RE: FW: Newbie Basics: Security Policy
Thanks nandana! I believed that fixed it XD! The world makes sense now! =RY From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Tue 7/15/2008 5:07 PM To: axis-user@ws.apache.org Subject: Re: FW: Newbie Basics: Security Policy Could it been that the wss4j jars are conflicting? Because the axis2 library contains both the 1.5.3 version and the 1.5.4 version? Yes, you must only have the WSS4J jar relevant to Rampart version you are using. As I said earlier, if you have a fresh Axis2 distribution , what you need to to is , copy the dependencies jars in relevant the Rampart distribution to your Axis2 library. CALLBACK HANDLER: Password callback looks oky. SERVICES.XML: ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy; !-- Does the following user have to be the same as the username for the token? Is that alice in this case? -- ramp:userusername/ramp:user Nope, this used as the private key alias of the service when encryption or signatures are involved. regards, nandana -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Tue 7/15/2008 4:39 PM To: axis-user@ws.apache.org; [EMAIL PROTECTED] Subject: Re: FW: Newbie Basics: Security Policy What is the version of the WSS4J jar you are using ? It seems you are using a older on than 1.5.4. http://1.5.4./ You can find all the dependencies needed for Rampart 1.4 in the Rampart 1.4 binary distribution under /rampart-1.4/lib/ which can downloaded form here [1]. Adding the wss4j 1.5.4 jar to your Axis2 lib will solve this problem. You can also post your password callback handler class for the server side and the services.xml, so we can verify whether they are correct. thanks, nandana [1] - http://ws.apache.org/rampart/download/1.4/download.cgi Just to verify how this policy would work... So if I use this policy, I can just tell soapUI to add a User Name Token with username alice and password bobPW, and I should receive an echo back (using the service in the samples) in the response? However, when I do this, for some reason I receive and error. The RAW messages are reprinted below: REQUEST: Host: 192.168.1.247:8080 http://192.168.1.247:8080/ Content-Length: 803 User-Agent: Jakarta Commons-HttpClient/3.0.1 Content-Type: application/soap+xml;charset=UTF-8;action=urn:echo soap:Envelope xmlns:sam= http://sample01.policy.samples.rampart.apache.org http://sample01.policy.samples.rampart.apache.org/ xmlns:soap= http://www.w3.org/2003/05/soap-envelope; soap:Header wsse:Security soap:mustUnderstand=true xmlns:wsse= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd wsse:UsernameToken wsu:Id=UsernameToken-10518016 xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd wsse:Usernamealice/wsse:Username wsse:Password Type= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText bobPW/wsse:Password /wsse:UsernameToken /wsse:Security /soap:Header soap:Body sam:echo !--Optional:-- sam:param0?/sam:param0 /sam:echo /soap:Body /soap:Envelope RESPONSE: HTTP/1.1 500 Internal Server Error Date: Tue, 15 Jul 2008 18:05:24 GMT Transfer-Encoding: chunked Connection: close Content-Type: application/soap+xml; action= http://www.w3.org/2005/08/addressing/soap/fault;charset=UTF-8 Server: Apache-Coyote/1.1 ?xml version='1.0' encoding='UTF-8'? soapenv:Envelope xmlns:soapenv=http://www.w3.org/2003/05/soap-envelope soapenv:Body soapenv:Fault soapenv:Code soapenv:Valuesoapenv:Receiver/soapenv:Value /soapenv:Code soapenv:Reason soapenv:Text xml:lang=en-USjava.lang.NoSuchMethodError: org.apache.ws.security.message.WSSecHeader.isEmpty(Lorg/w3c/dom/Document;)Z/soapenv:Text /soapenv:Reason soapenv:Detail / /soapenv:Fault /soapenv:Body /soapenv:Envelope
Re: FW: Newbie Basics: Security Policy
What is the version of the WSS4J jar you are using ? It seems you are using a older on than 1.5.4. You can find all the dependencies needed for Rampart 1.4 in the Rampart 1.4 binary distribution under /rampart-1.4/lib/ which can downloaded form here [1]. Adding the wss4j 1.5.4 jar to your Axis2 lib will solve this problem. You can also post your password callback handler class for the server side and the services.xml, so we can verify whether they are correct. thanks, nandana [1] - http://ws.apache.org/rampart/download/1.4/download.cgi Just to verify how this policy would work... So if I use this policy, I can just tell soapUI to add a User Name Token with username alice and password bobPW, and I should receive an echo back (using the service in the samples) in the response? However, when I do this, for some reason I receive and error. The RAW messages are reprinted below: REQUEST: Host: 192.168.1.247:8080 Content-Length: 803 User-Agent: Jakarta Commons-HttpClient/3.0.1 Content-Type: application/soap+xml;charset=UTF-8;action=urn:echo soap:Envelope xmlns:sam= http://sample01.policy.samples.rampart.apache.org; xmlns:soap= http://www.w3.org/2003/05/soap-envelope; soap:Header wsse:Security soap:mustUnderstand=true xmlns:wsse= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd wsse:UsernameToken wsu:Id=UsernameToken-10518016 xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd wsse:Usernamealice/wsse:Username wsse:Password Type= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText bobPW/wsse:Password /wsse:UsernameToken /wsse:Security /soap:Header soap:Body sam:echo !--Optional:-- sam:param0?