Re: securing axis2
On Wed, Sep 16, 2009 at 3:05 AM, Chris Snow wrote: > Is there any documentation on how to secure an axis2 installation. > do you mean the files in the installation folder (eg. axis2.xml) or requests coming to server. for former case AFAIK the only solution is to protect the folder using some OS level security. For later as Srinath has said either we can use https or ws-security. thanks, Amila. > Many thanks, > > Chris > -- Amila Suriarachchi WSO2 Inc. blog: http://amilachinthaka.blogspot.com/
Re: securing axis2
You have two choices , https, (http://ws.apache.org/axis2/1_5/http-transport.html#httpsupport) and Message level security (WS-Secuirty see Rampart) . http://ws.apache.org/rampart/ http://www.ibm.com/developerworks/java/library/j-jws4/ --Srinath On Wed, Sep 16, 2009 at 3:05 AM, Chris Snow wrote: > Is there any documentation on how to secure an axis2 installation. > > Many thanks, > > Chris > -- Srinath Perera, Ph.D. WSO2 Inc. http://wso2.com Blog: http://srinathsview.blogspot.com/
securing axis2
Is there any documentation on how to secure an axis2 installation. Many thanks, Chris
Re: Securing Axis2-Admin
Thanks! I added the following lines to the /axis2/WEB-INF/classes/
log4j.properties:
de.tamundo.security=WARN, CONSOLE
de
.tamundo.security.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
de.tamundo.security.appender.CONSOLE.layout.ConversionPattern=[%p] %m%n
I still get the same error.
Am 24.08.2009 um 14:30 schrieb Martin Gainty:
#log4j.properties should contain a statement which associates your
package to Level e.g.
#package=LEVEL, NameOfAppender
#BEGIN CONSOLE APPENDER (stdout)
#first:type of appender (fully qualified class name) note all stdout
goes to ConsoleAppender
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
#Many appenders require a layout.
log4j.appender.stdout.layout=org.apache.log4j.SimpleLayout
# additionally, some layouts can take additional information --
#like the ConversionPattern for the PatternLayout.
# log4j.appender.stdout.layout.ConversionPattern=%d %-5p %-17c{2}
(%30F:%L) %3x
- %m%n
# BEGIN Rolling APPENDER: (rolling)
# first:type of appender (fully qualified class name)
log4j.appender.rolling=org.apache.log4j.RollingFileAppender
# second: Any configuration information needed for that appender.
#Many appenders require a layout.
log4j.appender.rolling.File=example.log
# max file size of rolling appender will be 100kb
log4j.appender.rolling.MaxFileSize=100KB
# Keep one backup file
log4j.appender.rolling.MaxBackupIndex=1
#pattern of the logfile
log4j.appender.rolling.layout=org.apache.log4j.PatternLayout
log4j.appender.rolling.layout.ConversionPattern=%p %t %c - %m%n
//default rootCategory for level is debug with output directed to
stdout or //RollingFileAppender as in
log4j.rootCategory=debug,stdout,rolling
//you want to assign your package=LEVEL,Appender1,Appender2 as
defined here
de.tamundo.security=warn,stdout,rolling
valid levels are
debug, info, warn, error, fatal and log.
appenders are
console, files, GUI components, remote socket servers, JMS, NT Event
Loggers, and remote UNIX Syslog daemons
http://logging.apache.org/log4j/1.2/manual.html
HTH
Martin Gainty
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de
confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede
unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig.
Diese Nachricht dient lediglich dem Austausch von Informationen und
entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten
Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den
Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes
pas le destinataire prévu, nous te demandons avec bonté que pour
satisfaire informez l'expéditeur. N'importe quelle diffusion non
autorisée ou la copie de ceci est interdite. Ce message sert à
l'information seulement et n'aura pas n'importe quel effet
légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune
responsabilité pour le contenu fourni.
From: m...@moritz-maedler.de
To: axis-user@ws.apache.org
Subject: Securing Axis2-Admin
Date: Mon, 24 Aug 2009 14:11:58 +0200
Hello,
I'm using axis2 1.5 as a tomcat6 servlet. As it runs in production,
I want to secure the axis2 admin frontend
by restricting the access to a specifig (e.g. local) IP-range.
