axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From SivaKumarl <sivakum...@naradaproducts.com>
Subject Re: Rampart alias in null
Date Tue, 22 Dec 2009 04:09:43 GMT

Hi Prabath,

             I have rollback my policy.xml to direct inflow and outflow
security. Now i am getting the request with encrypted data but some of the
data missing from .NET client, please the below error details and
configuration of services.xml and .NET app.config file

Errordetails

2009-12-17 01:31:07,128 [TP-Processor22] INFO 
org.apache.ws.security.message.token.SecurityTokenReference  -
X509IssuerSerial alias: null
2009-12-17 01:31:07,128 [TP-Processor22] DEBUG
org.apache.ws.security.processor.EncryptedKeyProcessor  - X509IssuerSerial
alias: null
2009-12-17 01:31:07,128 [TP-Processor22] INFO 
com.ycs.narada.services.PasswordCallBackHandler  - PasswordCallback handle
2009-12-17 01:31:07,128 [TP-Processor22] INFO 
com.ycs.narada.services.PasswordCallBackHandler  - Identifier::null
2009-12-17 01:31:07,128 [TP-Processor22] DEBUG
org.apache.rampart.handler.WSDoAllReceiver  - WSDoAllReceiver: exit invoke()
2009-12-17 01:31:07,128 [TP-Processor22] ERROR
org.apache.axis2.engine.AxisEngine  - WSDoAllReceiver: security processing
failed
org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
at
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:214)
at
org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86)
at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid; nested exception is: 
java.lang.Exception: alias is null
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:292)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:92)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:80)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
at
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:211)
... 24 more
Caused by: java.lang.Exception: alias is null
at
org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:137)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:290)
... 29 more


Services.xml:
<module ref="rampart" />
      <parameter name="InflowSecurity">
        <action>
          <items>Encrypt Signature</items>
<passwordCallbackClass>com.ycs.test.PasswordCallBackHandler</passwordCallbackClass>
          <decryptionPropFile>service.properties</decryptionPropFile>
           <signaturePropFile>service.properties</signaturePropFile>
          </action>
      </parameter>

      <parameter name="OutflowSecurity">
        <action>
         <items>Encrypt Signature</items>
         <user>service</user>
         <encryptionUser>client</encryptionUser>
         <encryptionPropFile>service.properties</encryptionPropFile>
       
<passwordCallbackClass>com.ycs.test.PasswordCallBackHandler</passwordCallbackClass>
        <signaturePropFile>service.properties</signaturePropFile>
        <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>

        </action>
      </parameter>


app.config:

  <client>
      
        <endpoint address="http://localhost:1919/testWs/services/HelloWorld"
          behaviorConfiguration="ClientCertBehavior" binding="customBinding"
          bindingConfiguration="JavaInterop"
contract="localhost.HelloWorldPortType"
          name="HelloWorldHttpSoap12Endpoint">
          <identity>
            <dns value="YALAMANCHILI" />
          </identity>
        </endpoint>
      </client>

      <bindings>
        <customBinding>
          <binding name="JavaInterop">
            <security defaultAlgorithmSuite="Basic128Rsa15"
allowSerializedSigningTokenOnReply="true"
              authenticationMode="MutualCertificate"
requireDerivedKeys="false"
              securityHeaderLayout="Lax" includeTimestamp="true"
messageProtectionOrder="EncryptBeforeSign"
             
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
              <issuedTokenParameters keyType="AsymmetricKey">
                <issuer address="" binding="customBinding"
bindingConfiguration="JavaInterop" />
                <issuerMetadata address="">
                  <identity>
                    <certificateReference x509FindType="FindByIssuerName"
isChainIncluded="false" />
                  </identity>
                </issuerMetadata>
              </issuedTokenParameters>
              <localClientSettings detectReplays="false" />
              <secureConversationBootstrap
defaultAlgorithmSuite="Basic128Rsa15"
                allowSerializedSigningTokenOnReply="true"
authenticationMode="MutualCertificate"
                requireDerivedKeys="false" securityHeaderLayout="Lax"
messageProtectionOrder="EncryptBeforeSign">
                <issuedTokenParameters keyType="AsymmetricKey" />
              </secureConversationBootstrap>
            </security>
            <textMessageEncoding messageVersion="Default" />
            <httpTransport />
          </binding>
        </customBinding>
      </bindings>


      <behaviors>
        <endpointBehaviors>
          <behavior name="ClientCertBehavior">
            <clientCredentials>
              <clientCertificate findValue="f1 88 d8 95 76 76 5b be 74 53 90
92 fc cf 16 e0 67 5e 4d 34"
                storeLocation="CurrentUser" storeName="My"
x509FindType="FindByThumbprint" />
              <serviceCertificate>
                <defaultCertificate findValue="d4 79 bc 17 94 3a 3c 14 a1 a2
1f c7 ba b7 a7 3e 08 1b 0a 8d"
                  storeLocation="CurrentUser" storeName="My"
x509FindType="FindByThumbprint" />
                <authentication certificateValidationMode="None"
revocationMode="NoCheck" />
              </serviceCertificate>
              <peer>
                <peerAuthentication certificateValidationMode="None" />
                <messageSenderAuthentication
certificateValidationMode="None"
                  revocationMode="NoCheck" />
              </peer>
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
      </behaviors>

              Kindly help me, i am struggling from last one week.

