dims,
Thanks for this tip, this seems much easier. However, I am still having
problems:
1. I assume that I include the WSS4JHandler directly in my handler chain:
webservices.xml
...
<handler>
<handler-name>Security Handler</handler-name>
<handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
<!--
<init-param>
<param-name>passwordCallbackClass</param-name>
<param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
</init-param>
-->
</handler>
...
2. I think I have to the define the required action eg: encrypt, sign,
username, etc. Where do I find a compilation of the action attributes
and their values so I know what exactly I should specify here.
3. I have tried to deploy the above posed handler and get the following
exception:
WSS4JHandler.processMessage: No deployment defined
(WSS4JHandler line 141)
Since I am not using Axis wsdd's there is no 'deployment' tag in my
JAXRPC Web service. How do I supply this information to
WSS4JHandler?
4. When I want to use username/password challenge I have to implement a
CallbackHandler and specify it just like in the Axis example - right?
Thanks!
Regards,
Stefan
Davanum Srinivas wrote:
Stefan,
Please reuse the WSS4JHandler - It is a JAXRPC Handler. if you don't
like it, feel free to make changes and help us make it better.
thanks,
dims
On 8/26/05, Stefan Schmidt <[EMAIL PROTECTED]> wrote:
Hi there,
I am using Geronimo and have a JAXRPC Web service running. Now I am
trying to get it secured...
I am new to WSS4J and I am trying to get the WSSignEnvelope and
WSEncryptEnvelope running. I am following the API description and
through some googling I found out that one has to instantiate the
WSSecurityEngine and use the .setUserInfo() method on the above Objects
to get it going. It took quite a while until I got that far since this
was unfortunately not included in the code examples at
http://ws.apache.org/wss4j/api.html.
Now I am getting the following exception: "Invocation arguments were
modified".
What am I doing wrong here?
Any help would be greatly appreciated!
Thanks in advance.
Stefan
Here are the error and implementation details:
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.lang.RuntimeException: Invocation arguments were modified
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:java.lang.RuntimeException:
Invocation arguments were modified
at
org.apache.axis.handlers.HandlerChainImpl.postInvoke(HandlerChainImpl.java:203)
at
org.apache.axis.handlers.HandlerChainImpl.handleResponse(HandlerChainImpl.java:173)
at
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:466)
....
java.lang.RuntimeException: Invocation arguments were modified
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:479)
The code:
public class SecurityHandler extends GenericHandler {
QName qn[] = null;
static final WSSecurityEngine wsse = new
WSSecurityEngine().getInstance(WSSConfig.getDefaultWSConfig());
public void init(HandlerInfo info) {
qn = info.getHeaders();
}
public QName[] getHeaders() {
return qn;
}
public boolean handleResponse(MessageContext msgContext) {
try {
SOAPMessageContext smc = (SOAPMessageContext) msgContext;
SOAPMessage msg = smc.getMessage();
SOAPPart sp = msg.getSOAPPart();
// wsse.setPrecisionInMilliSeconds(true);
Document envelope = sp.getEnvelope().getOwnerDocument();
SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(envelope.getDocumentElement());
WSSignEnvelope signer = new WSSignEnvelope();
Crypto crypto = CryptoFactory.getInstance("crypto.properties");
//
//
signer.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e","security");
// Vector parts = new Vector();
// WSEncryptionPart part = new
// WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
// soapConstants.getEnvelopeURI(),
// "Content");
// parts.add(part);
// signer.setParts(parts); // this is optional since the body is
// signed by default
// envelope = signer.build(envelope, crypto);
//
WSEncryptBody encryptor = new WSEncryptBody();
encryptor.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
envelope = encryptor.build(envelope, crypto);
} catch (Exception e) {
e.printStackTrace();
}
return true;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
