Re: Synapse security with non java WS

Tue, 03 Apr 2007 03:27:33 -0700

Kastch

Can you confirm that the sample # 103 of Synapse 0.91 is not working in your environment? If so, we could find out the problem easily since its not known to fail. Can you check the below mentioned points:
1. Copied the rampart.mar from repository/modules into samples/axis2Client/client_repo/modules?
2. Copied the correct bouncy castle JAR into the lib folder?
3. Updated the JDK policy files for unlimited strength encryption?

If the sample #103 fails, could you attach the log output and or any error messages displayed at the client/synapse or server side

also, whats the version of your JDK? and the bouncy castle jar file name used?

asankha

Kastch wrote:

I'm using synapse v0.91, client is axis2 1.1.1.


>

Hi Katsch


Could you let me know which version of Synapse you are trying this with? Meanwhile I will check this on the latest trunk and get back to you ASAP


asankha


Kastch wrote: 

Hello!


I use synapse, to mediate (proxy) secure request from secure client (client is axis2 1.1.1, secured by rampart module), to a service, that does not understand security headers, encryption and signing. 

For test, i tried to implement such scheme, using example 103, but all I've got, is strange Exception:


java.lang.NullPointerException

       at org.apache.ws.security.util.WSSecurityUtil.findElementById(WSSecurityUtil.java:298)

       at org.apache.ws.security.util.WSSecurityUtil.getElementByWsuId(WSSecurityUtil.java:438)

       at org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:176)

       at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)

       at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)

       at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)

       at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)

       at org.apache.rampart.RampartEngine.process(RampartEngine.java:71)

       at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:69)

       at org.apache.axis2.engine.Phase.invoke(Phase.java:382)

       at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)

       at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:487)

       at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:276)

       at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)

       at ru.krai.ws.StockQuoteProxyStub.Test(StockQuoteProxyStub.java:154)

       at ru.krai.ws.security.test.main(test.java:39)


As i tried to find out what's wrong, i found that exception occures, inside a cycle, that is searching elements (xml tags) with given id. Exception is thrown when, after several iterations, processedNode variable contains null (variable foundElement contains tag, with X509 certificate). I tried to surround this piece of code with try/catch, another exception was thrown. This exception indicates, thet a signature verification failed (as i can see form the debug, the signature, is a one, signed by X509 certificate, and search procedure has found x509 certificate included as BST into message);


P.S. When i try to connect to a sample axis2 services, everything goes fine, no exceptions is thrown


Response that came from synapse is:


<wsdl:definitions xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:chead="http://www.intersystems.com/SOAPheaders" xmlns:s0="http://ws.krai.ru" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://ws.krai.ru"><wsdl:types><s:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://ws.krai.ru">

<s:element name="Test">

<s:complexType>

<s:sequence>

<s:element minOccurs="0" name="Param" type="s:string" />

</s:sequence>

</s:complexType>

</s:element>

<s:element name="TestResponse">

<s:complexType>

<s:sequence>

<s:element minOccurs="0" name="TestResult" type="s:string" />

</s:sequence>

</s:complexType>

</s:element>

</s:schema><s:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://www.intersystems.com/SOAPheaders">

