
___
Marcus Sánchez Díaz.
Enterprise Developer.
SCJP - SCWCD.
On Tue, Jul 7, 2009 at 11:56 AM, Nandana Mihindukulasooriya <
nandana@gmail.com> wrote:
> Hi Marcus,
> You are using the deprecated configuration of Apache Rampart.
> Apache Rampart recommends policy based configuration. The latter option only
> works with policy based configuration. If you have the option of moving in
> to policy based configuration, following tutorials might help you.
>
> Web Services Security with Apache Rampart - Part 1 (Transport Level
> Security) <http://wso2.org/library/3190>
> Understanding WS - Security Policy Language <http://wso2.org/library/3132>
>
> thanks,
> Nandana
>
>
> On Mon, Jul 6, 2009 at 7:29 PM, m4rkuz wrote:
>
>>
>> Hi Everyone,
>>
>> I'm trying to set username/password dynamically on my ws app I've googled
>> a lot and find some workarounds but the only one that has worked for me
>> contains deprecated code, and used a password call back handler that really
>> mess with what i want to do, this is the code:
>>
>> * **OutflowConfiguration outflowConfig = new OutflowConfiguration();*
>> *
>> *
>> * **outflowConfig.setActionItems("UsernameToken");*
>> *
>> *
>> * **outflowConfig.setUser("username");*
>> *
>> *
>> * **outflowConfig*
>> * **.setPasswordCallbackClass("com.xxx.xxx.security.PWCBHandler");*
>> *
>> *
>> * **outflowConfig.setPasswordType("PasswordText");*
>> *
>> *
>> * **
>> _serviceClient.getOptions().setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
>> ** **outflowConfig.getProperty());*
>>
>>
>> This works like a charm but I have to search for the username/password in
>> base of some parameters I won't have available in the PWDCBHandler class, so
>> what I'm looking for is a way to set the password directly w/o using a
>> password call back handler.
>>
>> About this I've found some code that claims to do so:
>>
>> * **_serviceClient.getOptions().setUserName("15374159");*
>> * ** *
>> * ** _serviceClient.getOptions().setPassword("admin123");*
>>
>> but it''s not working for me...
>>
>> Any Ideas?
>>
>> I would really appreciate your input,
>>
>>
>> Thanks in advance,
>>
>>
>> ___
>> Marcus Sánchez Díaz.
>> Enterprise Developer.
>> SCJP - SCWCD.
>> SCDJWS on going...
>>
>
>
>
> --
> Nandana Mihindukulasooriya
> WSO2 inc.
>
> http://nandana83.blogspot.com/
> http://www.wso2.org
>
Setting Username/password Programaticly
Hi Everyone,
I'm trying to set username/password dynamically on my ws app I've googled a
lot and find some workarounds but the only one that has worked for me
contains deprecated code, and used a password call back handler that really
mess with what i want to do, this is the code:
* **OutflowConfiguration outflowConfig = new OutflowConfiguration();*
*
*
* **outflowConfig.setActionItems("UsernameToken");*
*
*
* **outflowConfig.setUser("username");*
*
*
* **outflowConfig*
* **.setPasswordCallbackClass("com.xxx.xxx.security.PWCBHandler");*
*
*
* **outflowConfig.setPasswordType("PasswordText");*
*
*
* **
_serviceClient.getOptions().setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
** **outflowConfig.getProperty());*
This works like a charm but I have to search for the username/password in
base of some parameters I won't have available in the PWDCBHandler class, so
what I'm looking for is a way to set the password directly w/o using a
password call back handler.
About this I've found some code that claims to do so:
* **_serviceClient.getOptions().setUserName("15374159");*
* ** *
* ** _serviceClient.getOptions().setPassword("admin123");*
but it''s not working for me...
Any Ideas?
I would really appreciate your input,
Thanks in advance,
___
Marcus Sánchez Díaz.
Enterprise Developer.
SCJP - SCWCD.
SCDJWS on going...
Certificated expired problem...
Hi Everyone, I'm using an axis2 client to consume a webservice, but this webservice aparently does not care if the certificated has expired, and just behaves normally and even send me a response, but my client is refusing the soap messages because it says the certificated has expired, I cannot modify the certificate or the way the web service ignores the expiration date, so my question is.. How can I tell my Axis2 client to ommit the expiration date validation ovr the certificate?? hope I made myself undrestood, if not please ask further. Best regards. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.
