axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Meier" <DMe...@SERENA.com>
Subject RE: [Axis2] rampart problem using WS-SECURITY
Date Wed, 15 Nov 2006 05:26:36 GMT
Hi Kau,

1.  I used the Inflow/Outflow parameters like what is in the samples:
    <!--Rampart configurations START       -->
    <parameter name="OutflowSecurity">
      <action>
        <items>UsernameToken  Timestamp</items>
        <user>BILL</user>
        <passwordType>passwordText</passwordType>
 
<passwordCallbackClass>D:/ttaxiswsse/Debug/ttwebserviceswsse.dll</passwo
rdCallbackClass>
        <timeToLive>360</timeToLive>
      </action>
    </parameter>          


    <parameter name="InflowSecurity">
      <action>
        <items>UsernameToken Timestamp</items>
 
<passwordCallbackClass>D:/ttaxiswsse/Debug/ttwebserviceswsse.dll</passwo
rdCallbackClass>
      </action>
    </parameter>
    
    <!--Rampart configurations END -->

2.  Here is the trace of incoming and outgoing soap.  I am using Visual
Studio 2005 C# for the client side:

Incoming:
<?xml version="1.0" encoding="utf-8" ?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd">
    <soap:Header>
        <wsa:Action />
 
<wsa:MessageID>urn:uuid:527b7049-198f-4725-a2d7-bc861b4d36b3</wsa:Messag
eID>
        <wsa:ReplyTo>
 
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anony
mous</wsa:Address>
        </wsa:ReplyTo>
 
<wsa:To>http://localhost:8181/axis2/services/ttwebservices</wsa:To>
        <wsse:Security soap:mustUnderstand="1">
            <wsu:Timestamp
wsu:Id="Timestamp-f4f3626e-2c6f-4c69-b280-df0c2bf0ad3b">
                <wsu:Created>2006-11-15T05:22:08Z</wsu:Created>
                <wsu:Expires>2006-11-15T05:23:08Z</wsu:Expires>
            </wsu:Timestamp>
            <wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
wsu:Id="SecurityToken-b7689ab1-70e9-4472-8386-0880eb2180fe">
                <wsse:Username>bill</wsse:Username>
                <wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-t
oken-profile-1.0#PasswordText">b</wsse:Password>
                <wsse:Nonce>vVR7Rzg8oLtLfg5NjxWV1g==</wsse:Nonce>
                <wsu:Created>2006-11-15T05:22:08Z</wsu:Created>
            </wsse:UsernameToken>
        </wsse:Security>
    </soap:Header>
    <soap:Body>
        <CreatePrimaryItem xmlns="urn:ttwebservices">
            <auth>
                <userId xsi:nil="true" />
                <password xsi:nil="true" />
                <hostname xsi:nil="true" />
            </auth>
            <projectID>16</projectID>
            <item>
                <genericItem>
                    <itemID xsi:nil="true" />
                    <itemName>BUG</itemName>
                </genericItem>
                <classification>Image Builder</classification>
                <title>my title</title>
                <description>my desc</description>
                <createdBy>bill</createdBy>
                <createDate>2006-01-01T00:12:12</createDate>
                <modifiedBy>bill</modifiedBy>
                <modifiedDate>2006-01-01T00:12:12</modifiedDate>
                <activeInactive>true</activeInactive>
                <state>Waiting</state>
                <owner>joe</owner>
                <extendedFieldList>
                    <name>FOUND_IN_VERSION</name>
                    <value>v1.1</value>
                </extendedFieldList>
                <extendedFieldList>
                    <name>FUNCTIONAL_AREA</name>
                    <value>Help</value>
                </extendedFieldList>
            </item>
        </CreatePrimaryItem>
    </soap:Body>
</soap:Envelope>

Outgoing:
<?xml version="1.0" encoding="UTF-8" ?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header />
    <soapenv:Body />
</soapenv:Envelope>

When I use the same client code without WS-SECURITY and take rampart out
of the axis2.xml, my web service method does get called and everything
gets returned correctly to the client.

Thanks,

-Dave.

-----Original Message-----
From: Kaushalye Kapuruge [mailto:kaushalye@wso2.com] 
Sent: Tuesday, November 14, 2006 9:02 PM
To: Apache AXIS C User List
Subject: Re: [Axis2] rampart problem using WS-SECURITY

Hi,
I need some information from you to figure out what exactly is the
problem.