How can this be implemented? I tried to integrate a filter which
sends a 403-error upon access with wrong
IP-address. This leaded to following exception when restarting tomcat:
-
Aug 24, 2009 12:47:30 PM org.apache.catalina.core.StandardContext
processTlds
SEVERE: Error reading tld listeners java.lang.NullPointerException
java.lang.NullPointerException
at org.apache.log4j.Category.isEnabledFor(Category.java:749)
at
org
.apache
.commons.logging.impl.Log4JLogger.isTraceEnabled(Log4JLogger.java:333)
at
org
.apache
.catalina.startup.TldConfig.tldScanResourcePaths(TldConfig.java:581)
at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:282)
at
org
.apache
.catalina.core.StandardContext.processTlds(StandardContext.java:4307)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:
4144)
at
org
.apache
.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:
740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:
544)
at
org
.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:
626)
at
org
.apache
.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at
org
.apache.catalina.startup.HostCo
RE: Securing Axis2-Admin
#log4j.properties should contain a statement which associates your package to
Level e.g.
#package=LEVEL, NameOfAppender
#BEGIN CONSOLE APPENDER (stdout)
#first:type of appender (fully qualified class name) note all stdout goes to
ConsoleAppender
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
#Many appenders require a layout.
log4j.appender.stdout.layout=org.apache.log4j.SimpleLayout
# additionally, some layouts can take additional information --
#like the ConversionPattern for the PatternLayout.
# log4j.appender.stdout.layout.ConversionPattern=%d %-5p %-17c{2} (%30F:%L) %3x
- %m%n
# BEGIN Rolling APPENDER: (rolling)
# first:type of appender (fully qualified class name)
log4j.appender.rolling=org.apache.log4j.RollingFileAppender
# second: Any configuration information needed for that appender.
#Many appenders require a layout.
log4j.appender.rolling.File=example.log
# max file size of rolling appender will be 100kb
log4j.appender.rolling.MaxFileSize=100KB
# Keep one backup file
log4j.appender.rolling.MaxBackupIndex=1
#pattern of the logfile
log4j.appender.rolling.layout=org.apache.log4j.PatternLayout
log4j.appender.rolling.layout.ConversionPattern=%p %t %c - %m%n
//default rootCategory for level is debug with output directed to stdout or
//RollingFileAppender as in
log4j.rootCategory=debug,stdout,rolling
//you want to assign your package=LEVEL,Appender1,Appender2 as defined here
de.tamundo.security=warn,stdout,rolling
valid levels are
debug,
info,
warn,
error,
fatal
and log.
appenders are
console, files, GUI
components, remote socket
servers, JMS,
NT
Event Loggers, and remote UNIX Syslog
daemons
http://logging.apache.org/log4j/1.2/manual.html
HTH
Martin Gainty
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
From: m...@moritz-maedler.de
To: axis-user@ws.apache.org
Subject: Securing Axis2-Admin
Date: Mon, 24 Aug 2009 14:11:58 +0200
Hello,
I'm using axis2 1.5 as a tomcat6 servlet. As it runs in production, I want to
secure the axis2 admin frontendby restricting the access to a specifig (e.g.
local) IP-range. How can this be implemented? I tried to integrate a filter
which sends a 403-error upon access with wrongIP-address. This leaded to
following exception when restarting tomcat:-Aug 24, 2009 12:47:30 PM
org.apache.catalina.core.StandardContext processTldsSEVERE: Error reading tld
listeners java.lang.NullPointerExceptionjava.lang.NullPointerException at
org.apache.log4j.Category.isEnabledFor(Category.java:749)at
org.apache.commons.logging.impl.Log4JLogger.isTraceEnabled(Log4JLogger.java:333)
at
org.apache.catalina.startup.TldConfig.tldScanResourcePaths(TldConfig.java:581)
at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:282)at
org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4307)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4144)at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626) at
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache
Securing Axis2-Admin
Hello, I'm using axis2 1.5 as a tomcat6 servlet. As it runs in production, I want to secure the axis2 admin frontend by restricting the access to a specifig (e.g. local) IP-range. How can this be implemented? I tried to integrate a filter which sends a 403-error upon access with wrong IP-address. This leaded to following exception when restarting tomcat: - Aug 24, 2009 12:47:30 PM org.apache.catalina.core.StandardContext processTlds SEVERE: Error reading tld listeners java.lang.NullPointerException java.lang.NullPointerException at org.apache.log4j.Category.isEnabledFor(Category.java:749) at org .apache .commons.logging.impl.Log4JLogger.isTraceEnabled(Log4JLogger.java:333) at org .apache.catalina.startup.TldConfig.tldScanResourcePaths(TldConfig.java: 581) at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:282) at org .apache.catalina.core.StandardContext.processTlds(StandardContext.java: 4307) at org.apache.catalina.core.StandardContext.start(StandardContext.java: 4144) at org .apache .catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java: 740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java: 544) at org .apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java: 626) at org .apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java: 553) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java: 488) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java: 311) at org .apache .catalina .util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java: 1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:736) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java: 1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java: 443) at org.apache.catalina.core.StandardService.start(StandardService.java:448) at org.apache.catalina.core.StandardServer.start(StandardServer.java: 700) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 39) at sun .reflect .