Re: [Axis2] accessing a policy-secured webservice using a WSDL2Java client
thank you for the reply, Amila. The example you provided is basically what I'm using, however I'm now getting the error Could not validate signature using any of the supported token types I compared the weblogic debug logs when I hit it with a clientgen client (works) and with my Axis2 client (not working)...everything seems almost exact. The encryption algorithms listed are exactly the same, so its not like I'm trying to use a different signature algorithm with Axis2. The weblogic logs show that both the clientgen client and Axis2 client send a signed timestamp, signed body, and signed token. The weblogic log with the clientgen client however shows that it continues on with a message about 'trying to validate identity assertion token ~ x509' and that all works and the client is allowed to connect. I went so far as to modify my webService to remove the Auth policy leaving only the Sign policy. I then tried Axis2 again and got the same error about 'could not validate signature using any of the supported token types'. I greatly appreciate your response to my earlier message and I hope you can help me debug this problem. Brian On 7/26/07, Amila Suriarachchi [EMAIL PROTECTED] wrote: this is what you can do with the Axis2 and rampart first geneate the code using wsdl2java tool use -u and -g options as well. then get a rampart distribution and put all requried libs to the class path (these comes with the rampart distributtion) and put the .mar files to the repository modules. Install full strength security jars (with out this some security assertions does not work) write the client code like this ConfigurationContext confContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(AXIS2_REPOSITORY, AXIS2_XML); stub = new PingService10MutualCertificate10SignEncrypt_IPingServiceStub(confContext); stub._getServiceClient().engageModule(rampart); // set the rampart config properties correctly CryptoConfig signcriptoInfo = new CryptoConfig(); signcriptoInfo.setProvider(Merlin.class.getName()); Properties properties = new Properties(); properties.setProperty( org.apache.ws.security.crypto.merlin.keystore.type , JKS); properties.setProperty(org.apache.ws.security.crypto.merlin.file, security_client_wcf/conf/sec.jks); properties.setProperty( org.apache.ws.security.crypto.merlin.keystore.password , password); signcriptoInfo.setProp(properties); CryptoConfig encriptcriptoInfo = new CryptoConfig(); encriptcriptoInfo.setProp(properties); encriptcriptoInfo.setProvider (Merlin.class.getName()); RampartConfig config = new RampartConfig(); config.setUser(alice); config.setEncryptionUser(bob); config.setPwCbClass( util.PasswordCallbackHandler); config.setSigCryptoConfig(signcriptoInfo); config.setEncrCryptoConfig(encriptcriptoInfo); ramapConfigPolicy = new Policy(); ramapConfigPolicy.addAssertion (config); try { stub._getServiceClient().getAxisService().getPolicyInclude().addPolicyElement( PolicyInclude.ANON_POLICY, ramapConfigPolicy); String result = stub.echo (Test String); System.out.println(Result == + result); } catch (RemoteException e) { e.printStackTrace(); } here stub refers to your generated stub. AXIS2_REPOSITORY refers to your axis2 repository. this should have the rampart mar files. here you have to set the key store, user names and passwords as given above. You may have a password callback class like this with the correct user names and passwords. public class PasswordCallbackHandler implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i callbacks.length; i++) { WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i]; String id = pwcb.getIdentifer(); if (alice.equals(id)) { pwcb.setPassword (ecila); } else if (bob.equals(id)) { pwcb.setPassword(bob); } } } } thanks, Amila. On 7/26/07, Brian Baldwin [EMAIL PROTECTED] wrote: I've been using Axis1.x to access my webservice using WSDL2Java generated stubs...works great...I use the Locator class. I've modified my webservice to use WS-Policy directives (Sign and Auth). The WSDL has changed as expected to include the wsp:policy elements for Sign and Auth. Do I need to use Axis2/Rampart to generate the client stubs and apply the encryption now that my webservice is using WS-Policy directives? Is there an example for using Axis/Axis2 to access a policy-enabled web service? My webservice is deployed to WLS 9.2 and I can use weblogic's clientgen-generated stubs to encrypt
Re: [Axis2] accessing a policy-secured webservice using a WSDL2Java client
