axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Samisa Abeysinghe (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (RAMPART-300) Rampart automaticaly tries to load an "Encryption user" if the security policy defines the use of a UsernameToken with a AsymmetricBinding
Date Tue, 21 Dec 2010 23:22:00 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Samisa Abeysinghe resolved RAMPART-300.
---------------------------------------

       Resolution: Fixed
    Fix Version/s: NextVersion
         Assignee: Samisa Abeysinghe  (was: Ruchith Udayanga Fernando)

Fix for RAMPART-225 should also fix this issue

> Rampart automaticaly tries to load an "Encryption user" if the security policy defines
the use of a UsernameToken with a AsymmetricBinding
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-300
>                 URL: https://issues.apache.org/jira/browse/RAMPART-300
>             Project: Rampart
>          Issue Type: Bug
>         Environment: OS: Linux. Axis2, RAMPART 1.5
>            Reporter: cerbero
>            Assignee: Samisa Abeysinghe
>             Fix For: NextVersion
>
>
> Rampart automaticaly tries to load an "Encryption user" if the security policy defines
the use of a UsernameToken with a AsymmetricBinding
> I have a service implemented using Websphere Message Broker and I'm developing an axis2
client for this service. 
> To use this service, the message's body must be signed, to sign the message I created
the following policy (based on rampart sample03):
> <?xml version="1.0" encoding="UTF-8"?>
> <wsp:Policy wsu:Id="SigOnly"
> 	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> 	xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> 	<wsp:ExactlyOne>
> 		<wsp:All>
> 			<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<wsp:Policy>
> 					<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
/>
> 				</wsp:Policy>
> 			</sp:SupportingTokens>
> 			<sp:AsymmetricBinding
> 				xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<wsp:Policy>
> 					<sp:InitiatorToken>
> 						<wsp:Policy>
> 							<sp:X509Token
> 								sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> 								<wsp:Policy>
> 									<sp:RequireThumbprintReference />
> 									<sp:WssX509V3Token10 />
> 								</wsp:Policy>
> 							</sp:X509Token>
> 						</wsp:Policy>
> 					</sp:InitiatorToken>
> 					<sp:RecipientToken>
> 						<wsp:Policy>
> 							<sp:X509Token
> 								sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> 								<wsp:Policy>
> 									<!-- <sp:RequireThumbprintReference /> -->
> 									<sp:WssX509V3Token10 />
> 								</wsp:Policy>
> 							</sp:X509Token>
> 						</wsp:Policy>
> 					</sp:RecipientToken>
> 					<sp:AlgorithmSuite>
> 						<wsp:Policy>
> 							<sp:Basic128Rsa15 />
> 						</wsp:Policy>
> 					</sp:AlgorithmSuite>
> 					<sp:Layout>
> 						<wsp:Policy>
> 							<sp:Strict />
> 						</wsp:Policy>
> 					</sp:Layout>
> 					<!-- <sp:IncludeTimestamp /> -->
> 					<!-- <sp:OnlySignEntireHeadersAndBody /> -->
> 				</wsp:Policy>
> 			</sp:AsymmetricBinding>
> 			<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<wsp:Policy>
> 					<sp:MustSupportRefKeyIdentifier />
> 					<sp:MustSupportRefIssuerSerial />
> 				</wsp:Policy>
> 			</sp:Wss10>
> 			<sp:SignedParts
> 				xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<sp:Body />
> 			</sp:SignedParts>
> 			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> 				<ramp:user>client</ramp:user>
> 				<ramp:userCertAlias>client</ramp:userCertAlias>
> 			   <!-- <ramp:encryptionUser>client</ramp:encryptionUser> --> 
> 				<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler
> 				</ramp:passwordCallbackClass>
> 				<ramp:signatureCrypto>
> 					<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> 						<ramp:property
> 							name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> 						<ramp:property name="org.apache.ws.security.crypto.merlin.file">/home/.../src/client.jks
> 						</ramp:property>
> 						<ramp:property
> 							name="org.apache.ws.security.crypto.merlin.keystore.password">changeme</ramp:property>
> 					</ramp:crypto>
> 				</ramp:signatureCrypto>
> 			</ramp:RampartConfig>
> 		</wsp:All>
> 	</wsp:ExactlyOne>
> </wsp:Policy>
> The problem is that rampart is trying to retrieve "Encryption user" to encrypt the mesage,
but I only wish sign the mesage.
> org.apache.axis2.AxisFault: Encryption user not specified (The context is created by
the initiating party)
> 	at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
> 	at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> 	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> 	at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
> 	at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
> 	at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> 	at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> 	at org.example.www.echoservice.EchoServiceStub.send(EchoServiceStub.java:187)
> 	at TesteSignOnly.main(TesteSignOnly.java:45)
> Caused by: org.apache.rampart.RampartException: Encryption user not specified (The context
is created by the initiating party)
> 	at org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1254)
> 	at org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1242)
> 	at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:536)
> 	at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:95)
> 	at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> 	at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
> 	... 8 more
> the code works fine, the message is signed, if I take out the snippet:
> 	<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 		<wsp:Policy>
> 			<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
/>
> 		</wsp:Policy>
> 	</sp:SupportingTokens>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message