Re: Problemin implementing WS Security
I personally think that more information is needed in order for me and others to help you, maybe a larger stack trace, policy files and the web service code. ___ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD. On Sat, Apr 4, 2009 at 3:06 AM, Supriya wrote: > > > -- Forwarded message -- > From: Supriya > Date: Sat, Apr 4, 2009 at 1:35 PM > Subject: Problemin implementing WS Security > To: axis-user@ws.apache.org > > > Hey, > We have been tryin to implement WS Security using Rampart 1.4 and Axis2 > 1.4. > We have been following the article given on the following links: > > [1] - http://wso2.org/library/3190 > [2]- https://wso2.org/library/3415 > > We are gettin the following error. > .. > Creating Stub to send request > > log4j:WARN No appenders could be found for logger > (org.apache.axis2.deployment.FileSystemConfigurator). > > log4j:WARN Please initialize the log4j system properly. > > Enable to engage rampart completely > > org.apache.axis2.AxisFault: SOAP header missing > > at > org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault( > *RampartReceiver.java:172*) > > at org.apache.rampart.handler.RampartReceiver.invoke( > *RampartReceiver.java:99*) > > at org.apache.axis2.engine.Phase.invoke( > *Phase.java:317*) > > at org.apache.axis2.engine.AxisEngine.invoke( > *AxisEngine.java:264*) > > at org.apache.axis2.engine.AxisEngine.receive( > *AxisEngine.java:163*) > > at org.apache.axis2.description.OutInAxisOperationClient.handleResponse( > *OutInAxisOperation.java:363*) > > at org.apache.axis2.description.OutInAxisOperationClient.send( > *OutInAxisOperation.java:416*) > > at org.apache.axis2.description.OutInAxisOperationClient.executeImpl( > *OutInAxisOperation.java:228*) > > at org.apache.axis2.client.OperationClient.execute( > *OperationClient.java:163*) > > at com.sample.webservice.client.HelloWebServiceStub.sayHello( > *HelloWebServiceStub.java:192*) > > at com.sample.webservice.client.TestWebService.main( > *TestWebService.java:55*) > > Caused by: > *org.apache.rampart.RampartException*: SOAP header missing > > at org.apache.rampart.RampartEngine.process( > *RampartEngine.java:99*) > > at org.apache.rampart.handler.RampartReceiver.invoke( > *RampartReceiver.java:92*) ... 9 more > > . > Also, please find attached , the WSDL,services.xml, SOAP request and SOAP > response as observed on TCPMON. > > Kindly help us out. > > Thanks in advance, > -- > Supriya.Shivkumar > > > > > -- > Supriya.Shivkumar >
Re: Enabling rampart in servlet
Hi Håkon,
You can build the policy reading an XML, like this...
try {
StAXOMBuilder builder = new
StAXOMBuilder(rampartPolicyFileLocation);
Policy rampartConfig = PolicyEngine.getPolicy(builder
.getDocumentElement());
sc.getAxisService().getPolicySubject().attachPolicy(rampartConfig);
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (XMLStreamException e) {
e.printStackTrace();
}
or put the resource in a jar and use the method getResourceAsStream (or
so... )
and then:
StAXOMBuilder builder = new StAXOMBuilder(new
ByteArrayInputStream(configFileRawBytes));
Regards,
Marcus V. Sánchez D.
__
Enterprise Developer.
Sun Certified Java Programmer (SCJP)
On Thu, Mar 5, 2009 at 11:49 AM, Håkon Sagehaug
wrote:
> Hi all
>
> I have a web application that contains some servlets, where I need to
> engage rampart, but I can only engage rampart if i specify the hole path for
> the repository in ConfigurationContext
>
> ConfigurationContextFactory
>
> .createConfigurationContextFromFileSystem("/home/user/folder/path/to/repository",
> null);
>
> I've tried placing the repository everywhere when building the war file
> under WEB-INF etc, but I always get the error
>
> Couldn't find repository location 'repository'
>
> if I don't specify the hole path, does anyone know where this should be
> placed inside my web app so I don't need to specify the hole path for web
> app to pick up the repository.
>
> I use maven to build my web application and tried to add rampart module as
> a dependency, but it did not change anything
>
> any hints on ow to solve it??
>
> cheers, Håkon
>
> --
> Håkon Sagehaug, Scientific Programmer
> Parallab, Bergen Center for Computational Science (BCCS)
> UNIFOB AS (University of Bergen Research Company)
>
Re: Question about exposing a database as a web service...
let's see when you modify your code to accept the param id
like this:
public OrderData orderDetails(int id)
You must do another client for the WS generated, query string is not the way
to pass parameter to a web service.
Regards,
Marcus V. Sánchez D.
__
Enterprise Developer.
Sun Certified Java Programmer (SCJP)
PD:
this line : String SQL = "SELECT * FROM `porder` WHERE order_id = " + id ;
is a HUGE security risk.
On Wed, Mar 4, 2009 at 11:53 PM, riveraej wrote:
>
> Hi everyone!
>
> I come to you asking for help. I'm trying to mount a web service which
> consults a MySQL Database. I have already done the consult, but I can show
> all data contained in the database, or I can show data according to
> conditions setting these conditions manually in the code of the Java Class.
> Nevertheless I need to pass in some way to my class a value in order to
> make
> the SQL consult according to this.
>
> Talking in code terms... I have the next code:
>
> public class poDBService{
>
>public OrderData orderDetails(){
>Connection conn = (Connection)
> MessageContext.getCurrentMessageContext().getProperty(
>poDataServiceLifeCycle.DB_CONNECTION);
>if (conn!=null){
>try{
>String SQL = "SELECT * FROM `porder` WHERE
> order_id=1";
>PreparedStatement statement =
> conn.prepareStatement(SQL);
>ResultSet result = statement.executeQuery();
>if (result.next()){
>OrderData orderData = new
> OrderData();
>
> orderData.setOrderId(result.getInt("order_id"));
>
> orderData.setSoldTo(result.getInt("soldTo"));
>
> orderData.setShipTo(result.getInt("shipTo"));
>
>
> I can access to my service through my browser in the address:
>
> http://localhost:8080/axis2/services/poDataService/orderDetails
>
> It correctly displays the corresponding data contained in the table porder
>
> But I need to define my SQL sentence allowing to pass it the needed
> parameter for the WHERE clause.