this is what you can do with the Axis2 and rampart first geneate the code using wsdl2java tool use -u and -g options as well. then get a rampart distribution and put all requried libs to the class path (these comes with the rampart distributtion) and put the .mar files to the repository modules. Install full strength security jars (with out this some security assertions does not work) write the client code like this ConfigurationContext confContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(AXIS2_REPOSITORY, AXIS2_XML); stub = new PingService10MutualCertificate10SignEncrypt_IPingServiceStub(confContext); stub._getServiceClient().engageModule(rampart); // set the rampart config properties correctly CryptoConfig signcriptoInfo = new CryptoConfig(); signcriptoInfo.setProvider(Merlin.class.getName()); Properties properties = new Properties(); properties.setProperty( org.apache.ws.security.crypto.merlin.keystore.type, JKS); properties.setProperty(org.apache.ws.security.crypto.merlin.file, security_client_wcf/conf/sec.jks); properties.setProperty( org.apache.ws.security.crypto.merlin.keystore.password, password); signcriptoInfo.setProp(properties); CryptoConfig encriptcriptoInfo = new CryptoConfig(); encriptcriptoInfo.setProp(properties); encriptcriptoInfo.setProvider(Merlin.class.getName()); RampartConfig config = new RampartConfig(); config.setUser(alice); config.setEncryptionUser(bob); config.setPwCbClass(util.PasswordCallbackHandler); config.setSigCryptoConfig(signcriptoInfo); config.setEncrCryptoConfig(encriptcriptoInfo); ramapConfigPolicy = new Policy(); ramapConfigPolicy.addAssertion(config); try { stub._getServiceClient().getAxisService().getPolicyInclude().addPolicyElement( PolicyInclude.ANON_POLICY, ramapConfigPolicy); String result = stub.echo(Test String); System.out.println(Result == + result); } catch (RemoteException e) { e.printStackTrace(); } here stub refers to your generated stub. AXIS2_REPOSITORY refers to your axis2 repository. this should have the rampart mar files. here you have to set the key store, user names and passwords as given above. You may have a password callback class like this with the correct user names and passwords. public class PasswordCallbackHandler implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i callbacks.length; i++) { WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i]; String id = pwcb.getIdentifer(); if (alice.equals(id)) { pwcb.setPassword(ecila); } else if (bob.equals(id)) { pwcb.setPassword(bob); } } } } thanks, Amila. On 7/26/07, Brian Baldwin [EMAIL PROTECTED] wrote: I've been using Axis1.x to access my webservice using WSDL2Java generated stubs...works great...I use the Locator class. I've modified my webservice to use WS-Policy directives (Sign and Auth). The WSDL has changed as expected to include the wsp:policy elements for Sign and Auth. Do I need to use Axis2/Rampart to generate the client stubs and apply the encryption now that my webservice is using WS-Policy directives? Is there an example for using Axis/Axis2 to access a policy-enabled web service? My webservice is deployed to WLS 9.2 and I can use weblogic's clientgen-generated stubs to encrypt and digitally-sign the message. However, I would like my clients to be able to use Axis. I've been trying to use Axis2/Rampart but can't get it working. I've been getting an 'InvalidKeyException: Wrong key usage'. Follow on question would be with WS-Policy Auth.xml does that mean I should use the Encrypt item in the OutflowSecurity parameter for Rampart? Does WS-Policy Sign.xml map to the Signature item in OutflowSecurity? What WS-Policy would cause me to need to use the Timestamp item in OutflowSecurity? Thank you in advance Brian -- Amila Suriarachchi, WSO2 Inc.
[Axis2] accessing a policy-secured webservice using a WSDL2Java client
I've been using Axis1.x to access my webservice using WSDL2Java generated stubs...works great...I use the Locator class. I've modified my webservice to use WS-Policy directives (Sign and Auth). The WSDL has changed as expected to include the wsp:policy elements for Sign and Auth. Do I need to use Axis2/Rampart to generate the client stubs and apply the encryption now that my webservice is using WS-Policy directives? Is there an example for using Axis/Axis2 to access a policy-enabled web service? My webservice is deployed to WLS 9.2 and I can use weblogic's clientgen-generated stubs to encrypt and digitally-sign the message. However, I would like my clients to be able to use Axis. I've been trying to use Axis2/Rampart but can't get it working. I've been getting an 'InvalidKeyException: Wrong key usage'. Follow on question would be with WS-Policy Auth.xml does that mean I should use the Encrypt item in the OutflowSecurity parameter for Rampart? Does WS-Policy Sign.xml map to the Signature item in OutflowSecurity? What WS-Policy would cause me to need to use the Timestamp item in OutflowSecurity? Thank you in advance Brian