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 39) at sun .reflect .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 177) Aug 24, 2009 12:47:31 PM org.apache.catalina.core.StandardContext processTlds The filter-config looks like web.xml looks like [AXIS-CONF] IPFilter IPFilter de.tamundo.security.IPFilter IPFilter /IPFilter I copied the filterclass under /axis2/WEB-INF/de/tamundo/security. Is there another possibility to secure the Axis2-Admin? Thanks alot! Moritz
Re: Securing Axis2 REST Style Services
BTW ... you can also simply construct a UsernameToken element and insert the username and password as required and add it to the SOAP header with the security header, by just using axiom :-) -Ruchith On Thu, Apr 23, 2009 at 4:23 AM, Ruchith Fernando wrote: > Hi Sanjay, > > I'm trying to find a place that could throw the NPE in the > xmlsec-1.4.1 code. I still can't find a problem > JCEMapper.loadAlgorithms() method is called with an element picked out > of the config file and it should simply be able to process the rest of > it without an issue. If we had line numbers it would have been very > easy to spot the issue. > > Can you please try using this jar [1] and see whether you can > reproduce this error with it? ( hopefully this is compiled with debug > info). > > Thanks, > Ruchith > > 1. > http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar > > On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta > wrote: >> Hi Ruchith, >> I am using verison 1.4.1. >> xmlsec-1.4.1.jar >> >> Thanks >> Sanjay >> >> -Original Message- >> From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] >> Sent: Wednesday, April 22, 2009 7:24 PM >> To: axis-user@ws.apache.org >> Subject: Re: Securing Axis2 REST Style Services >> >> Hi Sanjay, >> >> Which version of Apache xmlsec are you using? >> >> Thanks, >> Ruchith >> >> On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta >> wrote: >>> Hi Ruchith, >>> Finally I got authentication working on rest call. I had to comment the db >>> calls in the class that you provided to get past the db connection issue. >>> Thank you so much for helping me out. Even though the authentication is >>> working I get an error. See the stacktrace below. I see a jira for the same >>> issue. Are there any side effect of this error? >>> Thanks >>> Sanjay >>> >>> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html >>> >>> >>> [FATAL] Bad: >>> java.lang.NullPointerException >>> at >>> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) >>> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) >>> at org.apache.xml.security.Init.init(Unknown Source) >>> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) >>> at org.apache.ws.security.WSSConfig.(WSSConfig.java:256) >>> at >>> org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) >>> at >>> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) >>> at org.apache.ws.security.message.WSSecBase.(WSSecBase.java:52) >>> at >>> org.apache.ws.security.message.WSSecUsernameToken.(WSSecUsernameToken.java:62) >>> at >>> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) >>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >>> at >>> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) >>> at >>> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) >>> at >>> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) >>> at >>> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>> at >>> org.apache.catalina.valves.Erro
Re: Securing Axis2 REST Style Services
Hi Sanjay, I'm trying to find a place that could throw the NPE in the xmlsec-1.4.1 code. I still can't find a problem JCEMapper.loadAlgorithms() method is called with an element picked out of the config file and it should simply be able to process the rest of it without an issue. If we had line numbers it would have been very easy to spot the issue. Can you please try using this jar [1] and see whether you can reproduce this error with it? ( hopefully this is compiled with debug info). Thanks, Ruchith 1. http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta wrote: > Hi Ruchith, > I am using verison 1.4.1. > xmlsec-1.4.1.jar > > Thanks > Sanjay > > -Original Message- > From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] > Sent: Wednesday, April 22, 2009 7:24 PM > To: axis-user@ws.apache.org > Subject: Re: Securing Axis2 REST Style Services > > Hi Sanjay, > > Which version of Apache xmlsec are you using? > > Thanks, > Ruchith > > On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta > wrote: >> Hi Ruchith, >> Finally I got authentication working on rest call. I had to comment the db >> calls in the class that you provided to get past the db connection issue. >> Thank you so much for helping me out. Even though the authentication is >> working I get an error. See the stacktrace below. I see a jira for the same >> issue. Are there any side effect of this error? >> Thanks >> Sanjay >> >> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html >> >> >> [FATAL] Bad: >> java.lang.NullPointerException >> at >> org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source) >> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) >> at org.apache.xml.security.Init.init(Unknown Source) >> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) >> at org.apache.ws.security.WSSConfig.