In my ws-security client I set the following 4 properties on my
WSS4JOutHandler...
properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
properties.setProperty(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_DIGEST);
properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordCallbackHandler.class.getName());
properties.setProperty(WSHandlerConstants.USER, "admin");
But on the client WSS4JInHandler I cannot set any properties as the cnstr does
not take any params. Is this correct?
And on the server side....
Do I need to set the first 3 properties (from above)?
On just the WSS4JOutHandler again?
Stuart Barlow wrote:
Okay one step further. I now get...
Caused by: org.codehaus.xfire.XFireRuntimeException: WSS4JInHandler: No
action defined
at
org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:84)
at
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:98)
at org.codehaus.xfire.client.Client.onReceive(Client.java:448)
My SOAP request header looks like...
<soap:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:UsernameToken wsu:Id="UsernameToken-32801378"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsse:Username
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
admin</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
OwLFAopFsOaukNEtI0Bbb2JPn0I=</wsse:Password>
<wsse:Nonce
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
ccaFSJga1S51WjB4ZfEyYg==</wsse:Nonce>
<wsu:Created
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
2006-05-10T14:32:46.090Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
Dan Diephouse wrote:
I see the issue now - You need to add a DOMOutHandler ass well to the
outHandlers property on the Client (and probably the server too).
Also, you really don't need the addressingHandler defined unless you
are actually using WS-Addressing.
- Dan
Stuart Barlow wrote:
As usual, thanks for all the help.
XFire 1.1 rc1
Java 1.4.2_11
Spring bean config...
<bean name="LogonAdminService"
class="org.codehaus.xfire.spring.ServiceBean">
<property name="serviceBean" ref="logonManager"/>
<property name="serviceClass"
value="com.peopledoc.jura.LogonAdminManager"/>
<property name="namespace"
value="http://hemp.hummingbird.com/v1/hemp"/>
<property name="inHandlers">
<list>
<ref bean="addressingHandler"/>
<ref bean="domInHandler"/>
<ref bean="wss4jInHandler"/>
<ref bean="validateUserTokenHandler"/>
</list>
</property>
</bean>
<bean id="addressingHandler"
class="org.codehaus.xfire.addressing.AddressingInHandler"/>
<bean id="domInHandler"
class="org.codehaus.xfire.util.dom.DOMInHandler"/>
<bean id="validateUserTokenHandler"
class="com.peopledoc.rhum.webservices.ValidateUserTokenHandler"/>
<bean id="wss4jInHandler"
name="org.codehaus.xfire.security.wss4j.WSS4JInHandler"
class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
<property name="properties">
<map>
<entry key="action" value="UsernameToken">
</entry>
<entry key="passwordCallbackClass"
value="com.peopledoc.rhum.webservices.PasswordCallbackHandler" >
</entry>
</map>
</property>
</bean>
Client class...
public class LogonWSSecurityTest extends TestCase {
public void testLogonAndLogoff() throws Exception {
URL url = new
URL("http://localhost:8090/hc/webservices/LogonAdminManager?wsdl";);
Client client = new Client(url);
Properties properties = new Properties();
configureOutProperties(properties);
client.addOutHandler(new WSS4JOutHandler(properties));
Object[] response =
client.invoke("getTrustedNetworkAddresses", new
Object[]{Long.getLong("27263522912")});
}
protected void configureOutProperties(Properties properties) {
// Action to perform : user token
properties.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
// Set password type to hashed
properties.setProperty(WSHandlerConstants.PASSWORD_TYPE,
WSConstants.PW_DIGEST);
// Username in keystore
properties.setProperty(WSHandlerConstants.USER, "system");
// Used to retrive password for given user name
properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
PasswordCallbackHandler.class.getName());
}
}
Dan Diephouse wrote:
Hi Stuart,
I can't immediately see whats going wrong here. Can you paste your
configuration for us to look at? Thanks.
- Dan
Stuart Barlow wrote:
I am now using xmlsec-1.3.0.jar and get the following error...
[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ee22f7
org.codehaus.xfire.fault.XFireFault: Fault:
java.lang.NullPointerException
at
org.codehaus.xfire.fault.XFireFault.createFault(XFireFault.java:89)
at org.codehaus.xfire.client.Client.invoke(Client.java:363)
at org.codehaus.xfire.client.Client.invoke(Client.java:389)
at
com.peopledoc.rhum.webservices.LogonWSSecurityTest.testLogonAndLogoff(LogonWSSecurityTest.java:27)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at
com.intellij.rt.execution.junit2.JUnitStarter.main(JUnitStarter.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at
com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)
Caused by: java.lang.NullPointerException
at
org.apache.ws.security.message.WSSecHeader.insertSecurityHeader(WSSecHeader.java:131)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:98)
at
org.codehaus.xfire.security.wss4j.WSS4JOutHandler.invoke(WSS4JOutHandler.java:154)
at
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:98)
at org.codehaus.xfire.client.Client.invoke(Client.java:359)
... 25 more
Process finished with exit code -1
If I have debug turned on for the package:
org.codehaus.xfire.security.wss4j
then I get...
DEBUG - Action: 1
DEBUG - Actor: null
Dan Diephouse wrote:
It seems you're using the wrong version of xalan. If you have the
xml-security 1.2 jar, you need to use Xalan 2.6. If you want to
use Xalan 2.7, you need to use xml-security 1.3:
http://www.apache.org/dist/java-repository/xml-security/jars/xmlsec-1.3.0.jar
Xml sec 1.3 will be bundled in the final release along with Xalan 2.7
Hope that helps,
- Dan
Stuart Barlow wrote:
Continuing with UserTokens...
At the following line in my code...
client.addOutHandler(new WSS4JOutHandler(properties));
I get the stack trace...
[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@39ab89-
Unable to patch xalan function table.
java.lang.NoSuchFieldException: m_functions
at java.lang.Class.getField(Class.java:919)
at org.apache.xml.security.Init.registerHereFunction(Unknown
Source)
at org.apache.xml.security.Init.init(Unknown Source)
at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:72)
at
org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:95)
at org.apache.ws.security.WSSConfig.<clinit>(WSSConfig.java:47)
at
org.apache.ws.security.WSSecurityEngine.<clinit>(WSSecurityEngine.java:51)
at
org.apache.ws.security.handler.WSHandler.<clinit>(WSHandler.java:61)
at
com.peopledoc.rhum.webservices.LogonWSSecurityTest.testLogonAndLogoff(LogonWSSecurityTest.java:25)
Is this because I am on Java 1.4 ?
thanks,
Stuart
--
Stuart
