RE: FW: Newbie Basics: Security Policy
Thanks nandana! I believed that fixed it XD! The world makes sense now! =RY From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Tue 7/15/2008 5:07 PM To: axis-user@ws.apache.org Subject: Re: FW: Newbie Basics: Security Policy Could it been that the wss4j jars are conflicting? Because the axis2 library contains both the 1.5.3 version and the 1.5.4 version? Yes, you must only have the WSS4J jar relevant to Rampart version you are using. As I said earlier, if you have a fresh Axis2 distribution , what you need to to is , copy the dependencies jars in relevant the Rampart distribution to your Axis2 library. CALLBACK HANDLER: Password callback looks oky. SERVICES.XML: ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy; !-- Does the following user have to be the same as the username for the token? Is that alice in this case? -- ramp:userusername/ramp:user Nope, this used as the private key alias of the service when encryption or signatures are involved. regards, nandana -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Tue 7/15/2008 4:39 PM To: axis-user@ws.apache.org; [EMAIL PROTECTED] Subject: Re: FW: Newbie Basics: Security Policy What is the version of the WSS4J jar you are using ? It seems you are using a older on than 1.5.4. http://1.5.4./ You can find all the dependencies needed for Rampart 1.4 in the Rampart 1.4 binary distribution under /rampart-1.4/lib/ which can downloaded form here [1]. Adding the wss4j 1.5.4 jar to your Axis2 lib will solve this problem. You can also post your password callback handler class for the server side and the services.xml, so we can verify whether they are correct. thanks, nandana [1] - http://ws.apache.org/rampart/download/1.4/download.cgi Just to verify how this policy would work... So if I use this policy, I can just tell soapUI to add a User Name Token with username alice and password bobPW, and I should receive an echo back (using the service in the samples) in the response? However, when I do this, for some reason I receive and error. The RAW messages are reprinted below: REQUEST: Host: 192.168.1.247:8080 http://192.168.1.247:8080/ Content-Length: 803 User-Agent: Jakarta Commons-HttpClient/3.0.1 Content-Type: application/soap+xml;charset=UTF-8;action=urn:echo soap:Envelope xmlns:sam= http://sample01.policy.samples.rampart.apache.org http://sample01.policy.samples.rampart.apache.org/ xmlns:soap= http://www.w3.org/2003/05/soap-envelope; soap:Header wsse:Security soap:mustUnderstand=true xmlns:wsse= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd wsse:UsernameToken wsu:Id=UsernameToken-10518016 xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd wsse:Usernamealice/wsse:Username wsse:Password Type= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText bobPW/wsse:Password /wsse:UsernameToken /wsse:Security /soap:Header soap:Body sam:echo !--Optional:-- sam:param0?/sam:param0 /sam:echo /soap:Body /soap:Envelope RESPONSE: HTTP/1.1 500 Internal Server Error Date: Tue, 15 Jul 2008 18:05:24 GMT Transfer-Encoding: chunked Connection: close Content-Type: application/soap+xml; action= http://www.w3.org/2005/08/addressing/soap/fault;charset=UTF-8 Server: Apache-Coyote/1.1 ?xml version='1.0' encoding='UTF-8'? soapenv:Envelope xmlns:soapenv=http://www.w3.org/2003/05/soap-envelope soapenv:Body soapenv:Fault soapenv:Code soapenv:Valuesoapenv:Receiver/soapenv:Value /soapenv:Code soapenv:Reason soapenv:Text xml:lang=en-USjava.lang.NoSuchMethodError: org.apache.ws.security.message.WSSecHeader.isEmpty(Lorg/w3c/dom/Document;)Z/soapenv:Text /soapenv:Reason soapenv:Detail / /soapenv:Fault /soapenv:Body /soapenv:Envelope
Re: FW: Newbie Basics: Security Policy
What is the version of the WSS4J jar you are using ? It seems you are using a older on than 1.5.4. You can find all the dependencies needed for Rampart 1.4 in the Rampart 1.4 binary distribution under /rampart-1.4/lib/ which can downloaded form here [1]. Adding the wss4j 1.5.4 jar to your Axis2 lib will solve this problem. You can also post your password callback handler class for the server side and the services.xml, so we can verify whether they are correct. thanks, nandana [1] - http://ws.apache.org/rampart/download/1.4/download.cgi Just to verify how this policy would work... So if I use this policy, I can just tell soapUI to add a User Name Token with username alice and password bobPW, and I should receive an echo back (using the service in the samples) in the response? However, when I do this, for some reason I receive and error. The RAW messages are reprinted below: REQUEST: Host: 192.168.1.247:8080 Content-Length: 803 User-Agent: Jakarta Commons-HttpClient/3.0.1 Content-Type: application/soap+xml;charset=UTF-8;action=urn:echo soap:Envelope xmlns:sam= http://sample01.policy.samples.rampart.apache.org; xmlns:soap= http://www.w3.org/2003/05/soap-envelope; soap:Header wsse:Security soap:mustUnderstand=true xmlns:wsse= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd wsse:UsernameToken wsu:Id=UsernameToken-10518016 xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd wsse:Usernamealice/wsse:Username wsse:Password Type= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText bobPW/wsse:Password /wsse:UsernameToken /wsse:Security /soap:Header soap:Body sam:echo !--Optional:-- sam:param0?