Thanks in Advance
---------------
Sivakumar


Prabath Siriwardena-2 wrote:
> 
> Hi Siva;
> 
> Once you auto generate the proxy for the java service with .NET - it  
> will generate the app.config in a policy compliant manner...
> 
> ---------------------------------------------
> Thanks & Regards
> Prabath Siriwardena
> 
> http://blog.facilelogin.com
> http://RampartFAQ.com
> 
> On Dec 20, 2009, at 6:30 PM, SivaKumarl  
> <sivakumarl@naradaproducts.com> wrote:
> 
>>
>> Hi Prabath,
>>               Now i defined a security policy for my service, can you
>> please provide the alternate policy for .NET client. kindly find the  
>> below
>> policy file for java
>>
>> <wsp:Policy wsu:Id="SecConvPolicy2"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd

>> "
>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>>    <wsp:ExactlyOne>
>>        <wsp:All>
>>            <sp:SymmetricBinding
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>                <wsp:Policy>
>>                    <sp:ProtectionToken>
>>                        <wsp:Policy>
>>                            <sp:SecureConversationToken
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient

>> ">
>>                                <wsp:Policy>
>>                                    <sp:RequireDerivedKeys/>
>>                                    <sp:BootstrapPolicy>
>>                                        <wsp:Policy>
>>                                            <sp:EncryptedParts>
>>                                                <sp:Body/>
>>                                            </sp:EncryptedParts>
>>                                            <sp:SymmetricBinding>
>>                                                <wsp:Policy>
>>                                                     
>> <sp:ProtectionToken>
>>                                                        <wsp:Policy>
>>                                                             
>> <sp:X509Token
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never

>> ">
>>                                                                 
>> <wsp:Policy>
>>                                                                     
>> <sp:RequireDerivedKeys/>
>>                                                                     
>> <sp:RequireThumbprintReference/>
>>                                                                     
>> <sp:WssX509V3Token10/>
>>                                                                </ 
>> wsp:Policy>
>>                                                            </ 
>> sp:X509Token>
>>                                                        </wsp:Policy>
>>                                                    </ 
>> sp:ProtectionToken>
>>                                                    <sp:AlgorithmSuite>
>>                                                        <wsp:Policy>
>>                                                             
>> <sp:Basic128Rsa15/>
>>                                                        </wsp:Policy>
>>                                                    </ 
>> sp:AlgorithmSuite>
>>                                                    <sp:Layout>
>>                                                        <wsp:Policy>
>>                                                             
>> <sp:Strict/>
>>                                                        </wsp:Policy>
>>                                                    </sp:Layout>
>>                                                     
>> <sp:IncludeTimestamp/>
>>                                                     
>> <sp:EncryptSignature/>
>>                                                     
>> <sp:OnlySignEntireHeadersAndBody/>
>>                                                </wsp:Policy>
>>                                            </sp:SymmetricBinding>
>>                                             
>> <sp:EndorsingSupportingTokens>
>>                                                <wsp:Policy>
>>                                                    <sp:X509Token
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient

>> ">
>>                                                        <wsp:Policy>
>>                                                             
>> <sp:RequireThumbprintReference/>
>>                                                             
>> <sp:WssX509V3Token10/>
>>                                                        </wsp:Policy>
>>                                                    </sp:X509Token>
>>                                                </wsp:Policy>
>>                                            </ 
>> sp:EndorsingSupportingTokens>
>>                                            <sp:Wss11>
>>                                                <wsp:Policy>
>>                                                     
>> <sp:MustSupportRefKeyIdentifier/>
>>                                                     
>> <sp:MustSupportRefIssuerSerial/>
>>                                                     
>> <sp:MustSupportRefThumbprint/>
>>                                                     
>> <sp:MustSupportRefEncryptedKey/>
>>                                                     
>> <sp:RequireSignatureConfirmation/>
>>                                                </wsp:Policy>
>>                                            </sp:Wss11>
>>                                            <sp:Trust10>
>>                                                <wsp:Policy>
>>                                                     
>> <sp:MustSupportIssuedTokens/>
>>                                                     
>> <sp:RequireClientEntropy/>
>>                                                     
>> <sp:RequireServerEntropy/>
>>                                                </wsp:Policy>
>>                                            </sp:Trust10>
>>                                        </wsp:Policy>
>>                                    </sp:BootstrapPolicy>
>>                                </wsp:Policy>
>>                            </sp:SecureConversationToken>
>>                        </wsp:Policy>
>>                    </sp:ProtectionToken>
>>                    <sp:AlgorithmSuite>
>>                        <wsp:Policy>
>>                            <sp:Basic128Rsa15/>
>>                        </wsp:Policy>
>>                    </sp:AlgorithmSuite>
>>                    <sp:Layout>
>>                        <wsp:Policy>
>>                            <sp:Strict/>
>>                        </wsp:Policy>
>>                    </sp:Layout>
>>                    <sp:IncludeTimestamp/>
>>                    <sp:EncryptSignature/>
>>                    <sp:OnlySignEntireHeadersAndBody/>
>>                </wsp:Policy>
>>            </sp:SymmetricBinding>
>>            <sp:Wss11
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>                <wsp:Policy>
>>                    <sp:MustSupportRefKeyIdentifier/>
>>                    <sp:MustSupportRefIssuerSerial/>
>>                    <sp:MustSupportRefThumbprint/>
>>                    <sp:MustSupportRefEncryptedKey/>
>>                </wsp:Policy>
>>            </sp:Wss11>
>>            <sp:Trust10
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>                <wsp:Policy>
>>                    <sp:MustSupportIssuedTokens/>
>>                    <sp:RequireClientEntropy/>
>>                    <sp:RequireServerEntropy/>
>>                </wsp:Policy>
>>            </sp:Trust10>
>>            <sp:EncryptedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>                <sp:Body/>
>>            </sp:EncryptedParts>
>>            <ramp:RampartConfig
>> xmlns:ramp="http://ws.apache.org/rampart/policy 
>> ">
>>                <ramp:user>client</ramp:user>
>>                <ramp:encryptionUser>service</ramp:encryptionUser>
>>
>> <ramp:passwordCallbackClass>com.test.ws.PWCBHandler</ 
>> ramp:passwordCallbackClass>
>>
>>                <ramp:signatureCrypto>
>>                    <ramp:crypto
>> provider="org.apache.ws.security.components.crypto.Merlin">
>>                        <ramp:property
>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ 
>> ramp:property>
>>                        <ramp:property
>> name="org.apache.ws.security.crypto.merlin.file">client.jks</ 
>> ramp:property>
>>                        <ramp:property
>> name= 
>> "org.apache.ws.security.crypto.merlin.keystore.password">apache</ 
>> ramp:property>
>>                    </ramp:crypto>
>>                </ramp:signatureCrypto>
>>                <ramp:encryptionCypto>
>>                    <ramp:crypto
>> provider="org.apache.ws.security.components.crypto.Merlin">
>>                        <ramp:property
>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ 
>> ramp:property>
>>                        <ramp:property
>> name="org.apache.ws.security.crypto.merlin.file">client.jks</ 
>> ramp:property>
>>                        <ramp:property
>> name= 
>> "org.apache.ws.security.crypto.merlin.keystore.password">apache</ 
>> ramp:property>
>>                    </ramp:crypto>
>>                </ramp:encryptionCypto>
>>
>>            </ramp:RampartConfig>
>>        </wsp:All>
>>    </wsp:ExactlyOne>
>> </wsp:Policy>
>> Thanks & Regards
>> --------
>> Siva
>>
>>
>>
>> SivaKumarl wrote:
>>>
>>> Hi Friends,
>>>
>>>               I have developed webservices in java and enabled the
>>> security for this services. My client is in .NET ,when client  
>>> connection i
>>> am getting the below error.
>>>
>>>
>>> Caused by: org.apache.ws.security.WSSecurityException: The  
>>> signature or
>>> decryption was invalid; nested exception is:
>>>        java.lang.Exception: alias is null
>>>
>>>          Friends kindly help me to solve this problem.
>>>
>>> Thanks & Regards
>>> -----------
>>> Siva kumar.
>>>
>>>
>>
>> -- 
>> View this message in context:
>> http://old.nabble.com/Rampart-alias-in-null-tp26825462p26863236.html
>> Sent from the Axis - Dev mailing list archive at Nabble.com.
>>
> 
> 

-- 
View this message in context: http://old.nabble.com/Rampart-alias-in-null-tp26825462p26883683.html
Sent from the Axis - Dev mailing list archive at Nabble.com.


Mime
View raw message