> I already found that some people makes it with code like the next:
>
> public class poDBService{
>
>public OrderData orderDetails(int id){
>Connection conn = (Connection)
> MessageContext.getCurrentMessageContext().getProperty(
>poDataServiceLifeCycle.DB_CONNECTION);
>if (conn!=null){
>try{
>String SQL = "SELECT * FROM `porder` WHERE
> order_id = " + id ;
>PreparedStatement statement =
> conn.prepareStatement(SQL);
>ResultSet result = statement.executeQuery();
>if (result.next()){
>OrderData orderData = new
> OrderData();
>
> orderData.setOrderId(result.getInt("order_id"));
>
> orderData.setSoldTo(result.getInt("soldTo"));
>
> orderData.setShipTo(result.getInt("shipTo"));
>
>
> With this code theoretically it would be possible to pass paramete id to
> the
> service in the URL address:
>
> http://localhost:8080/axis2/services/poDataService/orderDetails?id=1
>
> But when I try to do it in this way Axis returns in my web browser a Soap
> message like this:
>
>
> unknown
>
>
> No error is thorwn in JBoss console window.
>
> I'm using:
> - JBoss-4.2.2.G.A.
> - Axis2-1.3
> - jdk1.5.0_17
> - mysql-connector-java-5.1.7
> - MySQL Server 5.1
>
> Any ideas what is happening? or is there another way to do this?
>
> Thanks in advance!
>
> Ernesto J. Rivera
> --
> View this message in context:
> http://www.nabble.com/Question-about-exposing-a-database-as-a-web-service...-tp22345253p22345253.html
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
Re: Memory problems using axis2 tomcat and ssl
Hello Martin,
I've been down that path too, but extracted from the same blog:
http://my.opera.com/karmazilla/blog/2007/03/15/permgen-strikes-back
This solution only works fine in some cases, in other it just delay the
error.
Regards,
Marcus V. Sánchez D.
__
Enterprise Developer.
Sun Certified Java Programmer (SCJP)
On Thu, Feb 26, 2009 at 8:54 AM, Martin Gainty wrote:
> Hakkon
>
> If you dont mind taking advice from a norsk please read
>
> http://my.opera.com/karmazilla/blog/2007/03/13/good-riddance-permgen-outofmemoryerror
>
> as this is related to the JVM and permgen settings you must tweak JAVA_OPTS
> env parameter
> please add these parameters to your JAVA_OPTS env variable
>
> switch garbage-collector to concurrent
> -XX:+UseConcMarkSweepGC
>
> collect in permgen space
> -XX:+CMSPermGenSweepingEnabled
>
> allow classes to be unloaded
> -XX:+CMSClassUnloadingEnabled
>
> tweak the Max Perm Gen size up to 128M
> -XX:MaxPermSize=128m
>
> SET JAVA_OPTS=-XX:UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled
> -XX:+CMSClassUnloadingEnabled
> -XX:MaxPermSize=128m
>
> Takk
> Martin
> __
> Disclaimer and confidentiality note
> Everything in this e-mail and any attachments relates to the official
> business of Sender. This transmission is of a confidential nature and Sender
> does not endorse distribution to any party other than intended recipient.
> Sender does not necessarily endorse content contained within this
> transmission.
>
>
>
>
> --
> Date: Thu, 26 Feb 2009 14:37:58 +0100
> Subject: Memory problems using axis2 tomcat and ssl
> From: hakon.sageh...@bccs.uib.no
> To: axis-user@ws.apache.org
>
>
> Hi all,
>
> I'm experimenting with web services deployed with axis2 in tomcat using ssl
> for securing them and noticed something strange. I can call one of the
> services many times and no problems, but when I want to call another
> service I get
>
> java.lang.OutOfMemoryError: PermGen space
>
> from tomcat. If I start tomcat without ssl enabled all services and
> container behaves normally, calling them multiple times works as it should.
> Have anyone experienced anything similar? I've not altered any of the web
> services just added the tomcat ssl connector and configured it like this
>
> maxThreads="200" scheme="https" secure="true"
>clientAuth="false" sslProtocol="TLS" enableLookups="true"
>keystoreFile="${user.home}/my.jks"
>keystorePass="password" acceptCount="100"
> minSpareThreads="5" maxSpareThreads="75"
> disableUploadTimeout="true"
> />
>
> I'm usign axis2-1.4.1, tomat 6.0.18
>
> cheers, Håkon
>
>
> --
> Håkon Sagehaug, Scientific Programmer
> Parallab, Bergen Center for Computational Science (BCCS)
> UNIFOB AS (University of Bergen Research Company)
>
> --
> Windows Live™: Discover 10 secrets about the new Windows Live. View
> post.
>
Re: Memory problems using axis2 tomcat and ssl
This exception usually apears when your code is messing with the
classloader, or you're making hot redeploys etc.
Ring a bell?
Regards,
Marcus V. Sánchez D.
__
Enterprise Developer.
Sun Certified Java Programmer (SCJP)
PD: if you know some spanish there is a really good explanation(at least
when the propblem is the code):
http://rubensa.wordpress.com/2008/02/11/java-classloader-permgen-exception/
On Thu, Feb 26, 2009 at 8:37 AM, Håkon Sagehaug
wrote:
> Hi all,
>
> I'm experimenting with web services deployed with axis2 in tomcat using ssl
> for securing them and noticed something strange. I can call one of the
> services many times and no problems, but when I want to call another
> service I get
>
> java.lang.OutOfMemoryError: PermGen space
>
> from tomcat. If I start tomcat without ssl enabled all services and
> container behaves normally, calling them multiple times works as it should.
