axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thilina Mahesh Buddhika <thilin...@gmail.com>
Subject Re: [axis2] Authentication failed. Security failed.
Date Thu, 24 Feb 2011 12:52:47 GMT
Can you please try this with latest Rampart release, i.e. 1.5.1. It was
released against Axis2 1.5.4

Thanks,
Thilina

On Thu, Feb 24, 2011 at 4:55 PM, Rananjay Singh <
rananjay.singh@esteltelecom.com> wrote:

>  *Hi axis team,*
>
> * *
>
> *I am facing a big security problem while using axis server to develop web
> service.*
>
> *My web service is hosted in axis server and using rampat module for
> security.*
>
> *  *
>
> *I am sending soap request to get response from web service with username
> and plan text password.*
>
> * *
>
> *My Request is as follows------------- *
>
>
>
> <?xml version='1.0' encoding='utf-8'?>
>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/
> "><soapenv:Header>
>
> <wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
>
> <wsse:*UsernameToken xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu*:Id="UsernameToken-22743805">
>
> <wsse:Username> clientuser </wsse:Username>
>
> <wsse:Password Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
> Common123#</</wsse:Password>
>
> </wsse:UsernameToken>
>
> </wsse:Security>
>
> </soapenv:Header>
>
> <soapenv:Body>
>
> <ns1:echo xmlns:ns1="http://RampatSecurityTest/xsd"><param0>Hello
> world</param0></ns1:echo></soapenv:Body></soapenv:Envelope>
>
>
>
> *It is authenticating user name and password.*
>
> *But when I am changing my request as follows:------------------*
>
>
>
> <?xml version='1.0' encoding='utf-8'?>
>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/
> "><soapenv:Header>
>
> <wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
>
> <wsse:*UsernameToken xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsse*:Id="UsernameToken-22743805">
>
> <wsse:Username>clientuser</wsse:Username>
>
> <wsse:Password Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> ">Common123#</wsse:Password>
>
> </wsse:UsernameToken>
>
> </wsse:Security>
>
> </soapenv:Header>
>
> <soapenv:Body>
>
> <ns1:echo xmlns:ns1="http://RampatSecurityTest/xsd"><param0>Hello
> world</param0></ns1:echo></soapenv:Body></soapenv:Envelope>
>
>
>
> *It is not authenticating user name and password and directly executing
> operation echo.*
>
> *Difference in request is highlighted.*
>
> * *
>
> *Please suggest solution to secure my web service.*
>
> * *
>
> *I am using following components:*
>
> * *
>
> *Axis2 version is 1.5.4*
>
> *rampart-1.3 with rahas-1.3*
>
> *server.xml (attached)*
>
> * *
>
> *Thanks and Regards,*
>
>
>
>
> _______________________________________________________________________________
>
> [image: smallest_logo.jpg]*Rananjay Singh*
>
> Asst Manager  - Technical , Estel **
>
> [image: phone]+91 124 *257 8200    *[image: mobile_1.gif]+91 9868 591004
>
> [image: email.gif] rananjay.singh@esteltelecom.com | www.esteltelecom.com
>
>
>
> *DISCLAIMER:*
> The information contained in this message (including any attachments) is
> confidential and may be privileged. If you have received it by mistake
> please notify the sender by return e-mail and permanently delete this
> message and any attachments from your system.
>
>
>
> [image: cid:image005.png@01CA7F46.6C6AFE70]
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-dev-help@axis.apache.org
>



-- 
Thilina Mahesh Buddhika
http://blog.thilinamb.com

Mime
View raw message