Hi,
I have created a sample Say Hello Webservice and I am trying to do basic
implementation of WSSecurity using Axis2 and RamPart.
I am following the tutorial http://wso2.org/library/3190. Apart from this
also followed the link http://wso2.org/library/3787.which addresses
the compatibility issues with Axis2 1.4 and rampart 1.4. I have policy added
in services.xml and at bindings level in WSDL. At the end when I am trying
to run it I am getting "Invalid Security Error".
Here is the details of Environment
Axis2 version :Axis2 1.4
Rampart version: Rampart 1.4
Application Server :JBoss 4.0.5
WSDL file and services.xml is attached with this email.
I have pasted here request and response soap message, captured from TCPMON.
I have given the errors which I am getting on server side and client side.
Request SOAP Message
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
<soapenv:Header>
<wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="true">
<wsse:UsernameToken xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-31658378">
<wsse:Username>apache</wsse:Username>
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ns1:sayHello xmlns:ns1="http://HelloWeb/xsd";>
<ns1:param0>Sudhir Mongia 1</ns1:param0>
</ns1:sayHello>
</soapenv:Body>
</soapenv:Envelope>
Response Soap Message
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code><soapenv:Value>soapenv:Receiver</soapenv:Value></soapenv:Code>
<soapenv:Reason><soapenv:Text
xml:lang="en-US">InvalidSecurity</soapenv:Text></soapenv:Reason>
<soapenv:Detail />
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
Error on Client side
org.apache.axis2.AxisFault: InvalidSecurity
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at
com.sample.webservice.client.HelloWebServiceStub.sayHello(HelloWebServiceStub.java:192)
at com.sample.webservice.client.TestWebService.main(TestWebService.java:52)
Error on Server side
16:10:00,138 INFO [STDOUT] 16:10:00,138 ERROR [AxisEngine] InvalidSecurity
org.apache.axis2.AxisFault: InvalidSecurity
at
org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:131)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)
Any Pointer on this. Please let me know, if you need more information from
my side.
Thanks,
Sudhir
<wsdl:definitions xmlns:axis2="http://HelloWeb/"; xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"; xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"; xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"; xmlns:ns1="http://org.apache.axis2/xsd"; xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; xmlns:ns="http://HelloWeb/xsd"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; targetNamespace="http://HelloWeb/";>
<wsdl:types>
<xs:schema attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace="http://HelloWeb/xsd";>
<xs:element name="sayHello">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="param0" nillable="true" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="sayHelloResponse">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="return" nillable="true" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
</wsdl:types>
<wsdl:message name="sayHelloRequest">
<wsdl:part name="parameters" element="ns:sayHello"/>
</wsdl:message>
<wsdl:message name="sayHelloResponse">
<wsdl:part name="parameters" element="ns:sayHelloResponse"/>
</wsdl:message>
<wsdl:portType name="HelloWebServicePortType">
<wsdl:operation name="sayHello">
<wsdl:input message="axis2:sayHelloRequest" wsaw:Action="urn:sayHello">
</wsdl:input>
<wsdl:output message="axis2:sayHelloResponse" wsaw:Action="urn:sayHelloResponse">
</wsdl:output>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="HelloWebServiceHttpBinding" type="axis2:HelloWebServicePortType">
<http:binding verb="POST"/>
<wsdl:operation name="sayHello">
<http:operation location="HelloWebService/sayHello"/>
<wsdl:input>
<mime:content part="sayHello" type="text/xml"/>
</wsdl:input>
<wsdl:output>
<mime:content part="sayHello" type="text/xml"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="HelloWebServiceSoap11Binding" type="axis2:HelloWebServicePortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsp:Policy wsu:Id="UsernameTokenOverHTTPS" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:passwordCallbackClass>com.sample.webservice.security.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:operation name="sayHello">
<soap:operation soapAction="urn:sayHello" style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="HelloWebServiceSoap12Binding" type="axis2:HelloWebServicePortType">
<wsp:Policy wsu:Id="UsernameTokenOverHTTPS" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:passwordCallbackClass>com.sample.webservice.security.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<soap12:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="sayHello">
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="HelloWebService">
<wsdl:port name="HelloWebServiceHttpSoap12Endpoint" binding="axis2:HelloWebServiceSoap12Binding">
<soap12:address location="http://localhost:8080/axis2/services/HelloWebService"/>
</wsdl:port>
<wsdl:port name="HelloWebServiceHttpSoap11Endpoint" binding="axis2:HelloWebServiceSoap11Binding">
<soap:address location="http://localhost:8080/axis2/services/HelloWebService"/>
</wsdl:port>
<wsdl:port name="HelloWebServiceHttpEndpoint" binding="axis2:HelloWebServiceHttpBinding">
<http:address location="http://localhost:8080/axis2/services/HelloWebService"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
<?xml version="1.0" encoding="UTF-8"?>
<!-- This file was auto-generated from WSDL -->
<!-- by the Apache Axis2 version: 1.4 Built on : Apr 26, 2008 (06:24:30 EDT) -->
<serviceGroup>
<service name="HelloWebService">
<module ref="rampart"/>
<messageReceivers>
<messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"; class="com.sample.webservice.service.HelloWebServiceMessageReceiverInOut"/>
</messageReceivers>
<parameter name="ServiceClass">com.sample.webservice.service.HelloWebServiceSkeleton</parameter>
<parameter name="useOriginalwsdl">true</parameter>
<parameter name="modifyUserWSDLPortAddress">true</parameter>
<operation name="sayHello" mep="http://www.w3.org/ns/wsdl/in-out"; namespace="http://HelloWeb/";>
<actionMapping>urn:sayHello</actionMapping>
<outputActionMapping>urn:sayHelloResponse</outputActionMapping>
</operation>
<wsp:Policy wsu:Id="UsernameTokenOverHTTPS" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; />
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:passwordCallbackClass>com.sample.webservice.security.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
</serviceGroup>