> Have anyone experienced anything similar? I've not altered any of the web
> services just added the tomcat ssl connector and configured it like this
>
> maxThreads="200" scheme="https" secure="true"
>clientAuth="false" sslProtocol="TLS" enableLookups="true"
>keystoreFile="${user.home}/my.jks"
>keystorePass="password" acceptCount="100"
> minSpareThreads="5" maxSpareThreads="75"
> disableUploadTimeout="true"
> />
>
> I'm usign axis2-1.4.1, tomat 6.0.18
>
> cheers, Håkon
>
>
> --
> Håkon Sagehaug, Scientific Programmer
> Parallab, Bergen Center for Computational Science (BCCS)
> UNIFOB AS (University of Bergen Research Company)
>
Re: Error in signature with X509Token
HI Tomaz, I'm no guru in the subject but I had a similar problem and I don't see BinarySecurityToken being send in the request, so try changing the correct lines for this one: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/* AlwaysToRecipient*"> Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Thu, Feb 5, 2009 at 6:28 AM, Erwin Reinhoud wrote: > Hello Tomaz, > > In my sanbox env i have put the file in the tomcat bin dir and no path > indication in service.xml. > > Regards, > > Erwin > > -Oorspronkelijk bericht- > Van: TomazM [mailto:tomaz.majerh...@arnes.si] > Verzonden: donderdag 5 februari 2009 12:13 > Aan: axis-user@ws.apache.org > Onderwerp: Re: Error in signature with X509Token > > I'm using rampart version 1.4, but it seem as the > rampart(org.apache.ws.security.crypto.merlin.file) doesn't pick the > keystore, because I change the name to a nonexistent file and I don't get > any error that file don't exist. > > Regards, Tomaz > > Erwin Reinhoud wrote: > > Hello Tomaz, > > > > Try also using rampart version 1.4 io 1.3. > > > > Regards, > > Erwin > > > > -- > > -- > > *Van:* m4rkuz [mailto:m4r...@gmail.com] > > *Verzonden:* woensdag 4 februari 2009 15:16 > > *Aan:* axis-user@ws.apache.org > > *Onderwerp:* Re: Error in signature with X509Token > > > > Hi Tomaz, > > > > I think you should attach you'r policy.xml file and your > > services.xml, and maybe an example of the soap message generated, so > > it could be esiar to help you. > > > > > > > > Marcus V. Sánchez D. > > __ > > Enterprise Developer. > > Sun Certified Java Programmer (SCJP) > > > > > > On Wed, Feb 4, 2009 at 9:08 AM, TomazM > <mailto:tomaz.majerh...@arnes.si>> wrote: > > > > Env: > >OS: Microsoft Windows XP [Version 5.1.2600] > >java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) > >Tomcat: 6.0.16 > >Axis2: 1.4.1 > >Rampart: 1.3 > > > > > > I'm trying to sign message with my CallbackHandler and wsp:Policy, > > keys are in keystore of JKS type(server.jks and client.jks) > > > > 1) In service.xml I have: > > . > > > rampart.sign.service.SecurityHandler > > > > > provider="org.apache.ws.security.components.crypto.Merlin"> > > > > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > > > > name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks > > > > name="org.apache.ws.security.crypto.merlin.keystore.password"> > > > > > > > > 2) In client I also have my CallbackHandler and applying > > RampartConfig which use client.jks(contain server key) > > > > > > The finger print of server and client certificates are the same in > > both keystore. > > > > > > > > Error: > > org.apache.axis2.AxisFault: Error in signature with X509Token > >at > > > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) > >at > > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) > >at > > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) > >at > > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > >at > > > > org.apache.axis2.client.OperationClient.execute(OperationClient.java:1 > > 63) > > > > > > > > > > Is anybody have a clue what I'm doing wrong > > > > > > > > > > Best regards, Tomaz > > > > > > > >
Re: how to enable rampart logging
Asuming you have log4j in your project, you can modify this line in your log4j.properties # Set the enterprise logger priority to FATAL log4j.logger.org.apache.axis2.enterprise=DEBUG Regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) PD: full file attached On Thu, Feb 5, 2009 at 6:22 AM, TomazM wrote: > Is there any way to have full logging for rampart, let say as TRACE or > DEBUG mode. > > Best Regard; Tomaz > log4j.properties Description: Binary data
Re: unsubscribe
Sorry, my wrong, I was trying to unsubscribe from another list, and got mixed up.. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 2:59 PM, Andreas Veithen wrote: > Christopher, > > If you want to unsubscribe, you need to send a mail to > axis-user-unsubscr...@ws.apache.org. > > Andreas > > On Wed, Feb 4, 2009 at 20:56, Meeusen, Christopher W. > wrote: > > unsubscribe > > > > From: axis-user-return-77544-meeusen.christopher=mayo@ws.apache.org > > [mailto:axis-user-return-77544-Meeusen.Christopher=mayo.edu@ > ws.apache.org] > > On Behalf Of Nandana Mihindukulasooriya > > Sent: Wednesday, February 04, 2009 12:30 PM > > To: axis-user@ws.apache.org > > Subject: Re: Problem building proper Policy file ... > > > > Hi Marcus, > > try changing > > > > > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > > > > to > > > > > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > "> > > > > in the assertion. > > > > thanks, > > nandana > > > > On Wed, Feb 4, 2009 at 11:26 PM, m4rkuz wrote: > >> > >> HI Nandana, > >> > >> Attached to this message is the soap message generated by rampart(the > one > >> that fails), is quite different and the first big