Hi, The request message you get from the .NET client contains a Timestamp. Therefore the value of your action parameter should be "UsernameToken Timestamp". Now if the username token is authenticate and if the timestamp is not expired, the wss4j enabled service will not throw an exception.
Thanks, Ruchith On 11/11/06, ws_dev2001 <[EMAIL PROTECTED]> wrote:
ruchith this is the request from .net-wse2.0sp3 console client to tomcat-axis-wss4j enabled service: <?xml version="1.0" encoding="utf-8"?> <log> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <soap:Header> <wsa:Action> </wsa:Action> <wsa:MessageID>uuid:421e0d38-b63f-4655-b7ab-05287415f0d2</wsa:MessageID> <wsa:ReplyTo> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address> </wsa:ReplyTo> <wsa:To>http://localhost:8080/axis/services/stock-wss-01</wsa:To> <wsse:Security soap:mustUnderstand="1"> <wsu:Timestamp wsu:Id="Timestamp-9e2425ba-48b7-4622-be35-f24bd7401821"> <wsu:Created>2006-11-11T14:12:22Z</wsu:Created> <wsu:Expires>2006-11-11T14:17:22Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="SecurityToken-cfacea75-2a51-4b07-850b-b2cf55699f16"> <wsse:Username>wss4j</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>security</wsse:Password> <wsse:Nonce>r20nS8ziREud1q1XmdQgzA==</wsse:Nonce> <wsu:Created>2006-11-11T14:12:22Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body /> </soap:Envelope> </log> response is : <?xml version="1.0" encoding="utf-8"?> <log> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="UsernameToken-20890333"><wsse:Username>wss4j</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>security</wsse:Password><wsse:Nonce>fTH3tiQYwQd/ApZZbTeS0Q==</wsse:Nonce><wsu:Created>2006-11-11T14:12:25.595Z</wsu:Created></wsse:UsernameToken><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-2816245"><wsu:Created>2006-11-11T14:12:25.585Z</wsu:Created><wsu:Expires>2006-11-11T14:17:25.585Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header><soapenv:Body><testReturn>Just a test</testReturn></soapenv:Body></soapenv:Envelope> </log> Do u need the axis server logs ? Also I am using a custom authenticator in my .net wse2.0sp3 console client application : let me include the full app.config : <?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <section name="microsoft.web.services2" type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </configSections> <microsoft.web.services2> <security> <!--securityTokenManager type="SecLib.CustomAuthenticator, SecLib" xmlns:wsse11="http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-secext-1.1.xsd:SignatureConfirmation"; qname="wsse11:SignatureConfirmation" /--> <securityTokenManager type="SecLib.CustomAuthenticator, SecLib" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; qname="wsse:UsernameToken" /> </security> <diagnostics> <detailedErrors enabled="true" /> <trace enabled="true" input="d:\temp\InputTrace.webinfo" output="d:\temp\OutputTrace.webinfo" /> </diagnostics> </microsoft.web.services2> </configuration> The code in SecLib.CustomAuthenticator is as under : using System; using System.Security.Permissions; using Microsoft.Web.Services2.Security.Tokens; namespace SecLib { [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.UnmanagedCode)] public class CustomAuthenticator : UsernameTokenManager { //Returns the password or password equivalent for a user name protected override string AuthenticateToken(UsernameToken token) { if (token == null) throw new ArgumentNullException(); //perform a lookup in your database for the user name in 'token.Username' //and return the password as a string. If there is no match, return null. if (token.Username == "wss4j") { return "security"; } else { throw new Microsoft.Web.Services2.Security.SecurityFault("'Unrecognized username'", new System.Xml.XmlQualifiedName("wsse:WSE-AUTH_FAILURE-001","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";)); } } protected override void VerifyPlainTextPassword(UsernameToken token, string authenticatedPassword) { //NOOP base.VerifyPlainTextPassword(token, authenticatedPassword); Console.WriteLine("In ::VerifyPlainTextPassword()..." + authenticatedPassword); } protected override void VerifyHashedPassword(UsernameToken token, string authenticatedPassword) { //NOOP base.VerifyHashedPassword(token, authenticatedPassword); Console.WriteLine("In ::VerifyHashedPassword()..." + authenticatedPassword); } public override void VerifyToken(SecurityToken securityToken) { // TODO: Add CustomAuthenticator.VerifyToken implementation base.VerifyToken (securityToken); Console.WriteLine("In ::VerifyToken()..." + securityToken.GetType()); } } } I have successfully used this custom authenticator for calls made to other wse2.0 sp3 .net C# webservices which support UsernameToken profile for ws-sec ... So the only glitch is in actually receivng this back in my console application .. ??? --- Ruchith Fernando <[EMAIL PROTECTED]> wrote: > Hi Dev, > > > > On 11/11/06, ws_dev2001 <[EMAIL PROTECTED]> > wrote: > > Hi Ruchith, > > Axis engine with wss4j plugged in is happy with > the > > relevant code commented out for the call in > > WSDaAllReceiver : > > ... > > if (!checkReceiverResults(wsResult, actions)) { > > ... > > > > If this is the point where WSS4J complains .. seems > like you have to > configured your "action" parameter properly. > > Please send a message generated by the .NET client, > we should be able > to figure out the security actions performed on the > message. > > > Maybe you can guide me to some resourceful > > documentation on this ..etc. ? > > If you are planning to switch to Axis2 from Axis > 1.x, you can find > documentation related to Axis2 security stuff in > www.wso2.net > > Thanks, > Ruchith > > -- > www.ruchith.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > Send instant messages to your online friends http://uk.messenger.yahoo.com
-- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
