axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arjuna Chala" <arjunach...@gmail.com>
Subject Re: WS-Security and Rampart
Date Fri, 12 May 2006 04:07:09 GMT
Ruchith,

Here is what I did so far:-

Client code:

 public static void main(String[] args) throws Exception {
        ConfigurationContextFactory ccf = new ConfigurationContextFactory();

        ConfigurationContext context =
ccf.createConfigurationContextFromFileSystem("C:/Projects/Sandbox/Axis2XMLBeansClient/repo",
                "C:/Projects/Sandbox/Axis2XMLBeansClient/repo/conf/axis2.xml");

        TemplateServiceStub stub = new TemplateServiceStub(context,
"http://localhost:9000/Axis/services/templateService");

        Options options = new Options();
        options.setProperty("user", "test");

        stub._getServiceClient().setOptions(options);

        TemplateV1RequestDocument reqDoc =
TemplateV1RequestDocument.Factory.newInstance();

        TemplateV1RequestDocument.TemplateV1Request request =
reqDoc.addNewTemplateV1Request();

        request.setNewName("TEST");

        TemplateV1ResponseDocument respDoc =
stub.clientRequestTemplateV1(reqDoc);

        System.out.println("Done " +
respDoc.getTemplateV1Response().getNewName());
    }

Client Axis2.xml:


<axisconfig name="AxisJava2.0">

    <!-- Engage the security module -->
    <module ref="rampart"/>

    <parameter name="OutflowSecurity">
        <action>
            <items>UsernameToken</items>
            <passwordCallbackClass>PasswordCallbackHandler</passwordCallbackClass>
            <passwordType>PasswordText</passwordType>
        </action>
    </parameter>

    <!-- ================================================= -->
    <!-- Parameters -->
    <!-- ================================================= -->
    <parameter name="hotdeployment" locked="false">true</parameter>
    <parameter name="hotupdate" locked="false">false</parameter>
    <parameter name="enableMTOM" locked="false">false</parameter>
    <!-- Uncomment this to enable REST support -->
    <!--    <parameter name="enableREST" locked="false">true</parameter>-->


    <parameter name="userName" locked="false">admin</parameter>
    <parameter name="password" locked="false">axis2</parameter>

    <!-- ================================================= -->
    <!-- Message Receivers -->
    <!-- ================================================= -->
    <!--This is the Deafult Message Receiver for the system , if you
want to have MessageReceivers for -->
    <!--all the other MEP implement it and add the correct entry to
here , so that you can refer from-->
    <!--any operation -->
    <!--Note : You can ovride this for particular service by adding
the same element with your requirement-->
    <messageReceivers>
        <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"

class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
        <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"

class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
    </messageReceivers>
    <!-- ================================================= -->
    <!-- Transport Ins -->
    <!-- ================================================= -->
    <transportReceiver name="http"
                       class="org.apache.axis2.transport.http.SimpleHTTPServer">
        <parameter name="port" locked="false">6060</parameter>
        <!--If you want to give your own host address for EPR generation-->
        <!--uncommet following paramter , and set as you required.-->
        <!--<parameter name="hostname"
locked="false">http://myApp.com/ws</parameter>-->
    </transportReceiver>

    <transportReceiver name="tcp"
                       class="org.apache.axis2.transport.tcp.TCPServer">
        <parameter name="port" locked="false">6061</parameter>
        <!--If you want to give your own host address for EPR generation-->
        <!--uncommet following paramter , and set as you required.-->
        <!--<parameter name="hostname"
locked="false">tcp://myApp.com/ws</parameter>-->
    </transportReceiver>

    <!-- ================================================= -->
    <!-- Transport Outs -->
    <!-- ================================================= -->

    <transportSender name="tcp"
                     class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
    <transportSender name="local"

class="org.apache.axis2.transport.local.LocalTransportSender"/>
    <transportSender name="jms"
                     class="org.apache.axis2.transport.jms.JMSSender"/>
    <transportSender name="http"

class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
        <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
        <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
    </transportSender>
    <transportSender name="https"

class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
        <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
        <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
    </transportSender>