difference I see is > that > >> oracle made soap has two (2) BinarySecurityToken and the rampart made > just > >> have one. > >> > >> the error I get in the client side wrap around the soap response message > >> is: > >> > >> InvalidSecurity FAULT MESSAGE: An invalid token was provided > >> > >> > >> > >> Any Ideas? > >> > >> I would ask for the Oracle Log, to post it. > >> > >> > >> Marcus V. Sánchez D. > >> __ > >> Enterprise Developer. > >> Sun Certified Java Programmer (SCJP) > >> > >> > >> On Wed, Feb 4, 2009 at 12:21 PM, Nandana Mihindukulasooriya > >> wrote: > >>> > >>> Hi Marcus, > >>>From the first look, it seems the policy you have matches the > >>> success SOAP message. Do you get an error from the OWM side when you > use > >>> this policy at the client ? If so what is the error message ? The > returning > >>> message may not say what the error is, but if you have access to the > OWM > >>> logs, you will be able to find out what the error is. And can you > attach the > >>> message generated with this policy in Axis2/Rampart client so we can > compare > >>> it. > >>> > >>> thanks, > >>> nandana > >>> > >>> On Wed, Feb 4, 2009 at 10:37 PM, m4rkuz wrote: > >>>> > >>>> Hi Eeveryone, > >>>> > >>>> I've trying for a while now to make a proper client for a web service > >>>> made in oracle (OWM ) with Axis2 and Rampart, I had been able to > overcome > >>>> some issues about x509v3 and the hole signing process but now in the > last > >>>> part the Encription I just don't know how to declare it properly for > the > >>>> client to sussesfuly call the WS. > >>>> > >>>> I had an example of a suscessfull soap message (oracle client > generated) > >>>> and a copy of my policy for someone to take a quick look and help me > out. > >>>> > >>>> > >>>> The files are attached. > >>>> > >>>> that same policy file and without the encription configuration works > >>>> fine if the WS require only signing, so is not totally wrong. > >>>> > >>>> > >>>> > >>>> If someone had an idea how to mimic that message from axis2, would > help > >>>> me a lot, > >>>> > >>>> > >>>> Marcus V. Sánchez D. > >>>> __ > >>>> Enterprise Developer. > >>>> Sun Certified Java Programmer (SCJP) > >>> > >>> > >>> > >>> -- > >>> Nandana Mihindukulasooriya > >>> WSO2 inc. > >>> > >>> http://nandana83.blogspot.com/ > >>> http://www.wso2.org > >> > > > > > > > > -- > > Nandana Mihindukulasooriya > > WSO2 inc. > > > > http://nandana83.blogspot.com/ > > http://www.wso2.org > > >
Re: Problem building proper Policy file ...
It Worked like a charm!! So many thanks!!! Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) PD: Thanks Again!! On Wed, Feb 4, 2009 at 1:29 PM, Nandana Mihindukulasooriya < nandana@gmail.com> wrote: > Hi Marcus, > try changing > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > > to > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > "> > > in the assertion. > > thanks, > nandana > > > On Wed, Feb 4, 2009 at 11:26 PM, m4rkuz wrote: > >> HI Nandana, >> >> Attached to this message is the soap message generated by rampart(the one >> that fails), is quite different and the first big difference I see is that >> oracle made soap has two (2) BinarySecurityToken and the rampart made just >> have one. >> >> the error I get in the client side wrap around the soap response message >> is: >> >> *InvalidSecurity FAULT MESSAGE: An invalid token was provided* >> >> >> >> Any Ideas? >> >> I would ask for the Oracle Log, to post it. >> >> >> Marcus V. Sánchez D. >> __ >> Enterprise Developer. >> Sun Certified Java Programmer (SCJP) >> >> >> On Wed, Feb 4, 2009 at 12:21 PM, Nandana Mihindukulasooriya < >> nandana@gmail.com> wrote: >> >>> Hi Marcus, >>>From the first look, it seems the policy you have matches the >>> success SOAP message. Do you get an error from the OWM side when you use >>> this policy at the client ? If so what is the error message ? The returning >>> message may not say what the error is, but if you have access to the OWM >>> logs, you will be able to find out what the error is. And can you attach the >>> message generated with this policy in Axis2/Rampart client so we can compare >>> it. >>> >>> thanks, >>> nandana >>> >>> >>> On Wed, Feb 4, 2009 at 10:37 PM, m4rkuz wrote: >>> >>>> Hi Eeveryone, >>>> >>>> I've trying for a while now to make a proper client for a web service >>>> made in oracle (OWM ) with Axis2 and Rampart, I had been able to overcome >>>> some issues about x509v3 and the hole signing process but now in the last >>>> part the Encription I just don't know how to declare it properly for the >>>> client to sussesfuly call the WS. >>>> >>>> I had an example of a suscessfull soap message (oracle client generated) >>>> and a copy of my policy for someone to take a quick look and help me out. >>>> >>>> >>>> The files are attached. >>>> >>>> that same policy file and without the encription configuration works >>>> fine if the WS require only signing, so is not totally wrong. >>>> >>>> >>>> >>>> If someone had an idea how to mimic that message from axis2, would help >>>> me a lot, >>>> >>>> >>>> Marcus V. Sánchez D. >>>> __ >>>> Enterprise Developer. >>>> Sun Certified Java Programmer (SCJP) >>>> >>> >>> >>> >>> -- >>> Nandana Mihindukulasooriya >>> WSO2 inc. >>> >>> http://nandana83.blogspot.com/ >>> http://www.wso2.org >>> >> >> > > > -- > Nandana Mihindukulasooriya > WSO2 inc. > > http://nandana83.blogspot.com/ > http://www.wso2.org >
Re: Problem building proper Policy file ...