(WSSConfig.java:256) >> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) >> at >> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) >> at org.apache.ws.security.message.WSSecBase.(WSSecBase.java:52) >> at >> org.apache.ws.security.message.WSSecUsernameToken.(WSSecUsernameToken.java:62) >> at >> org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) >> at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >> at >> org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) >> at >> org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) >> at >> org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) >> at >> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >> at >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >> at >> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >> at >> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >> at java.lang.Thread.run(Thread.java:619) >> java.lang.NullPointerExce
RE: Securing Axis2 REST Style Services
Hi Ruchith, I am using verison 1.4.1. xmlsec-1.4.1.jar Thanks Sanjay -Original Message- From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] Sent: Wednesday, April 22, 2009 7:24 PM To: axis-user@ws.apache.org Subject: Re: Securing Axis2 REST Style Services Hi Sanjay, Which version of Apache xmlsec are you using? Thanks, Ruchith On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta wrote: > Hi Ruchith, > Finally I got authentication working on rest call. I had to comment the db > calls in the class that you provided to get past the db connection issue. > Thank you so much for helping me out. Even though the authentication is > working I get an error. See the stacktrace below. I see a jira for the same > issue. Are there any side effect of this error? > Thanks > Sanjay > > http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html > > > [FATAL] Bad: > java.lang.NullPointerException >at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown > Source) >at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) >at org.apache.xml.security.Init.init(Unknown Source) >at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) >at org.apache.ws.security.WSSConfig.(WSSConfig.java:256) >at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) >at > org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) >at org.apache.ws.security.message.WSSecBase.(WSSecBase.java:52) >at > org.apache.ws.security.message.WSSecUsernameToken.(WSSecUsernameToken.java:62) >at > org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) >at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >at > org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) >at > org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) >at > org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) >at > org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) >at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) >at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) >at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) >at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) >at java.lang.Thread.run(Thread.java:619) > java.lang.NullPointerException >at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown > Source) >at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source) >at org.apache.xml.security.Init.init(Unknown Source) >at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233) >at org.apache.ws.security.WSSConfig.(WSSConfig.java:256) >at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265) >at > org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275) >at org.apache.ws.security.message.WSSecBase.(WSSecBase.java:52) >at > org.apache.ws.security.message.WSSecUsernameToken.(WSSecUsernameToken.java:62) >at > org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183) >at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >at org.apache.axis2.engine.AxisEngine.rec
Re: Securing Axis2 REST Style Services
ache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) > at > org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > at java.lang.Thread.run(Thread.java:619) > -Original Message- > From: Sanjay Gupta [mailto:sanjay.gu...@billwiseinc.com] > Sent: Sunday, April 19, 2009 10:36 PM > To: axis-user@ws.apache.org > Subject: RE: Securing Axis2 REST Style Services > > Hi Ruchitch, > Please ignore my previous message. The POXSecurityHandler class was not > compiled correctly. I had to figure out all the dependencies and copy them to > the axis2 lib dir one by one. Painful but I think I have them all now. Now I > am stuck on this error. How can I avoid connection the database wso2wsas_db. > I think I don't need to this for what I am trying to accomplish. I really > appreciate your help. > Thanks > Sanjay > > Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke > SEVERE: Servlet.service() for servlet AxisServlet threw exception > org.hibernate.exception.GenericJDBCException: Cannot open connection > at > org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103) > at > org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91) > at > org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43) > at > org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29) > at > org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426) > at > org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144) > at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119) > at > org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57) > at > org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301) > at $Proxy4.beginTransaction(Unknown Source) > at > org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77) > at > org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300) > at > org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93) > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) > at > org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) > at > org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) > at > org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) > at > org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) > at javax.serv