    <!-- ================================================= -->
    <!-- Phases  -->
    <!-- ================================================= -->
    <phaseOrder type="inflow">
        <!--  System pre defined phases       -->
         <phase name="Transport">
            <handler name="RequestURIBasedDispatcher"
                     class="org.apache.axis2.engine.RequestURIBasedDispatcher">
                <order phase="Dispatch"/>
            </handler>
            <handler name="SOAPActionBasedDispatcher"
                     class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
                <order phase="Dispatch"/>
            </handler>
        </phase>
        <phase name="Security"/>
        <phase name="PreDispatch"/>
        <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
            <handler name="AddressingBasedDispatcher"
                     class="org.apache.axis2.engine.AddressingBasedDispatcher">
                <order phase="Dispatch"/>
            </handler>

            <handler name="SOAPMessageBodyBasedDispatcher"

class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
                <order phase="Dispatch"/>
            </handler>
            <handler name="InstanceDispatcher"
                     class="org.apache.axis2.engine.InstanceDispatcher">
                <order phase="PostDispatch"/>
            </handler>
        </phase>
        <!--  System pre defined phases       -->
        <!--   After Postdispatch phase module author or or service
author can add any phase he want      -->
        <phase name="OperationInPhase"/>
    </phaseOrder>
    <phaseOrder type="outflow">
        <!--      user can add his own phases to this area  -->
        <phase name="OperationOutPhase"/>
        <!--system predefined phase-->
        <!--these phase will run irrespective of the service-->
        <phase name="PolicyDetermination"/>
        <phase name="MessageOut"/>
    </phaseOrder>
    <phaseOrder type="INfaultflow">
        <phase name="PreDispatch"/>
        <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
            <handler name="RequestURIBasedDispatcher"
                     class="org.apache.axis2.engine.RequestURIBasedDispatcher">
                <order phase="Dispatch"/>
            </handler>

            <handler name="SOAPActionBasedDispatcher"
                     class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
                <order phase="Dispatch"/>
            </handler>

            <handler name="AddressingBasedDispatcher"
                     class="org.apache.axis2.engine.AddressingBasedDispatcher">
                <order phase="Dispatch"/>
            </handler>

            <handler name="SOAPMessageBodyBasedDispatcher"

class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
                <order phase="Dispatch"/>
            </handler>
            <handler name="InstanceDispatcher"
                     class="org.apache.axis2.engine.InstanceDispatcher">
                <order phase="PostDispatch"/>
            </handler>
        </phase>
        <!--      user can add his own phases to this area  -->
        <phase name="OperationInFaultPhase"/>
    </phaseOrder>
    <phaseOrder type="Outfaultflow">
        <!--      user can add his own phases to this area  -->
        <phase name="OperationOutFaultPhase"/>
        <phase name="PolicyDetermination"/>
        <phase name="MessageOut"/>
    </phaseOrder>
    </axisconfig>


Now I get the following error when the stub.clientRequestTemplateV1(reqDoc);
call is made:

Exception in thread "main" org.apache.axis2.AxisFault: No address
information in EPR, cannot infer transport
        at org.apache.axis2.description.ClientUtils.inferOutTransport(ClientUtils.java:40)
        at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:237)
        at com.choicepoint.services.template.TemplateServiceStub.clientRequestTemplateV1(TemplateServiceStub.java:133)
        at XMLBeansClient.main(XMLBeansClient.java:36)


Can you help? Thanks.

I also have the following questions:

1. Is there an alternative method to create the context without using
the "createConfigurationContextFromFileSystem" call? I will require to
create the context from within a packaged war file.
2. What is the minimum axis2.xml contents required to run the client?