HI Nandana, Attached to this message is the soap message generated by rampart(the one that fails), is quite different and the first big difference I see is that oracle made soap has two (2) BinarySecurityToken and the rampart made just have one. the error I get in the client side wrap around the soap response message is: *InvalidSecurity FAULT MESSAGE: An invalid token was provided* Any Ideas? I would ask for the Oracle Log, to post it. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 12:21 PM, Nandana Mihindukulasooriya < nandana@gmail.com> wrote: > Hi Marcus, >From the first look, it seems the policy you have matches the > success SOAP message. Do you get an error from the OWM side when you use > this policy at the client ? If so what is the error message ? The returning > message may not say what the error is, but if you have access to the OWM > logs, you will be able to find out what the error is. And can you attach the > message generated with this policy in Axis2/Rampart client so we can compare > it. > > thanks, > nandana > > > On Wed, Feb 4, 2009 at 10:37 PM, m4rkuz wrote: > >> Hi Eeveryone, >> >> I've trying for a while now to make a proper client for a web service made >> in oracle (OWM ) with Axis2 and Rampart, I had been able to overcome some >> issues about x509v3 and the hole signing process but now in the last part >> the Encription I just don't know how to declare it properly for the client >> to sussesfuly call the WS. >> >> I had an example of a suscessfull soap message (oracle client generated) >> and a copy of my policy for someone to take a quick look and help me out. >> >> >> The files are attached. >> >> that same policy file and without the encription configuration works fine >> if the WS require only signing, so is not totally wrong. >> >> >> >> If someone had an idea how to mimic that message from axis2, would help me >> a lot, >> >> >> Marcus V. Sánchez D. >> __ >> Enterprise Developer. >> Sun Certified Java Programmer (SCJP) >> > > > > -- > Nandana Mihindukulasooriya > WSO2 inc. > > http://nandana83.blogspot.com/ > http://www.wso2.org > http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"> http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> http://www.w3.org/2000/09/xmldsig#";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>G6Vav3SyoYV9uno6UbDKzGaVUeM= avZMHMrW37IHbzkj0UKvQih7Pwwvk1N4kxzeey9GJr2Pe4kVJ2T59i9OKAFNjkEJCQgaJ1lEj0DaWz2IiHRECKj152aYU4QXbV0wg8QmzW4BIfzEl71mDTpy4CcR/JDb6axRLpFW/UFQ2+3/ZLx+jfPnFIwUGJh1Q/AQ3fSlbrA= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-909101">MIICXzCCAcigAwIBAgIESYhpJTANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDSXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRIwEAYDVQQDEwlTYW0gRGF2aXMwHhcNMDkwMjAzMTU1NjIxWhcNMDkwNTA0MTU1NjIxWjB0MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDSXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRIwEAYDVQQDEwlTYW0gRGF2aXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJnZAvXEkOM6iUgpv9WqhR9/N1qBDzK8hYm0uifE8hyLvIc244PNyLHFH7ntTarRkL16L08Jz70cf4qddY9C2sa2EQYdYwCsAF1838SZ/B97KHAJCnXouDBcQZwqqlBPGtaspFLwokoZd6cg4eoCQ+fGJ5mJCYVopMpaeFuUQ6JhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAFfwFCDFA+CnOpA+zH+n+oz3nyKrv8b8UgFOd0TWFMv/FltuS6jX1r/3xvazTFiW8lOVIpDGK7IMxpapzGtAoaA2JR4wtuskmbWat2O0Cj61b9nZhSBbDnkWtYADdQhei6yi0ha9wNkfG6mpE36LIBm+xRp9Xk35mWoh/xXEmwew= http://www.w3.org/2000/09/xmldsig#"; Id="Signature-3860801"> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#sha1"; /> yKlJJwkS91Vsk9u6KAwzjcxn0Xw= N6MBUwsnlpPhf9W3wdQJ2B08enQfDxN3/pNyM4rrlApgUspuKkHhj2lo/
Problem building proper Policy file ...
Hi Eeveryone, I've trying for a while now to make a proper client for a web service made in oracle (OWM ) with Axis2 and Rampart, I had been able to overcome some issues about x509v3 and the hole signing process but now in the last part the Encription I just don't know how to declare it properly for the client to sussesfuly call the WS. I had an example of a suscessfull soap message (oracle client generated) and a copy of my policy for someone to take a quick look and help me out. The files are attached. that same policy file and without the encription configuration works fine if the WS require only signing, so is not totally wrong. If someone had an idea how to mimic that message from axis2, would help me a lot, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:ns0="http://test.heinsohn.com/types/";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; wsu:Id="aSfsuZGB0yY2p9x2idFRrag22" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> MIICYTCCAcqgAwIBAgIESYhp+jANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDaXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRMwEQYDVQQDEwpEYXZlIFNhbWlzMB4XDTA5MDIwMzE1NTk1NFoXDTA5MDUwNDE1NTk1NFowdTELMAkGA1UEBhMCRksxFjAUBgNVBAgTDUZha2UgUHJvdmluY2UxEjAQBgNVBAcTCUZha2UgQ2l0eTERMA8GA1UEChMIRmFrZSBPcmcxEjAQBgNVBAsTCUZha2UgVW5pdDETMBEGA1UEAxMKRGF2ZSBTYW1pczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0KGfK7v/xLfKNFVGz2Ja3nhmlSUGQfmI+r/pSw632HDjqjbX8ZzPZPBw4WtVozxKkgymJLaw26Cru07LRW6a++2iUUhoxGkrz7O+3+fp0TdgMEDtWj92QJrn93IoBZOd43wkSHU6urZUOerfCrW7DK18uCxW8M5Pi4qYuAXKGL0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBo10BPLlr9ZLEhHt8Rfej6varvZGS+rm2WqAXTrZokRiq04i2zpp16jgf1ltCBI4EzU3uHBBAvnq3EhxNbc8Aad95r5K5JyU1Nd+3IdALKZLagasp1JgOiXmB8D1nCQvc1ao/LTuFfzyePNYOXWnsHskpUQ4d5jMfVZDFG5GClEg== http://www.w3.org/2001/04/xmlenc#"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> http://www.w3.org/2000/09/xmldsig#";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; /> k/V7ppQNywzQyu92y2SopAbZGTOHHlPz05i9oUEAkkoLTMJPiR0rcINP9C9BZ6ypPoSbguOYWbfzXHvNghdi1yNV95ahGRcegFWud01ok3q6h1uv6RCF3OudKiyGTtC2124qMP3hpxMBau/4tcebcuXvJLcsG49LBNP9n8quSU4= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; wsu:Id="_V0HeS0pOYm2iCVmURgcaUw22" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> MIICXzCCAcigAwIBAgIESYhpJTANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDSXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRIwEAYDVQQDEwlTYW0gRGF2aXMwHhcNMDkwMjAzMTU1NjIxWhcNMDkwNTA0MTU1NjIxWjB0MQswCQYDVQQGEwJGSzEWMBQGA1UECBMNRmFrZSBQcm92aW5jZTESMBAGA1UEBxMJRmFrZSBDSXR5MREwDwYDVQQKEwhGYWtlIE9yZzESMBAGA1UECxMJRmFrZSBVbml0MRIwEAYDVQQDEwlTYW0gRGF2aXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJnZAvXEkOM6iUgpv9WqhR9/N1qBDzK8hYm0uifE8hyLvIc244PNyLHFH7ntTarRkL16L08Jz70cf4qddY9C2sa2EQYdYwCsAF1838SZ/B97KHAJCnXouDBcQZwqqlBPGtaspFLwokoZd6cg4eoCQ+fGJ5mJCYVopMpaeFuUQ6JhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAFfwFCDFA+CnOpA+zH+n+oz3nyKrv8b8UgFOd0TWFMv/FltuS6jX1r/3xvazTFiW8lOVIpDGK7IMxpapzGtAoaA2JR4wtuskmbWat2O0Cj61b9nZhSBbDnkWtYADdQhei6yi0ha9wNkfG6mpE36LIBm+xRp9Xk35mWoh/xXEmwew= http://www.w3.org/2000/09/xmldsig#"; xmlns:dsig="http://www.w3.org/2000/09/xmldsig#
Re: Error in signature with X509Token
Hi Tomaz, I think you should attach you'r policy.xml file and your services.xml, and maybe an example of the soap message generated, so it could be esiar to help you. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Wed, Feb 4, 2009 at 9:08 AM, TomazM wrote: > Env: >OS: Microsoft Windows XP [Version 5.1.2600] >java: Java(TM) SE Runtime Environment (build 1.6.0_10-b33) >Tomcat: 6.0.16 >Axis2: 1.4.1 >Rampart: 1.3 > > > I'm trying to sign message with my CallbackHandler and wsp:Policy, keys are > in keystore of JKS type(server.jks and client.jks) > > 1) In service.xml I have: > . > > rampart.sign.service.SecurityHandler > > provider="org.apache.ws.security.components.crypto.Merlin"> > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > name="org.apache.ws.security.crypto.merlin.file">keys\\server.jks > name="org.apache.ws.security.crypto.merlin.keystore.password"> > > > > 2) In client I also have my CallbackHandler and applying RampartConfig > which use client.jks(contain server key) > > > The finger print of server and client certificates are the same in both > keystore. > > > > Error: > org.apache.axis2.AxisFault: Error in signature with X509Token >at > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) >at > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) >at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) >at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) >at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > > > > > Is anybody have a clue what I'm doing wrong > > > > > Best regards, Tomaz >
Re: Problem: Oracle Server - Rampart Client...
More Findings, Aparently this issue had nothing to do with what I described, but with some sort of bug that makes rampart build X509v1 security tokens even when we especifically configure x509v3 tokens like this: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> Is there a know work around? regards, Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Fri, Jan 23, 2009 at 9:14 AM, m4rkuz wrote: > > Sorry in the last message I forgot to put another diference that maybe more > trouble, > > Rampart: > > http://localhost:8088/gateway/services/SID0003001 > > urn:uuid:AECDDCE53586EDD65F1232669747468 > http://test.heinsohn.com//talkToMe > ... > > In the Oracle version that part doesn't exist, there is no > , or Tags.. > > > Marcus V. Sánchez D. > __ > Enterprise Developer. > Sun Certified Java Programmer (SCJP) > > > On Fri, Jan 23, 2009 at 8:35 AM, m4rkuz wrote: > >> >> Hi Everyone, >> >> I'm new to rampart but learning quickly, well not quikly enough because >> I've been having some problems trying to invoke a WS that was made using >> oracle tools, is supposed to be easy initialy I just had to sing the message >> but even at that level I haven't been able to do it, I went thru examples on >> the distribution (1.4.1) and some webs but I'm still getting : >> >> FAULT CODE: UnsupportedSecurityToken FAULT MESSAGE: An unsupported token >> was provided >> >> I asked for a successful soap message example to compare the one I >> generate with a good one, (attached to the message) the only big diference I >> see is that in the rampart made soap message all the URI attributes are not >> encripted as they do in the oracle example >> >> Rampart: >> ... >> >> .. >> >> >> > >> >> Oracle: >> .. >> >> ... >> >> >> > >> >> >> What is all about? (I'm really newbie) and how can I match that using >> rampart ?? >> >> >> Best Regards, >> >> >> Marcus V. Sánchez D. >> __ >> Enterprise Developer. >> Sun Certified Java Programmer (SCJP) >> >> >
Re: Problem: Oracle Server - Rampart Client...
