Hi, I have created a sample Say Hello Webservice and I am trying to do basic implementation of WSSecurity using Axis2 and RamPart.
I am following the tutorial http://wso2.org/library/3190. Apart from this also followed the link http://wso2.org/library/3787.which addresses the compatibility issues with Axis2 1.4 and rampart 1.4. I have policy added in services.xml and at bindings level in WSDL. At the end when I am trying to run it I am getting "Invalid Security Error". Here is the details of Environment Axis2 version :Axis2 1.4 Rampart version: Rampart 1.4 Application Server :JBoss 4.0.5 WSDL file and services.xml is attached with this email. I have pasted here request and response soap message, captured from TCPMON. I have given the errors which I am getting on server side and client side. Request SOAP Message <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Header> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true"> <wsse:UsernameToken xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-31658378"> <wsse:Username>apache</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">password</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <ns1:sayHello xmlns:ns1="http://HelloWeb/xsd"> <ns1:param0>Sudhir Mongia 1</ns1:param0> </ns1:sayHello> </soapenv:Body> </soapenv:Envelope> Response Soap Message <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Body> <soapenv:Fault> <soapenv:Code><soapenv:Value>soapenv:Receiver</soapenv:Value></soapenv:Code> <soapenv:Reason><soapenv:Text xml:lang="en-US">InvalidSecurity</soapenv:Text></soapenv:Reason> <soapenv:Detail /> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> Error on Client side org.apache.axis2.AxisFault: InvalidSecurity at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at com.sample.webservice.client.HelloWebServiceStub.sayHello(HelloWebServiceStub.java:192) at com.sample.webservice.client.TestWebService.main(TestWebService.java:52) Error on Server side 16:10:00,138 INFO [STDOUT] 16:10:00,138 ERROR [AxisEngine] InvalidSecurity org.apache.axis2.AxisFault: InvalidSecurity at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:131) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) Any Pointer on this. Please let me know, if you need more information from my side. Thanks, Sudhir
<wsdl:definitions xmlns:axis2="http://HelloWeb/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:ns1="http://org.apache.axis2/xsd" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:ns="http://HelloWeb/xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://HelloWeb/"> <wsdl:types> <xs:schema attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace="http://HelloWeb/xsd"> <xs:element name="sayHello"> <xs:complexType> <xs:sequence> <xs:element minOccurs="0" name="param0" nillable="true" type="xs:string"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="sayHelloResponse"> <xs:complexType> <xs:sequence> <xs:element minOccurs="0" name="return" nillable="true" type="xs:string"/> </xs:sequence> </xs:complexType> </xs:element> </xs:schema> </wsdl:types> <wsdl:message name="sayHelloRequest"> <wsdl:part name="parameters" element="ns:sayHello"/> </wsdl:message> <wsdl:message name="sayHelloResponse"> <wsdl:part name="parameters" element="ns:sayHelloResponse"/> </wsdl:message> <wsdl:portType name="HelloWebServicePortType"> <wsdl:operation name="sayHello"> <wsdl:input message="axis2:sayHelloRequest" wsaw:Action="urn:sayHello"> </wsdl:input> <wsdl:output message="axis2:sayHelloResponse" wsaw:Action="urn:sayHelloResponse"> </wsdl:output> </wsdl:operation> </wsdl:portType> <wsdl:binding name="HelloWebServiceHttpBinding" type="axis2:HelloWebServicePortType"> <http:binding verb="POST"/> <wsdl:operation name="sayHello"> <http:operation location="HelloWebService/sayHello"/> <wsdl:input> <mime:content part="sayHello" type="text/xml"/> </wsdl:input> <wsdl:output> <mime:content part="sayHello" type="text/xml"/> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:binding name="HelloWebServiceSoap11Binding" type="axis2:HelloWebServicePortType"> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <wsp:Policy wsu:Id="UsernameTokenOverHTTPS" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/> </wsp:Policy> </sp:SignedSupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:passwordCallbackClass>com.sample.webservice.security.PWCBHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <wsdl:operation name="sayHello"> <soap:operation soapAction="urn:sayHello" style="document"/> <wsdl:input> <soap:body use="literal"/> </wsdl:input> <wsdl:output> <soap:body use="literal"/> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:binding name="HelloWebServiceSoap12Binding" type="axis2:HelloWebServicePortType"> <wsp:Policy wsu:Id="UsernameTokenOverHTTPS" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/> </wsp:Policy> </sp:SignedSupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:passwordCallbackClass>com.sample.webservice.security.PWCBHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <soap12:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> <wsdl:operation name="sayHello"> <wsdl:input> <soap12:body use="literal"/> </wsdl:input> <wsdl:output> <soap12:body use="literal"/> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:service name="HelloWebService"> <wsdl:port name="HelloWebServiceHttpSoap12Endpoint" binding="axis2:HelloWebServiceSoap12Binding"> <soap12:address location="http://localhost:8080/axis2/services/HelloWebService"/> </wsdl:port> <wsdl:port name="HelloWebServiceHttpSoap11Endpoint" binding="axis2:HelloWebServiceSoap11Binding"> <soap:address location="http://localhost:8080/axis2/services/HelloWebService"/> </wsdl:port> <wsdl:port name="HelloWebServiceHttpEndpoint" binding="axis2:HelloWebServiceHttpBinding"> <http:address location="http://localhost:8080/axis2/services/HelloWebService"/> </wsdl:port> </wsdl:service> </wsdl:definitions>
<?xml version="1.0" encoding="UTF-8"?> <!-- This file was auto-generated from WSDL --> <!-- by the Apache Axis2 version: 1.4 Built on : Apr 26, 2008 (06:24:30 EDT) --> <serviceGroup> <service name="HelloWebService"> <module ref="rampart"/> <messageReceivers> <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out" class="com.sample.webservice.service.HelloWebServiceMessageReceiverInOut"/> </messageReceivers> <parameter name="ServiceClass">com.sample.webservice.service.HelloWebServiceSkeleton</parameter> <parameter name="useOriginalwsdl">true</parameter> <parameter name="modifyUserWSDLPortAddress">true</parameter> <operation name="sayHello" mep="http://www.w3.org/ns/wsdl/in-out" namespace="http://HelloWeb/"> <actionMapping>urn:sayHello</actionMapping> <outputActionMapping>urn:sayHelloResponse</outputActionMapping> </operation> <wsp:Policy wsu:Id="UsernameTokenOverHTTPS" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" /> </wsp:Policy> </sp:SignedSupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:passwordCallbackClass>com.sample.webservice.security.PWCBHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </service> </serviceGroup>