Re: [Axis2] accessing a policy-secured webservice using a WSDL2Java client
thank you for the reply, Amila.
The example you provided is basically what I'm using, however I'm now
getting the error Could not validate signature using any of the supported
token types
I compared the weblogic debug logs when I hit it with a clientgen client
(works) and with my Axis2 client (not working)...everything seems almost
exact. The encryption algorithms listed are exactly the same, so its not
like I'm trying to use a different signature algorithm with Axis2.
The weblogic logs show that both the clientgen client and Axis2 client send
a signed timestamp, signed body, and signed token. The weblogic log with
the clientgen client however shows that it continues on with a message about
'trying to validate identity assertion token ~ x509' and that all works and
the client is allowed to connect.
I went so far as to modify my webService to remove the Auth policy leaving
only the Sign policy. I then tried Axis2 again and got the same error about
'could not validate signature using any of the supported token types'.
I greatly appreciate your response to my earlier message and I hope you can
help me debug this problem.
Brian
On 7/26/07, Amila Suriarachchi [EMAIL PROTECTED] wrote:
this is what you can do with the Axis2 and rampart
first geneate the code using wsdl2java tool use -u and -g options as well.
then get a rampart distribution and put all requried libs to the class
path (these comes with the rampart distributtion) and put the .mar files to
the repository modules.
Install full strength security jars (with out this some security
assertions does not work)
write the client code like this
ConfigurationContext confContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(AXIS2_REPOSITORY,
AXIS2_XML);
stub = new
PingService10MutualCertificate10SignEncrypt_IPingServiceStub(confContext);
stub._getServiceClient().engageModule(rampart);
// set the rampart config properties correctly
CryptoConfig signcriptoInfo = new CryptoConfig();
signcriptoInfo.setProvider(Merlin.class.getName());
Properties properties = new Properties();
properties.setProperty(
org.apache.ws.security.crypto.merlin.keystore.type , JKS);
properties.setProperty(org.apache.ws.security.crypto.merlin.file,
security_client_wcf/conf/sec.jks);
properties.setProperty(
org.apache.ws.security.crypto.merlin.keystore.password , password);
signcriptoInfo.setProp(properties);
CryptoConfig encriptcriptoInfo = new CryptoConfig();
encriptcriptoInfo.setProp(properties);
encriptcriptoInfo.setProvider (Merlin.class.getName());
RampartConfig config = new RampartConfig();
config.setUser(alice);
config.setEncryptionUser(bob);
config.setPwCbClass( util.PasswordCallbackHandler);
config.setSigCryptoConfig(signcriptoInfo);
config.setEncrCryptoConfig(encriptcriptoInfo);
ramapConfigPolicy = new Policy();
ramapConfigPolicy.addAssertion (config);
try {
stub._getServiceClient().getAxisService().getPolicyInclude().addPolicyElement(
PolicyInclude.ANON_POLICY, ramapConfigPolicy);
String result = stub.echo (Test String);
System.out.println(Result == + result);
} catch (RemoteException e) {
e.printStackTrace();
}
here stub refers to your generated stub.
AXIS2_REPOSITORY refers to your axis2 repository. this should have the
rampart mar files.
here you have to set the key store, user names and passwords as given
above.
You may have a password callback class like this with the correct user
names and passwords.
public class PasswordCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
String id = pwcb.getIdentifer();
if (alice.equals(id)) {
pwcb.setPassword (ecila);
} else if (bob.equals(id)) {
pwcb.setPassword(bob);
}
}
}
}
thanks,
Amila.
On 7/26/07, Brian Baldwin [EMAIL PROTECTED] wrote:
I've been using Axis1.x to access my webservice using WSDL2Java
generated
stubs...works great...I use the Locator class.
I've modified my webservice to use WS-Policy directives (Sign and Auth).
The WSDL has changed as expected to include the wsp:policy elements
for
Sign and Auth.
Do I need to use Axis2/Rampart to generate the client stubs and apply
the
encryption now that my webservice is using WS-Policy directives?
Is there an example for using Axis/Axis2 to access a policy-enabled web
service?
My webservice is deployed to WLS 9.2 and I can use weblogic's
clientgen-generated stubs to encrypt
Re: [Axis2] accessing a policy-secured webservice using a WSDL2Java client
this is what you can do with the Axis2 and rampart
first geneate the code using wsdl2java tool use -u and -g options as well.
then get a rampart distribution and put all requried libs to the class path
(these comes with the rampart distributtion) and put the .mar files to the
repository modules.