RE: Securing Axis2 REST Style Services
) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) -Original Message- From: Sanjay Gupta [mailto:sanjay.gu...@billwiseinc.com] Sent: Sunday, April 19, 2009 10:36 PM To: axis-user@ws.apache.org Subject: RE: Securing Axis2 REST Style Services Hi Ruchitch, Please ignore my previous message. The POXSecurityHandler class was not compiled correctly. I had to figure out all the dependencies and copy them to the axis2 lib dir one by one. Painful but I think I have them all now. Now I am stuck on this error. How can I avoid connection the database wso2wsas_db. I think I don't need to this for what I am trying to accomplish. I really appreciate your help. Thanks Sanjay Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet AxisServlet threw exception org.hibernate.exception.GenericJDBCException: Cannot open connection at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103) at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91) at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43) at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29) at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426) at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144) at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119) at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57) at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301) at $Proxy4.beginTransaction(Unknown Source) at org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77) at org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300) at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136) at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130) at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829) at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.se
RE: Securing Axis2 REST Style Services
r.getConnection(DriverManager.java:154) at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110) at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423) ... 35 more -Original Message- From: Sanjay Gupta [mailto:sanjay.gu...@billwiseinc.com] Sent: Sunday, April 19, 2009 8:44 PM To: axis-user@ws.apache.org Subject: RE: Securing Axis2 REST Style Services Hi Ruchith, Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error. SEVERE: StandardWrapper.Throwable java.lang.Error: Unresolved compilation problems: The import javax.servlet.http cannot be resolved The import javax.servlet.http cannot be resolved HttpServletRequest cannot be resolved to a type HttpServletRequest cannot be resolved to a type HttpServletResponse cannot be resolved to a type HttpServletResponse cannot be resolved to a type HttpServletResponse cannot be resolved at org.wso2.wsas.security.pox.POXSecurityHandler.(POXSecurityHandler.java:44) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) I tried unzipping the servlet-api.jar in classes dir and got this error. SEVERE: Servlet /axis2 threw load() exception java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4. Thanks Sanjay -Original Message- From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] Sent: Thursday, April 16, 2009 5:52 PM To: axis-user@ws.apache.org Subject: Re: Securing Axis2 REST Style Services Oops :-) Here you go : https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta wrote: > Hi Ruchith, > Thanks for the quick reply. Could you please point me to the link that talks > about this solutions. > Thanks > Sanjay > > -Original Message- > From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] > Sent: Thursday, April 16, 2009 4:31 PM > To: axis-user@ws.apache.org > Subject: Re: Securing Axis2 REST Style Services > > Hi, >
RE: Securing Axis2 REST Style Services
Hi Ruchith, Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error. SEVERE: StandardWrapper.Throwable java.lang.Error: Unresolved compilation problems: The import javax.servlet.http cannot be resolved The import javax.servlet.http cannot be resolved HttpServletRequest cannot be resolved to a type HttpServletRequest cannot be resolved to a type HttpServletResponse cannot be resolved to a type HttpServletResponse cannot be resolved to a type HttpServletResponse cannot be resolved at org.wso2.wsas.security.pox.POXSecurityHandler.(POXSecurityHandler.java:44) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) I tried unzipping the servlet-api.jar in classes dir and got this error. SEVERE: Servlet /axis2 threw load() exception java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4. Thanks Sanjay -Original Message- From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] Sent: Thursday, April 16, 2009 5:52 PM To: axis-user@ws.apache.org Subject: Re: Securing Axis2 REST Style Services Oops :-) Here you go : https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta wrote: > Hi Ruchith, > Thanks for the quick reply. Could you please point me to the link that talks > about this solutions. > Thanks > Sanjay > > -Original Message- > From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] > Sent: Thursday, April 16, 2009 4:31 PM > To: axis-user@ws.apache.org > Subject: Re: Securing Axis2 REST Style Services > > Hi, > > For the REST style calls you can use HTTPS + Basic Auth > > Have a look at this [1] handler from WSO2 WSAS. This will simply add > the UsernameToken into the SOAP representation of the incoming REST > request, which will be processed by Rampart (which you have already > configured). > > Thanks, > Ruchith > > On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta > wrote: >> HI, >> >> I have a POJO based services deploy