On 5/11/06, Arjuna Chala <arjunachala@gmail.com> wrote:
> This information is awesome. Keep up the great work. Will give it a try.
>
> Thanks
>
> On 5/11/06, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> > Hi,
> >
> > Yes ... you are on the right track as for the usage of the password callback.
> >
> > I will explain how to handle your case specifically:
> >
> > You will have to create a ServiceClient (or use stub) in the web
> > application and call the web service. And the configuration context
> > used for this client will have to be created using a repository with
> > the "rampart" module in it. This repository can be anywhere that is
> > accessible by the client/stub in the web app.
> >
> > You must also provide an axis2.xml file to when creating the above
> > configuration context that is to be used by the client. This axis2.xml
> > will contain the security configuration and it should appear as shown
> > below:
> >
> >  <module ref="rampart" />
> >
> >    <parameter name="OutflowSecurity">
> >      <action>
> >        <items>UsernameToken</items>
> > <passwordCallbackClass>your.password.CallbackHandlerClass</passwordCallbackClass>
> >        <passwordType>PasswordText</passwordType>
> >      </action>
> >    </parameter>
> >
> > Usually we will have a <user>yourusrname</user> child element within
> > the <action> element. But in this case we are leaving it out since
> > your client will have to deal with different usernames.
> >
> > The point at which when your client is called you will have the
> > username that you want to include in the UsernameToken. Now you will
> > have to set that username as a parameter in the options object of the
> > service client or the stub.
> >
> > In the case of ServiceClient you can do the following:
> >
> > ServiceClient serviceClient = new ServiceClient(yourConfCtx,
> > "path/to/your/axis2.xml");
> > Options options = new Options();
> >
> > //Set the 'user' property
> > options.setProperty("user", yourUserName);
> > serviceClient.setOptions(options);
> >
> > In the case of a stub you can do the same by getting the options
> > object from the stub instance it self.
> >
> > The inclusion of the
> > <passwordType>PasswordText</passwordType>
> > child element in the <action> element ensures the password is sent as
> > a plain text password. If you want to send the digest of the password
> > (and the nonce etc.. according to the UT profile) , you can simply
> > remove this element.
> >
> > Assuming the webapp already has the knowledge of the passwords of a
> > given username you can simply code the
> > your.password.CallbackHandlerClass (mentioned in your configuration in
> > the client's axis2.xml) to set the appropriate password in the
> > WSPasswordCallback objects passed into the callback handler.
> >
> > If you have web client sending you both username and password to the
> > webapp if you have to set _both_ username and password that you
> > _received_ in the UsernameToken then you can remove the
> > <passwordCallbackClass>your.password.CallbackHandlerClass</passwordCallbackClass>
> > entry form the security config and set an instance of the callback
> > handler class in the options object as shown below:
> >
> > options.setProperty("passwordCallbackRef", pwCallbackHandlerInstace);
> >
> > Since in the above case we are creating the pwCallbackHandlerInstace
> > in the client code it self once we have both password and the username
> > you can make sure it set the correct password in the callback instance
> > provided into the handler.
> >
> > That's it :-) ... please try out the above scenarios.
> >
> > I know above configurations look a little bit messy and there _is_
> > another cleaner way to set the configuration completely dynamically
> > using
> > org.apache.axis2.security.handler.config.InflowConfiguration
> > org.apache.axis2.security.handler.config.OutflowConfiguration
> > But in the next release of "rampart' module these classes will be
> > refactored into the "org.apache.rampart.handler.config" package. This
> > will also require you to have the axis2-security-SNAPHOT.jar [1] in
> > the classpath.
> >
> > If you are interested please have a look at [2] for a sample usage of
> > org.apache.axis2.security.handler.config.OutflowConfiguration and
> > please ask if you have any questions :-)
> >
> > Thanks,
> > Ruchith
> >
> > [1] http://cvs.apache.org/dist/axis2/nightly
> > [2] http://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/Scenario1Test.java
> >
> > On 5/10/06, Arjuna Chala <arjunachala@gmail.com> wrote:
> > > Ruchith,
> > >
> > > Thanks for your reply. I checked out the sample that you were
> > > referring to. From studying the sample I could infer that I have to do
> > > the following:
> > >
> > > First, about my architecture:
> > >
> > >
> > > Web client (browser) calls web app ----> web app (war) calls web
> > > service ---> Axis Service
> > >
> > > My requirement is to be able to pass in the user credentials (can
> > > change on every call) from the web app to the web service. For now,
> > > all that I need is user authentication based on the WS-Security
> > > usernametoken.
> > >
> > > From your example, I understand that I have to create a Password
> > > callback class and initialize the user name and password in this
> > > class. Do you think I am on the right track here? Also, how should I
> > > be configuring the client repository in my web app?
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > On 5/10/06, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> > > > Please have a look at the "security" sample available in the
> > > > "samples/security" directory of  std-bin distribution.
> > > >
> > > > The samples/security/client_repo/conf/axis2.xml file contains the
> > > > client's configuration and the service's configuration is in the
> > > > services.xml file available in the META-INF dir of the
> > > > SecureService.aar
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > On 5/10/06, Arjuna Chala <arjunachala@gmail.com> wrote:
> > > > > I am having a hard time understanding the client configuration for
creating
> > > > > a WS-Security header for a web service stub call.  Can somebody please
point
> > > > > me to a place where I can find a concrete example of how to create
a client
> > > > > stub that is ws-security enabled.
> > > >
> > >
> >
>

Mime
View raw message