axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hasini Gunasinghe <hasi7...@gmail.com>
Subject Re: Security policy with policy attachments makes the service faulty in Axis2
Date Sun, 02 Oct 2011 17:42:59 GMT
Thanks a lot Andreas for the clarification and for the quick response...
It did work.

Thanks,
Hasini.

On Sun, Oct 2, 2011 at 8:20 PM, Andreas Veithen
<andreas.veithen@gmail.com>wrote:

> Hi,
>
> That is because there are two places in the policy where you have used
> <sp:Policy>, while it should be <wsp:Policy>. Previous versions of
> Axis2 didn't check the namespace and therefore didn't trigger an
> exception in this case. All versions of Axis2 based on Neethi 3.0.x
> (i.e. Axis2 >= 1.6.1) will reject such an invalid policy.
>
> Andreas
>
> On Sun, Oct 2, 2011 at 15:52, Hasini Gunasinghe <hasi7786@gmail.com>
> wrote:
> > Hi all,
> >
> > I have applied two different security policies to in and out messages of
> a
> > service operation using policy attachments.
> >
> > When I deployed the service in Axis2 with the policies included in the
> > services.xml as shown in [2], I get the following exception [1], at
> service
> > deployment time and the service is shown as a faulty service. (axis2 and
> > rampart built from trunk)
> >
> > When I deployed the same service in another application server, I didn't
> > encounter this error and I was able to access the policy engaged wsdl
> > without a problem.
> >
> > Could I please get some insight whether this may be due to anything wrong
> > with the security policy or could it be due to some other reason...
> >
> > Thanks in advance.
> > Hasini.
> >
> > [1] org.apache.axis2.deployment.DeploymentException:
> > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> > <wsp:Policy> element.
> >     at
> >
> org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150)
> >     at
> >
> org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:82)
> >     .............
> >     [ERROR] The sample09.aar service, which is not valid, caused
> > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> > <wsp:Policy> element.
> >     org.apache.axis2.deployment.DeploymentException:
> > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> > <wsp:Policy> element.
> >     at
> >
> org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150)
> >     .............
> >     Caused by: java.lang.IllegalArgumentException:
> > {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
> > <wsp:Policy> element.
> >     at
> > org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:177)
> >     at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:125)
> >     .............
> >
> > [2] <service>
> >     <operation name="echo">
> >         <messageReceiver
> > class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
> >     </operation>
> >     <parameter name="ServiceClass"
> >
> locked="false">org.apache.rampart.samples.policy.sample09.SimpleService</parameter>
> >
> >     <module ref="rampart"/>
> >     <module ref="addressing"/>
> >
> >     <wsp:PolicyAttachment
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> >         <wsp:AppliesTo>
> >             <policy-subject
> identifier="binding:soap11/operation:echo/in"/>
> >             <policy-subject
> identifier="binding:soap12/operation:echo/in"/>
> >         </wsp:AppliesTo>
> >         <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy"
> >
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >                     wsu:Id="EncryptOnly">
> >             <wsp:ExactlyOne>
> >                 <wsp:All>
> >                     <sp:SymmetricBinding
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >                         <wsp:Policy>
> >                             <sp:ProtectionToken>
> >                                 <wsp:Policy>
> >                                     <sp:X509Token
> >
> > sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> >                                         <wsp:Policy>
> >
> <sp:RequireThumbprintReference/>
> >                                             <sp:WssX509V3Token10/>
> >                                         </wsp:Policy>
> >                                     </sp:X509Token>
> >                                 </wsp:Policy>
> >                             </sp:ProtectionToken>
> >                             <sp:AlgorithmSuite>
> >                                 <wsp:Policy>
> >                                     <sp:Basic256/>
> >                                 </wsp:Policy>
> >                             </sp:AlgorithmSuite>
> >                             <sp:Layout>
> >                                 <wsp:Policy>
> >                                     <sp:Lax/>
> >                                 </wsp:Policy>
> >                             </sp:Layout>
> >                             <sp:IncludeTimestamp/>
> >                         </wsp:Policy>
> >                     </sp:SymmetricBinding>
> >                     <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >                         <sp:Body/>
> >                     </sp:EncryptedParts>
> >                     <sp:Wss11
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >                         <sp:Policy>