Re: Securing Axis2 REST Style Services
Oops :-) Here you go : https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta wrote: > Hi Ruchith, > Thanks for the quick reply. Could you please point me to the link that talks > about this solutions. > Thanks > Sanjay > > -Original Message- > From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] > Sent: Thursday, April 16, 2009 4:31 PM > To: axis-user@ws.apache.org > Subject: Re: Securing Axis2 REST Style Services > > Hi, > > For the REST style calls you can use HTTPS + Basic Auth > > Have a look at this [1] handler from WSO2 WSAS. This will simply add > the UsernameToken into the SOAP representation of the incoming REST > request, which will be processed by Rampart (which you have already > configured). > > Thanks, > Ruchith > > On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta > wrote: >> HI, >> >> I have a POJO based services deployed in axis2 and it's working well. I have >> implememted the basic user/password security using rampart and it's working >> fine for SOAP calls. I generated the client using wsdl2java.My question is >> how do I secure the REST style calls. Do I need to do anything special. I >> need to deploy these services into production soon and any help or pointers >> would be greatly appreciated. >> >> Thanks >> >> Sanjay > > > > -- > http://blog.ruchith.org > -- http://blog.ruchith.org
RE: Securing Axis2 REST Style Services
Hi Ruchith, Thanks for the quick reply. Could you please point me to the link that talks about this solutions. Thanks Sanjay -Original Message- From: Ruchith Fernando [mailto:ruchith.ferna...@gmail.com] Sent: Thursday, April 16, 2009 4:31 PM To: axis-user@ws.apache.org Subject: Re: Securing Axis2 REST Style Services Hi, For the REST style calls you can use HTTPS + Basic Auth Have a look at this [1] handler from WSO2 WSAS. This will simply add the UsernameToken into the SOAP representation of the incoming REST request, which will be processed by Rampart (which you have already configured). Thanks, Ruchith On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta wrote: > HI, > > I have a POJO based services deployed in axis2 and it's working well. I have > implememted the basic user/password security using rampart and it's working > fine for SOAP calls. I generated the client using wsdl2java.My question is > how do I secure the REST style calls. Do I need to do anything special. I > need to deploy these services into production soon and any help or pointers > would be greatly appreciated. > > Thanks > > Sanjay -- http://blog.ruchith.org
Re: Securing Axis2 REST Style Services
Hi, For the REST style calls you can use HTTPS + Basic Auth Have a look at this [1] handler from WSO2 WSAS. This will simply add the UsernameToken into the SOAP representation of the incoming REST request, which will be processed by Rampart (which you have already configured). Thanks, Ruchith On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta wrote: > HI, > > I have a POJO based services deployed in axis2 and it's working well. I have > implememted the basic user/password security using rampart and it's working > fine for SOAP calls. I generated the client using wsdl2java.My question is > how do I secure the REST style calls. Do I need to do anything special. I > need to deploy these services into production soon and any help or pointers > would be greatly appreciated. > > Thanks > > Sanjay -- http://blog.ruchith.org
Securing Axis2 REST Style Services
HI, I have a POJO based services deployed in axis2 and it's working well. I have implememted the basic user/password security using rampart and it's working fine for SOAP calls. I generated the client using wsdl2java.My question is how do I secure the REST style calls. Do I need to do anything special. I need to deploy these services into production soon and any help or pointers would be greatly appreciated. Thanks Sanjay
Re: Securing Axis2 Web Services with wss4j
Hi Ibrahim, Following article describes how to secure web services using Apache Rampart. It may help you. http://wso2.org/library/3190 Sameera On Wed, Jan 7, 2009 at 7:28 PM, ibrahim demir wrote: > Hi All; > > I have to connect to a web service that has security. And they want me to > put the given user name and password to the massage token. > > I have already created my clients with Axis2 Eclipse Code generator. > > How can I pass or add this security information to my stub. Is there some > sample code for that? > > Yours. > > Ibrahim DEMIR > CyberSoft Yazilim Muh. > http://www.ibrahimdemir.org > > > > > > -- Sameera http://sameera-jayasoma.blogspot.com/ http://www.flickr.com/photos/sameera-jayasoma
Securing Axis2 Web Services with wss4j
Hi All; I have to connect to a web service that has security. And they want me to put the given user name and password to the massage token. I have already created my clients with Axis2 Eclipse Code generator. How can I pass or add this security information to my stub. Is there some sample code for that? Yours. Ibrahim DEMIR CyberSoft Yazilim Muh. http://www.ibrahimdemir.org