/sam:param0 /sam:echo /soap:Body /soap:Envelope RESPONSE: HTTP/1.1 500 Internal Server Error Date: Tue, 15 Jul 2008 18:05:24 GMT Transfer-Encoding: chunked Connection: close Content-Type: application/soap+xml; action= http://www.w3.org/2005/08/addressing/soap/fault;charset=UTF-8 Server: Apache-Coyote/1.1 ?xml version='1.0' encoding='UTF-8'? soapenv:Envelope xmlns:soapenv=http://www.w3.org/2003/05/soap-envelope soapenv:Body soapenv:Fault soapenv:Code soapenv:Valuesoapenv:Receiver/soapenv:Value /soapenv:Code soapenv:Reason soapenv:Text xml:lang=en-USjava.lang.NoSuchMethodError: org.apache.ws.security.message.WSSecHeader.isEmpty(Lorg/w3c/dom/Document;)Z/soapenv:Text /soapenv:Reason soapenv:Detail / /soapenv:Fault /soapenv:Body /soapenv:Envelope Thanks. =RY -Original Message- From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Mon 7/14/2008 8:01 AM To: [EMAIL PROTECTED] Subject: Re: Newbie Basics: Security Policy Hi Roxane, This is the policy to be used. Hope you know how to attach this policy to services.xml and to a client. Please go through the Rampart policy samples and you will be able to see how that is done. If you have further questions, please feel free to throw them in. regards, nandana wsp:Policy wsu:Id=UT xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy; wsp:ExactlyOne wsp:All sp:SupportingTokens xmlns:sp= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy; wsp:Policy sp:UsernameToken sp:IncludeToken= http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient / /wsp:Policy /sp:SupportingTokens ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy ramp:userusername/ramp:user ramp:passwordCallbackClassorg.apache.rampart.samples.policy.sample01.PWCBHandler/ramp:passwordCallbackClass /ramp:RampartConfig /wsp:All /wsp:ExactlyOne /wsp:Policy On Mon, Jul 14, 2008 at 11:53 PM, Roxanne Yee [EMAIL PROTECTED] wrote: If I simply wanted to implement a web service that used a User Name Token authentication system with a Username and Password in Plaintext (no SSL for now, cause I'm a little sketchy on how to actually set that up), what would I need to do if using the Policy handler configuration? Thanks. = RY - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/
RE: FW: Newbie Basics: Security Policy
Could it been that the wss4j jars are conflicting? Because the axis2 library
contains both the 1.5.3 version and the 1.5.4 version?
However, I'll post my callback handler and services.xml as well.
CALLBACK HANDLER:
package org.apache.rampart.samples.policy.sample01;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i callbacks.length; i++) {
//When the server side need to authenticate the user
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
if(pwcb.getIdentifer().equals(alice)
pwcb.getPassword().equals(bobPW)) {
return;
} else {
throw new UnsupportedCallbackException(callbacks[i], check
failed);
}
}
//When the client requests for the password to be added in to the
//UT element
pwcb.setPassword(bobPW);
}
}
}
Thank you!
=RY
SERVICES.XML:
?xml version=1.0 encoding=UTF-8?
service
operation name=echo
messageReceiver
class=org.apache.axis2.rpc.receivers.RPCMessageReceiver/
/operation
parameter name=ServiceClass
locked=falseorg.apache.rampart.samples.policy.sample01.SimpleService/parameter
module ref=rampart /
module ref=addressing /
wsp:Policy wsu:Id=UT
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd;
xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policy;
wsp:ExactlyOne
wsp:All
sp:SupportingTokens
xmlns:sp=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy;
wsp:Policy
sp:UsernameToken
sp:IncludeToken=http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient/
/wsp:Policy
/sp:SupportingTokens
ramp:RampartConfig xmlns:ramp=http://ws.apache.org/rampart/policy;
!-- Does the following user have to be the same as
the username
for the token? Is that alice in this case? --
ramp:userusername/ramp:user
ramp:passwordCallbackClassorg.apache.rampart.samples.policy.sample01.PWCBHandler/ramp:passwordCallbackClass
/ramp:RampartConfig
/wsp:All
/wsp:ExactlyOne
/wsp:Policy
/service
-Original Message-
From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED]
Sent: Tue 7/15/2008 4:39 PM
To: axis-user@ws.apache.org; [EMAIL PROTECTED]
Subject: Re: FW: Newbie Basics: Security Policy
What is the version of the WSS4J jar you are using ? It seems you are using
a older on than 1.5.4. You can find all the dependencies needed for Rampart
1.4 in the Rampart 1.4 binary distribution under /rampart-1.4/lib/ which
can downloaded form here [1]. Adding the wss4j 1.5.4 jar to your Axis2 lib
will solve this problem. You can also post your password callback handler
class for the server side and the services.xml, so we can verify whether
they are correct.
thanks,
nandana
[1] - http://ws.apache.org/rampart/download/1.4/download.cgi
Just to verify how this policy would work...
So if I use this policy, I can just tell soapUI to add a User Name Token
with username alice and password bobPW, and I should receive an echo
back (using the service in the samples) in the response? However, when I do
this, for some reason I receive and error. The RAW messages are reprinted
below:
REQUEST:
Host: 192.168.1.247:8080
Content-Length: 803
User-Agent: Jakarta Commons-HttpClient/3.0.1
Content-Type: application/soap+xml;charset=UTF-8;action=urn:echo
soap:Envelope xmlns:sam=
http://sample01.policy.samples.rampart.apache.org; xmlns:soap=
http://www.w3.org/2003/05/soap-envelope;
soap:Header
wsse:Security soap:mustUnderstand=true xmlns:wsse=
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
wsse:UsernameToken wsu:Id=UsernameToken-10518016 xmlns:wsu=
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsse:Usernamealice/wsse:Username
wsse:Password Type=
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
bobPW/wsse:Password
/wsse:UsernameToken
/wsse:Security
/soap:Header
soap:Body
sam:echo
!--Optional:--
sam:param0?/sam:param0
/sam:echo
/soap:Body
/soap:Envelope
RESPONSE:
HTTP/1.1 500 Internal Server Error
Date: Tue, 15 Jul 2008 18:05:24