<s:element name="CSPCHD" type="chead:CSPCHD" />

<s:complexType name="CSPCHD">

<s:sequence>

<s:element name="id" type="s:string" />

</s:sequence>

</s:complexType>

</s:schema>

</wsdl:types>

<wsdl:message name="TestSoapIn">

<wsdl:part name="part1" element="s0:Test" />

</wsdl:message><wsdl:message name="CacheSessionHeader"><wsdl:part name="CSPCHD" element="chead:CSPCHD" /></wsdl:message><wsdl:message name="TestSoapOut"><wsdl:part name="part1" element="s0:TestResponse" /></wsdl:message><wsdl:message name="CacheSessionHeader"><wsdl:part name="CSPCHD" element="chead:CSPCHD" /></wsdl:message><wsdl:portType name="StockQuoteProxyPortType"><wsdl:operation name="Test"><wsdl:input xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" message="s0:TestSoapIn" wsaw:Action="">"http://ws.krai.ru/KrAI.Test.Service.Test" /><wsdl:output xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" message="s0:TestSoapOut" wsaw:Action="">"http://ws.krai.ru/TestServiceSoap/TestResponse" /></wsdl:operation></wsdl:portType><wsdl:binding name="StockQuoteProxySOAP11Binding" type="s0:StockQuoteProxyPortType"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256 /></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict /></wsp:Policy></sp:Layout><sp:IncludeTimestamp /><sp:OnlySignEntireHeadersAndBody /></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier /><sp:MustSupportRefIssuerSerial /></sp:Policy></sp:Wss10><sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /><wsdl:operation name="Test"><soap:operation soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document" /><wsdl:input><soap:body use="literal" /><soap:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:input><wsdl:output><soap:body use="literal" /><soap:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:output></wsdl:operation></wsdl:binding><wsdl:binding name="StockQuoteProxySOAP12Binding" type="s0:StockQuoteProxyPortType"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256 /></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict /></wsp:Policy></sp:Layout><sp:IncludeTimestamp /><sp:OnlySignEntireHeadersAndBody /></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier /><sp:MustSupportRefIssuerSerial /></sp:Policy></sp:Wss10><sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap12:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /><wsdl:operation name="Test"><soap12:operation soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document" /><wsdl:input><soap12:body use="literal" /><soap12:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:input><wsdl:output><soap12:body use="literal" /><soap12:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service name="StockQuoteProxy"><wsdl:port name="StockQuoteProxySOAP11port_http" binding="s0:StockQuoteProxySOAP11Binding"><soap:address location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy" /></wsdl:port><wsdl:port name="StockQuoteProxySOAP12port_http" binding="s0:StockQuoteProxySOAP12Binding"><soap12:address location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy" /></wsdl:port></wsdl:service></wsdl:definitions>


Insecure service WSDL:



<?xml version='1.0' encoding='UTF-8' ?>

<definitions xmlns:http='http://schemas.xmlsoap.org/wsdl/http/' xmlns:soap='http://schemas.xmlsoap.org/wsdl/soap/' xmlns:s='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:s0='http://ws.krai.ru' xmlns:SOAP-ENC='http://schemas.xmlsoap.org/soap/encoding/' xmlns:mime='http://schemas.xmlsoap.org/wsdl/mime/' targetNamespace = 'http://ws.krai.ru' xmlns:chead='http://www.intersystems.com/SOAPheaders' xmlns='http://schemas.xmlsoap.org/wsdl/'>

<types>

<s:schema elementFormDefault='qualified' targetNamespace = 'http://ws.krai.ru'>

<s:element name="Test">

<s:complexType>

    <s:sequence>

        <s:element name="Param" type="s:string" minOccurs="0" />

    </s:sequence>

</s:complexType>

</s:element>

<s:element name="TestResponse">

<s:complexType>

    <s:sequence>


        <s:element name="TestResult" type="s:string" minOccurs="0" />

    </s:sequence>

</s:complexType>

</s:element>

</s:schema>

<s:schema elementFormDefault='qualified' targetNamespace='http://www.intersystems.com/SOAPheaders'>

<s:element name='CSPCHD' type='chead:CSPCHD'/>

<s:complexType name="CSPCHD">

    <s:sequence>

        <s:element name="id" type="s:string" />

    </s:sequence>

</s:complexType>


</s:schema>

</types>

<message name="TestSoapIn">

    <part name="parameters" element="s0:Test" />

</message>

<message name="TestSoapOut">

    <part name="parameters" element="s0:TestResponse" />

</message>

<message name='CacheSessionHeader'>

    <part name='CSPCHD' element='chead:CSPCHD' />

</message>

<portType name='TestServiceSoap'>

    <operation name='Test'>


        <input message='s0:TestSoapIn' />

        <output message='s0:TestSoapOut' />

    </operation>

</portType>

<binding name='TestServiceSoap' type='s0:TestServiceSoap' >

    <soap:binding transport='http://schemas.xmlsoap.org/soap/http'  style='document' />

    <operation name='Test' >

        <soap:operation soapAction='http://ws.krai.ru/KrAI.Test.Service.Test' style='document' />