/sam:param0 /sam:echo /soap:Body /soap:Envelope RESPONSE: HTTP/1.1 500 Internal Server Error Date: Tue, 15 Jul 2008 18:05:24 GMT Transfer-Encoding: chunked Connection: close Content-Type: application/soap+xml; action= http://www.w3.org/2005/08/addressing/soap/fault;charset=UTF-8 Server: Apache-Coyote/1.1 ?xml version='1.0' encoding='UTF-8'? soapenv:Envelope xmlns:soapenv=http://www.w3.org/2003/05/soap-envelope soapenv:Body soapenv:Fault soapenv:Code soapenv:Valuesoapenv:Receiver/soapenv:Value /soapenv:Code soapenv:Reason soapenv:Text xml:lang=en-USjava.lang.NoSuchMethodError: org.apache.ws.security.message.WSSecHeader.isEmpty(Lorg/w3c/dom/Document;)Z/soapenv:Text /soapenv:Reason soapenv:Detail / /soapenv:Fault /soapenv:Body /soapenv:Envelope Thanks. =RY -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Mon 7/14/2008 8:01 AM To: [EMAIL PROTECTED] Subject: Re: Newbie Basics: Security Policy Hi Roxane, This is the policy to be used. Hope you know how to attach this policy to services.xml and to a client. Please go through the Rampart policy samples and you will be able to see how that is done. If you have further questions, please feel free to throw them in. regards, nandana wsp:Policy wsu:Id=UT xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy; wsp:ExactlyOne wsp:All sp:SupportingTokens xmlns:sp= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:UsernameToken sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient / /wsp:Policy /sp:SupportingTokens ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy ramp:userusername/ramp:user ramp:passwordCallbackClassorg.apache.rampart.samples.policy.sample01.PWCBHandler/ramp:passwordCallbackClass /ramp:RampartConfig /wsp:All /wsp:ExactlyOne /wsp:Policy On Mon, Jul 14, 2008 at 11:53 PM, Roxanne Yee [EMAIL PROTECTED] wrote: If I simply wanted to implement a web service that used a User Name Token authentication system with a Username and Password in Plaintext (no SSL for now, cause I'm a little sketchy on how to actually set that up), what would I need to do if using the Policy handler configuration? Thanks. = RY - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/
RE: FW: Newbie Basics: Security Policy
Could it been that the wss4j jars are conflicting? Because the axis2 library contains both the 1.5.3 version and the 1.5.4 version? However, I'll post my callback handler and services.xml as well. CALLBACK HANDLER: package org.apache.rampart.samples.policy.sample01; import org.apache.ws.security.WSPasswordCallback; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import java.io.IOException; public class PWCBHandler implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i callbacks.length; i++) { //When the server side need to authenticate the user WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { if(pwcb.getIdentifer().equals(alice) pwcb.getPassword().equals(bobPW)) { return; } else { throw new UnsupportedCallbackException(callbacks[i], check failed); } } //When the client requests for the password to be added in to the //UT element pwcb.setPassword(bobPW); } } } Thank you! =RY SERVICES.XML: ?xml version=1.0 encoding=UTF-8? service operation name=echo messageReceiver class=org.apache.axis2.rpc.receivers.RPCMessageReceiver/ /operation parameter name=ServiceClass locked=falseorg.apache.rampart.samples.policy.sample01.SimpleService/parameter module ref=rampart / module ref=addressing / wsp:Policy wsu:Id=UT xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy; wsp:ExactlyOne wsp:All sp:SupportingTokens xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:UsernameToken sp:IncludeToken=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient/ /wsp:Policy /sp:SupportingTokens ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy; !-- Does the following user have to be the same as the username for the token? Is that alice in this case? -- ramp:userusername/ramp:user ramp:passwordCallbackClassorg.apache.rampart.samples.policy.sample01.PWCBHandler/ramp:passwordCallbackClass /ramp:RampartConfig /wsp:All /wsp:ExactlyOne /wsp:Policy /service -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Tue 7/15/2008 4:39 PM To: axis-user@ws.apache.org; [EMAIL PROTECTED] Subject: Re: FW: Newbie Basics: Security Policy What is the version of the WSS4J jar you are using ? It seems you are using a older on than 1.5.4. You can find all the dependencies needed for Rampart 1.4 in the Rampart 1.4 binary distribution under /rampart-1.4/lib/ which can downloaded form here [1]. Adding the wss4j 1.5.4 jar to your Axis2 lib will solve this problem. You can also post your password callback handler class for the server side and the services.xml, so we can verify whether they are correct. thanks, nandana [1] - http://ws.apache.org/rampart/download/1.4/download.cgi Just to verify how this policy would work... So if I use this policy, I can just tell soapUI to add a User Name Token with username alice and password bobPW, and I should receive an echo back (using the service in the samples) in the response? However, when I do this, for some reason I receive and error. The RAW messages are reprinted below: REQUEST: Host: 192.168.1.247:8080 Content-Length: 803 User-Agent: Jakarta Commons-HttpClient/3.0.1 Content-Type: application/soap+xml;charset=UTF-8;action=urn:echo soap:Envelope xmlns:sam= http://sample01.policy.samples.rampart.apache.org; xmlns:soap= http://www.w3.org/2003/05/soap-envelope; soap:Header wsse:Security soap:mustUnderstand=true xmlns:wsse= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd wsse:UsernameToken wsu:Id=UsernameToken-10518016 xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd wsse:Usernamealice/wsse:Username wsse:Password Type= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText bobPW/wsse:Password /wsse:UsernameToken /wsse:Security /soap:Header soap:Body sam:echo !--Optional:-- sam:param0?/sam:param0 /sam:echo /soap:Body /soap:Envelope RESPONSE: HTTP/1.1 500 Internal Server Error Date: Tue, 15 Jul 2008 18:05:24