Install full strength security jars (with out this some security assertions
does not work)
write the client code like this
ConfigurationContext confContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(AXIS2_REPOSITORY,
AXIS2_XML);
stub = new
PingService10MutualCertificate10SignEncrypt_IPingServiceStub(confContext);
stub._getServiceClient().engageModule(rampart);
// set the rampart config properties correctly
CryptoConfig signcriptoInfo = new CryptoConfig();
signcriptoInfo.setProvider(Merlin.class.getName());
Properties properties = new Properties();
properties.setProperty(
org.apache.ws.security.crypto.merlin.keystore.type, JKS);
properties.setProperty(org.apache.ws.security.crypto.merlin.file,
security_client_wcf/conf/sec.jks);
properties.setProperty(
org.apache.ws.security.crypto.merlin.keystore.password, password);
signcriptoInfo.setProp(properties);
CryptoConfig encriptcriptoInfo = new CryptoConfig();
encriptcriptoInfo.setProp(properties);
encriptcriptoInfo.setProvider(Merlin.class.getName());
RampartConfig config = new RampartConfig();
config.setUser(alice);
config.setEncryptionUser(bob);
config.setPwCbClass(util.PasswordCallbackHandler);
config.setSigCryptoConfig(signcriptoInfo);
config.setEncrCryptoConfig(encriptcriptoInfo);
ramapConfigPolicy = new Policy();
ramapConfigPolicy.addAssertion(config);
try {
stub._getServiceClient().getAxisService().getPolicyInclude().addPolicyElement(
PolicyInclude.ANON_POLICY, ramapConfigPolicy);
String result = stub.echo(Test String);
System.out.println(Result == + result);
} catch (RemoteException e) {
e.printStackTrace();
}
here stub refers to your generated stub.
AXIS2_REPOSITORY refers to your axis2 repository. this should have the
rampart mar files.
here you have to set the key store, user names and passwords as given above.
You may have a password callback class like this with the correct user names
and passwords.
public class PasswordCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
String id = pwcb.getIdentifer();
if (alice.equals(id)) {
pwcb.setPassword(ecila);
} else if (bob.equals(id)) {
pwcb.setPassword(bob);
}
}
}
}
thanks,
Amila.
On 7/26/07, Brian Baldwin [EMAIL PROTECTED] wrote:
I've been using Axis1.x to access my webservice using WSDL2Java generated
stubs...works great...I use the Locator class.
I've modified my webservice to use WS-Policy directives (Sign and Auth).
The WSDL has changed as expected to include the wsp:policy elements for
Sign and Auth.
Do I need to use Axis2/Rampart to generate the client stubs and apply the
encryption now that my webservice is using WS-Policy directives?
Is there an example for using Axis/Axis2 to access a policy-enabled web
service?
My webservice is deployed to WLS 9.2 and I can use weblogic's
clientgen-generated stubs to encrypt and digitally-sign the
message. However, I would like my clients to be able to use Axis.
I've been trying to use Axis2/Rampart but can't get it working.
I've been getting an 'InvalidKeyException: Wrong key usage'.
Follow on question would be with WS-Policy Auth.xml does that mean I
should
use the Encrypt item in the OutflowSecurity parameter for Rampart? Does
WS-Policy Sign.xml map to the Signature item in OutflowSecurity? What
WS-Policy would cause me to need to use the Timestamp item in
OutflowSecurity?
Thank you in advance
Brian
--
Amila Suriarachchi,
WSO2 Inc.
[Axis2] accessing a policy-secured webservice using a WSDL2Java client
I've been using Axis1.x to access my webservice using WSDL2Java generated stubs...works great...I use the Locator class. I've modified my webservice to use WS-Policy directives (Sign and Auth). The WSDL has changed as expected to include the wsp:policy elements for Sign and Auth. Do I need to use Axis2/Rampart to generate the client stubs and apply the encryption now that my webservice is using WS-Policy directives? Is there an example for using Axis/Axis2 to access a policy-enabled web service? My webservice is deployed to WLS 9.2 and I can use weblogic's clientgen-generated stubs to encrypt and digitally-sign the message. However, I would like my clients to be able to use Axis. I've been trying to use Axis2/Rampart but can't get it working. I've been getting an 'InvalidKeyException: Wrong key usage'. Follow on question would be with WS-Policy Auth.xml does that mean I should use the Encrypt item in the OutflowSecurity parameter for Rampart? Does WS-Policy Sign.xml map to the Signature item in OutflowSecurity? What WS-Policy would cause me to need to use the Timestamp item in OutflowSecurity? Thank you in advance Brian
