Note: forwarded message attached.
forgot the list .... reply all ?
___________________________________________________________
Inbox full of spam? Get leading spam protection and 1GB storage with All New
Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html--- Begin Message ---
ruchith this is the request from .net-wse2.0sp3
console client to tomcat-axis-wss4j enabled service:
<?xml version="1.0" encoding="utf-8"?>
<log>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<soap:Header>
<wsa:Action>
</wsa:Action>
<wsa:MessageID>uuid:421e0d38-b63f-4655-b7ab-05287415f0d2</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://localhost:8080/axis/services/stock-wss-01</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-9e2425ba-48b7-4622-be35-f24bd7401821">
<wsu:Created>2006-11-11T14:12:22Z</wsu:Created>
<wsu:Expires>2006-11-11T14:17:22Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-cfacea75-2a51-4b07-850b-b2cf55699f16">
<wsse:Username>wss4j</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>security</wsse:Password>
<wsse:Nonce>r20nS8ziREud1q1XmdQgzA==</wsse:Nonce>
<wsu:Created>2006-11-11T14:12:22Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body />
</soap:Envelope>
</log>
response is :
<?xml version="1.0" encoding="utf-8"?>
<log>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-20890333"><wsse:Username>wss4j</wsse:Username><wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>security</wsse:Password><wsse:Nonce>fTH3tiQYwQd/ApZZbTeS0Q==</wsse:Nonce><wsu:Created>2006-11-11T14:12:25.595Z</wsu:Created></wsse:UsernameToken><wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-2816245"><wsu:Created>2006-11-11T14:12:25.585Z</wsu:Created><wsu:Expires>2006-11-11T14:17:25.585Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header><soapenv:Body><testReturn>Just
a test</testReturn></soapenv:Body></soapenv:Envelope>
</log>
Do u need the axis server logs ?
Also I am using a custom authenticator in my .net
wse2.0sp3 console client application :
let me include the full app.config :
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="microsoft.web.services2"
type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration,
Microsoft.Web.Services2, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<microsoft.web.services2>
<security>
<!--securityTokenManager
type="SecLib.CustomAuthenticator, SecLib"
xmlns:wsse11="http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-secext-1.1.xsd:SignatureConfirmation";
qname="wsse11:SignatureConfirmation" /-->
<securityTokenManager
type="SecLib.CustomAuthenticator, SecLib"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
qname="wsse:UsernameToken" />
</security>
<diagnostics>
<detailedErrors enabled="true" />
<trace enabled="true"
input="d:\temp\InputTrace.webinfo"
output="d:\temp\OutputTrace.webinfo" />
</diagnostics>
</microsoft.web.services2>
</configuration>
The code in SecLib.CustomAuthenticator is as under :
using System;
using System.Security.Permissions;
using Microsoft.Web.Services2.Security.Tokens;
namespace SecLib
{
[SecurityPermissionAttribute(SecurityAction.Demand,
Flags=SecurityPermissionFlag.UnmanagedCode)]
public class CustomAuthenticator :
UsernameTokenManager
{
//Returns the password or password equivalent for a
user name
protected override string
AuthenticateToken(UsernameToken token)
{
if (token == null)
throw new ArgumentNullException();
//perform a lookup in your database for the user
name in 'token.Username'
//and return the password as a string. If there is
no match, return null.
if (token.Username == "wss4j")
{
return "security";
}
else
{
throw new
Microsoft.Web.Services2.Security.SecurityFault("'Unrecognized
username'", new
System.Xml.XmlQualifiedName("wsse:WSE-AUTH_FAILURE-001","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";));
}
}
protected override void
VerifyPlainTextPassword(UsernameToken token, string
authenticatedPassword)
{
//NOOP
base.VerifyPlainTextPassword(token,
authenticatedPassword);
Console.WriteLine("In
::VerifyPlainTextPassword()..." +
authenticatedPassword);
}
protected override void
VerifyHashedPassword(UsernameToken token, string
authenticatedPassword)
{
//NOOP
base.VerifyHashedPassword(token,
authenticatedPassword);
Console.WriteLine("In ::VerifyHashedPassword()..."
+ authenticatedPassword);
}
public override void VerifyToken(SecurityToken
securityToken)
{
// TODO: Add CustomAuthenticator.VerifyToken
implementation
base.VerifyToken (securityToken);
Console.WriteLine("In ::VerifyToken()..." +
securityToken.GetType());
}
}
}
I have successfully used this custom authenticator for
calls made to other wse2.0 sp3 .net C# webservices
which support UsernameToken profile for ws-sec ...
So the only glitch is in actually receivng this back
in my console application .. ???
--- Ruchith Fernando <[EMAIL PROTECTED]>
wrote:
> Hi Dev,
>
>
>
> On 11/11/06, ws_dev2001 <[EMAIL PROTECTED]>
> wrote:
> > Hi Ruchith,
> > Axis engine with wss4j plugged in is happy with
> the
> > relevant code commented out for the call in
> > WSDaAllReceiver :
> > ...
> > if (!checkReceiverResults(wsResult, actions)) {
> > ...
> >
>
> If this is the point where WSS4J complains .. seems
> like you have to
> configured your "action" parameter properly.
>
> Please send a message generated by the .NET client,
> we should be able
> to figure out the security actions performed on the
> message.
>
> > Maybe you can guide me to some resourceful
> > documentation on this ..etc. ?
>
> If you are planning to switch to Axis2 from Axis
> 1.x, you can find
> documentation related to Axis2 security stuff in
> www.wso2.net
>
> Thanks,
> Ruchith
>
> --
> www.ruchith.org
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
Send instant messages to your online friends http://uk.messenger.yahoo.com
--- End Message ---
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