1. Have you specified the Outflow/InflowSecurity parameters correctly
using axis2.xml If you have any questions on this do not hesitate to ask
me. Have a look at the sample axis2.xml file in
rampart/samples/client/echo/data/un_ts_axis2.xml.
2. Is it possible to send a trace of outgoing message. (You may use
TCPMonitor for this)

BTW from log  entries I can see that Rampart has done the validation
correct. But in the message building has failed in the server side. This
"might" be due to improper settings in the server side. Try the latest
code. But do not use the encryption yet:) It is still under development.
Cheers,
Kau


Dave Meier wrote:
> Hi,
>
> Okay, I got the latest code.  I had to add "#include 
> <oxs_xml_encryption.h>" to the rampart_encryption.c file in order to 
> get it to link on Windows.  Now it returns an empty message as it's 
> not invoking my service method:
>
> <?xml version="1.0" encoding="UTF-8" ?> <soapenv:Envelope 
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>     <soapenv:Header />
>     <soapenv:Body />
> </soapenv:Envelope>
>
> The log below shows "[error]
> ..\..\modules\core\receivers\raw_xml_in_out_msg_recv.c(114) Impl 
> object for service 'ttwebservices' not set in message receiver. 0 ::
No Error".
>
> Please let me know if there is something I am doing wrong.  I'll go 
> look at the source code to see if I can figure it out.
>
>   

> [Tue Nov 14 11:24:07 2006] [info]  [rampart][rampart_in_handler]Inflow
> Security found
> [Tue Nov 14 11:24:07 2006] [info]  [rampart][rampart_in_handler] 
> Validating UsernameToken [Tue Nov 14 11:24:07 2006] [info]  
> [rampart][rampart_in_handler] Validating UsernameToken SUCCESS [Tue 
> Nov 14 11:24:07 2006] [info]  [rampart][rampart_in_handler] Validating

> Timestamp [Tue Nov 14 11:24:07 2006] [info]  
> [rampart][rampart_in_handler] Validating Timestamp is SUCCESS [Tue Nov

> 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\engine.c(762) Invoking phase Dispatch [Tue 
> Nov 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
> addressing_based_dispatcher within the phase Dispatch [Tue Nov 14 
> 11:24:07 2006] [debug]
> ..\..\modules\core\engine\addr_disp.c(108) Checking for service using 
> WSA enpoint address : 
> http://localhost:8181/axis2/services/ttwebservices
> [Tue Nov 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\addr_disp.c(138) Service found using WSA 
> enpoint address [Tue Nov 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
> request_uri_based_dispatcher within the phase Dispatch [Tue Nov 14 
> 11:24:07 2006] [debug]
> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
> soap_action_based_dispatcher within the phase Dispatch [Tue Nov 14 
> 11:24:07 2006] [debug]
> ..\..\modules\core\engine\soap_action_disp.c(108) Checking for 
> operation using SOAPAction :
> [Tue Nov 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
> soap_message_body_based_dispatcher within the phase Dispatch [Tue Nov 
> 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\soap_body_disp.c(198) Checking for operation

> using SOAP message body's first child's local name : CreatePrimaryItem

> [Tue Nov 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\soap_body_disp.c(207) Operation found using 
> SOAP message body's first child's local name [Tue Nov 14 11:24:07 
> 2006] [debug]
> ..\..\modules\core\engine\engine.c(762) Invoking phase PostDispatch 
> [Tue Nov 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
> dispatch_post_conditions_evaluator within the phase PostDispatch [Tue 
> Nov 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
> context_handler within the phase PostDispatch [Tue Nov 14 11:24:07 
> 2006] [debug]
> ..\..\modules\core\engine\engine.c(762) Invoking phase 
> PolicyDetermination [Tue Nov 14 11:24:07 2006] [error]
> ..\..\modules\core\receivers\raw_xml_in_out_msg_recv.c(114) Impl 
> object for service 'ttwebservices' not set in message receiver. 0 :: 
> No Error [Tue Nov 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\engine.c(445) Axis2 engine receive 
> successful [Tue Nov 14 11:24:07 2006] [debug]
> ..\..\modules\core\engine\engine.c(762) Invoking phase MessageOut [Tue