        <input>

            <soap:body use='literal' />


            <soap:header message='s0:CacheSessionHeader' part='CSPCHD' use='literal' />

        </input>

        <output>

            <soap:body use='literal' />

            <soap:header message='s0:CacheSessionHeader' part='CSPCHD' use='literal' />

        </output>

    </operation>

</binding>

<service name='TestService' >

    <port name='TestServiceSoap' binding='s0:TestServiceSoap' >


         <soap:address location='http://127.0.0.1:8972/csp/user/KrAI.Test.Service.cls' />

    </port>

</service>

</definitions>


Synapse service WSDL:


<wsdl:definitions xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:chead="http://www.intersystems.com/SOAPheaders" xmlns:s0="http://ws.krai.ru" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://ws.krai.ru"><wsdl:types><s:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://ws.krai.ru">

<s:element name="Test">

<s:complexType>

<s:sequence>

<s:element minOccurs="0" name="Param" type="s:string" />

</s:sequence>

</s:complexType>

</s:element>

<s:element name="TestResponse">

<s:complexType>

<s:sequence>

<s:element minOccurs="0" name="TestResult" type="s:string" />

</s:sequence>

</s:complexType>

</s:element>

</s:schema><s:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://www.intersystems.com/SOAPheaders">

<s:element name="CSPCHD" type="chead:CSPCHD" />

<s:complexType name="CSPCHD">

<s:sequence>

<s:element name="id" type="s:string" />

</s:sequence>

</s:complexType>

</s:schema></wsdl:types><wsdl:message name="TestSoapIn"><wsdl:part name="part1" element="s0:Test" /></wsdl:message><wsdl:message name="CacheSessionHeader"><wsdl:part name="CSPCHD" element="chead:CSPCHD" /></wsdl:message><wsdl:message name="TestSoapOut"><wsdl:part name="part1" element="s0:TestResponse" /></wsdl:message><wsdl:message name="CacheSessionHeader"><wsdl:part name="CSPCHD" element="chead:CSPCHD" /></wsdl:message><wsdl:portType name="StockQuoteProxyPortType"><wsdl:operation name="Test"><wsdl:input xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" message="s0:TestSoapIn" wsaw:Action="">"http://ws.krai.ru/KrAI.Test.Service.Test" /><wsdl:output xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" message="s0:TestSoapOut" wsaw:Action="">"http://ws.krai.ru/TestServiceSoap/TestResponse" /></wsdl:operation></wsdl:portType><wsdl:binding name="StockQuoteProxySOAP11Binding" type="s0:StockQuoteProxyPortType"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256 /></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict /></wsp:Policy></sp:Layout><sp:IncludeTimestamp /><sp:OnlySignEntireHeadersAndBody /></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier /><sp:MustSupportRefIssuerSerial /></sp:Policy></sp:Wss10><sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /><wsdl:operation name="Test"><soap:operation soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document" /><wsdl:input><soap:body use="literal" /><soap:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:input><wsdl:output><soap:body use="literal" /><soap:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:output></wsdl:operation></wsdl:binding><wsdl:binding name="StockQuoteProxySOAP12Binding" type="s0:StockQuoteProxyPortType"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256 /></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict /></wsp:Policy></sp:Layout><sp:IncludeTimestamp /><sp:OnlySignEntireHeadersAndBody /></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier /><sp:MustSupportRefIssuerSerial /></sp:Policy></sp:Wss10><sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap12:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /><wsdl:operation name="Test"><soap12:operation soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document" /><wsdl:input><soap12:body use="literal" /><soap12:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:input><wsdl:output><soap12:body use="literal" /><soap12:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service name="StockQuoteProxy"><wsdl:port name="StockQuoteProxySOAP11port_http" binding="s0:StockQuoteProxySOAP11Binding"><soap:address location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy" /></wsdl:port><wsdl:port name="StockQuoteProxySOAP12port_http" binding="s0:StockQuoteProxySOAP12Binding"><soap12:address location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy" /></wsdl:port></wsdl:service></wsdl:definitions>

--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] 



--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to