Sorry in the last message I forgot to put another diference that maybe more trouble, Rampart: http://localhost:8088/gateway/services/SID0003001 urn:uuid:AECDDCE53586EDD65F1232669747468 http://test.heinsohn.com//talkToMe ... In the Oracle version that part doesn't exist, there is no , or Tags.. Marcus V. Sánchez D. __ Enterprise Developer. Sun Certified Java Programmer (SCJP) On Fri, Jan 23, 2009 at 8:35 AM, m4rkuz wrote: > > Hi Everyone, > > I'm new to rampart but learning quickly, well not quikly enough because > I've been having some problems trying to invoke a WS that was made using > oracle tools, is supposed to be easy initialy I just had to sing the message > but even at that level I haven't been able to do it, I went thru examples on > the distribution (1.4.1) and some webs but I'm still getting : > > FAULT CODE: UnsupportedSecurityToken FAULT MESSAGE: An unsupported token > was provided > > I asked for a successful soap message example to compare the one I > generate with a good one, (attached to the message) the only big diference I > see is that in the rampart made soap message all the URI attributes are not > encripted as they do in the oracle example > > Rampart: > ... > > .. > > > > > Oracle: > .. > > ... > > > > > > What is all about? (I'm really newbie) and how can I match that using > rampart ?? > > > Best Regards, > > > Marcus V. Sánchez D. > __ > Enterprise Developer. > Sun Certified Java Programmer (SCJP) > >
Problem: Oracle Server - Rampart Client...
Hi Everyone, I'm new to rampart but learning quickly, well not quikly enough because I've been having some problems trying to invoke a WS that was made using oracle tools, is supposed to be easy initialy I just had to sing the message but even at that level I haven't been able to do it, I went thru examples on the distribution (1.4.1) and some webs but I'm still getting : FAULT CODE: UnsupportedSecurityToken FAULT MESSAGE: An unsupported token was provided I asked for a successful soap message example to compare the one I generate with a good one, (attached to the message) the only big diference I see is that in the rampart made soap message all the URI attributes are not encripted as they do in the oracle example Rampart: ... .. ... http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:ns0="http://test.heinsohn.com/types/";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; wsu:Id="5KdQ0TRTux484dTYM5mpHQ22" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> MIICQjCCAasCBEjSYtkwDQYJKoZIhvcNAQEFBQAwaDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEDAOBgNVBAcTB3NhbUhvbWUxDzANBgNVBAoTBnNhbU9yZzEQMA4GA1UECxMHc2FtRGVwdDESMBAGA1UEAxMJU2FtIE1vb3JlMB4XDTA4MDkxODE0MTY1N1oXDTA4MTIxNzE0MTY1N1owaDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExEDAOBgNVBAcTB3NhbUhvbWUxDzANBgNVBAoTBnNhbU9yZzEQMA4GA1UECxMHc2FtRGVwdDESMBAGA1UEAxMJU2FtIE1vb3JlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv3cDnMuNkqKweUeC458/74Kp4bht6ipjTQtgiR1xDUotymfMyOuYHzFCzbYv8z5N+jVP0pLXCN4eYqVJKZ20+mnDtxPZPKJsTLtnNF+VwoiVZ7GF5eb9Qrbul/6/veolFaMeJySUJEWaGRhiA3CsyWMUBirYtrItqe+puX2ivkwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAKXJ6hI72drL+HGErxiBi5ToqTOv4frXH4TdTE2scSkl3DSZM0nryWfA76rxmxbxRSRzNAzs+nP6wWthpb5NcfUoMuZ/Zx+mSfTfoNWLDev2QaFbSIv/sFGZNfODGigOvAyCM33BtxFXXkR54bNfe13MBrLe/RSlzsBSrbf5w7/2 http://www.w3.org/2000/09/xmldsig#"; xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#sha1"; /> r6mS6ytfF/8Hj5qOfC3Vy8o5n5c= http://www.w3.org/2001/10/xml-exc-c14n#"; /> http://www.w3.org/2000/09/xmldsig#sha1"; /> 7g8/vO+zjJNHKyKPpJGhBDRNO8A= eF1WtunbSIGGMLDEurLqa5QTXoNYbHd0AG9Kg2glQVOZhvFJ0QvmMx3YNPuwbw5x7+lbGjRqSI9eD/EMwXyVAlvMTbMJJsspYoocS/tspTRqxIuKtI72qKIqOaUnXWJDFXocM9nxmqththJuuUf8Dji8+Y1rtHby9WlCh9EWkHI= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; /> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> 2009-01-22T21:19:31Z 2009-01-23T05:19:31Z http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> http://schemas.xmlsoap.org/soap/envelope/";> http://www.w3.org/2005/08/addressing";> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-14707008"> 2009-01-23T00:15:48.899Z 2009-01-23T00:20:48.899Z http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1"; wsu:Id="CertId-1097338">MIICRDCCAa0CBElQ5UwwDQYJKoZIhvcNAQEFBQAwaTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCEZsb3JpZGFkMRAwDgYDVQQHEwdzYW1Ib21lMQ8wDQYDVQQKEwZzYW1PcmcxEDAOBgNVBAsTB3NhbURlcHQxEjAQBg