> Nov 14 11:24:07 2006] [info]  Request served successfully
>
> Thanks,
>
> -Dave.
>
> -----Original Message-----
> From: Dave Meier [mailto:DMeier@SERENA.com]
> Sent: Tuesday, November 14, 2006 7:35 AM
> To: Apache AXIS C User List
> Subject: RE: [Axis2] rampart problem using WS-SECURITY
>
> Thanks for the quick fix - I'll go try it out right now.
>
> I am using Visual Studio 2005 C# on the client side.  We'll be 
> supporting C#, Axis2 Java and Axis2C for our client side 
> implementations.  Other projects here already use Axis2 for Java.
>
> -Dave.
>
> -----Original Message-----
> From: Kaushalye Kapuruge [mailto:kaushalye@wso2.com]
> Sent: Tuesday, November 14, 2006 1:24 AM
> To: Apache AXIS C User List
> Subject: Re: [Axis2] rampart problem using WS-SECURITY
>
> Kaushalye Kapuruge wrote:
>   
>> Dave Meier wrote:
>>     
>>> I have the rampart module hooked up and my password callback is 
>>> called correctly.  But after successful validation, my web service 
>>> method does not get called.  Instead I get back the following
>>>       
> response:
>   
>>> <?xml version="1.0" encoding="UTF-8" ?> <soapenv:Envelope 
>>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>>>     <soapenv:Header />
>>>     <soapenv:Body>
>>>         <soapenv:Fault>
>>>             <faultcode>soapenv:MustUnderstand</faultcode>
>>>             <faultstring>Header not understood</faultstring>
>>>         </soapenv:Fault>
>>>     </soapenv:Body>
>>> </soapenv:Envelope>
>>>
>>> This occurs after the userid and password have already been
>>>       
> validated.
>   
>>> Here are the log entries:
>>>
>>> [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\transport\http\http_worker.c(204) Client HTTP 
>>> version
>>> HTTP/1.1
>>> [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\axiom\src\soap\soap_builder.c(840) Identified soap version is
>>> soap11
>>> [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\engine.c(762) Invoking phase TransportIn 
>>> [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\engine.c(762) Invoking phase PreDispatch 
>>> [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
>>> AddressingInHandler within the phase PreDispatch [Mon Nov 13 
>>> 17:01:14
>>>       
>
>   
>>> 2006] [info]  Starting addressing in handler .........
>>> [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
>>> RampartInHandler within the phase PreDispatch [Mon Nov 13 17:01:14 
>>> 2006] [info]  [rampart][rampart_in_handler]Inflow
>>> Security found
>>> [Mon Nov 13 17:01:14 2006] [info]  [rampart][rampart_in_handler] 
>>> Validating UsernameToken [Mon Nov 13 17:01:14 2006] [info] 
>>> [rampart][rampart_in_handler] Validating UsernameToken SUCCESS [Mon 
>>> Nov 13 17:01:14 2006] [info]  [rampart][rampart_in_handler] 
>>> Validating Timestamp [Mon Nov 13 17:01:14 2006] [info] 
>>> [rampart][rampart_in_handler] Validating Timestamp is SUCCESS [Mon 
>>> Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\engine.c(762) Invoking phase Dispatch [Mon

>>> Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
>>> addressing_based_dispatcher within the phase Dispatch [Mon Nov 13
>>> 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\addr_disp.c(99) Checking for service using

>>> WSA enpoint address :
>>> http://localhost:8181/axis2/services/ttwebservices
>>> [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\addr_disp.c(129) Service found using WSA 
>>> enpoint address [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
>>> request_uri_based_dispatcher within the phase Dispatch [Mon Nov 13
>>> 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
>>> soap_action_based_dispatcher within the phase Dispatch [Mon Nov 13
>>> 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\soap_action_disp.c(106) Checking for 
>>> operation using SOAPAction : [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
>>> soap_message_body_based_dispatcher within the phase Dispatch [Mon 
>>> Nov
>>>       
>
>   
>>> 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\soap_body_disp.c(196) Checking for 
>>> operation using SOAP message body's first child's local name :
>>> CreatePrimaryItem [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\soap_body_disp.c(205) Operation found 
>>> using
>>>       
>
>   
>>> SOAP message body's first child's local name [Mon Nov 13 17:01:14 
>>> 2006] [debug]
>>> ..\..\modules\core\engine\engine.c(762) Invoking phase PostDispatch 
>>> [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
>>> dispatch_post_conditions_evaluator within the phase PostDispatch 
>>> [Mon
>>>       
>
>   
>>> Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\phase.c(356) Invoke the handler 
>>> context_handler within the phase PostDispatch [Mon Nov 13 17:01:14 
>>> 2006] [debug]
>>> ..\..\modules\core\engine\engine.c(762) Invoking phase 
>>> PolicyDetermination [Mon Nov 13 17:01:14 2006] [debug]
>>> ..\..\modules\core\engine\engine.c(762) Invoking phase MessageOut 
>>> [Mon Nov 13 17:01:14 2006] [info]  Request served successfully
>>>
>>> I did have mustUnderstand set in the request like this: 
>>> "<wsse:Security soap:mustUnderstand="1">
>>>   
>>>       
>> Rampart_in_handler should set this relaying attribute to false after 
>> processing. Thanks for pointing this out.
>> BTW, are you using a rampart in the client side as well? Or is it 
>> another implementation? :) 'Coz rampart doesn't set mustUnderstand=1.
>>     
>>> How can I get around this?
>>>       
> Get the latest code from the svn.
> Cheers,
>   
>>> Thanks,
>>>
>>> -Dave.
>>>
>>> ********************************************************************
>>> *
>>> * This email and any files transmitted with it are confidential and 
>>> intended solely for the use of the individual or entity to whom they

>>> are addressed. Any unauthorized review, use, disclosure or 
>>> distribution is prohibited. If you are not the intended recipient, 
>>> please contact the sender by reply e-mail and destroy all copies of 
>>> the original message.
>>>
>>>
>>> --------------------------------------------------------------------
>>> - To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>>>
>>>
>>>   
>>>       
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>>
>>
>>     
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org


Mime
View raw message