> >                             <sp:MustSupportRefKeyIdentifier/>
> >                             <sp:MustSupportRefIssuerSerial/>
> >                             <sp:MustSupportRefThumbprint/>
> >                             <sp:RequireSignatureConfirmation/>
> >                         </sp:Policy>
> >                     </sp:Wss11>
> >                     <sp:Trust10
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >                         <wsp:Policy>
> >                             <sp:RequireClientEntropy/>
> >                             <sp:RequireServerEntropy/>
> >                             <sp:MustSupportIssuedTokens/>
> >                         </wsp:Policy>
> >                     </sp:Trust10>
> >                     <ramp:RampartConfig
> > xmlns:ramp="http://ws.apache.org/rampart/policy">
> >                         <ramp:user>service</ramp:user>
> >
> <ramp:encryptionUser>service</ramp:encryptionUser>
> >
> >
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
> >                         </ramp:passwordCallbackClass>
> >
> >                         <ramp:encryptionCypto>
> >                             <ramp:crypto
> > provider="org.apache.ws.security.components.crypto.Merlin">
> >                                 <ramp:property
> >
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> >                                 <ramp:property
> >
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> >                                 <ramp:property
> > name="org.apache.ws.security.crypto.merlin.keystore.password">apache
> >                                 </ramp:property>
> >                             </ramp:crypto>
> >                         </ramp:encryptionCypto>
> >                     </ramp:RampartConfig>
> >
> >                 </wsp:All>
> >             </wsp:ExactlyOne>
> >         </wsp:Policy>
> >     </wsp:PolicyAttachment>
> >     <wsp:PolicyAttachment
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> >         <wsp:AppliesTo>
> >             <policy-subject
> identifier="binding:soap11/operation:echo/out"/>
> >             <policy-subject
> identifier="binding:soap12/operation:echo/out"/>
> >         </wsp:AppliesTo>
> >         <wsp:Policy xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy"
> >
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >                     wsu:Id="SignOnly">
> >             <wsp:ExactlyOne>
> >                 <wsp:All>
> >                     <sp:SymmetricBinding
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >                         <wsp:Policy>
> >                             <sp:ProtectionToken>
> >                                 <wsp:Policy>
> >                                     <sp:X509Token
> >
> > sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> >                                         <wsp:Policy>
> >
> <sp:RequireThumbprintReference/>
> >                                             <sp:WssX509V3Token10/>
> >                                         </wsp:Policy>
> >                                     </sp:X509Token>
> >                                 </wsp:Policy>
> >                             </sp:ProtectionToken>
> >                             <sp:AlgorithmSuite>
> >                                 <wsp:Policy>
> >                                     <sp:Basic256/>
> >                                 </wsp:Policy>
> >                             </sp:AlgorithmSuite>
> >                             <sp:Layout>
> >                                 <wsp:Policy>
> >                                     <sp:Lax/>
> >                                 </wsp:Policy>
> >                             </sp:Layout>
> >                             <sp:IncludeTimestamp/>
> >                             <sp:OnlySignEntireHeadersAndBody/>
> >                         </wsp:Policy>
> >                     </sp:SymmetricBinding>
> >                     <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >                         <sp:Body/>
> >                     </sp:SignedParts>
> >                     <sp:Wss11
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >                         <sp:Policy>
> >                             <sp:MustSupportRefKeyIdentifier/>
> >                             <sp:MustSupportRefIssuerSerial/>
> >                             <sp:MustSupportRefThumbprint/>
> >                             <sp:RequireSignatureConfirmation/>
> >                         </sp:Policy>
> >                     </sp:Wss11>
> >                     <sp:Trust10
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >                         <wsp:Policy>
> >                             <sp:RequireClientEntropy/>
> >                             <sp:RequireServerEntropy/>
> >                             <sp:MustSupportIssuedTokens/>
> >                         </wsp:Policy>
> >                     </sp:Trust10>
> >                     <ramp:RampartConfig
> > xmlns:ramp="http://ws.apache.org/rampart/policy">
> >                     <ramp:user>service</ramp:user>
> >                     <ramp:encryptionUser>service</ramp:encryptionUser>
> >
> >
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
> >                     </ramp:passwordCallbackClass>
> >
> >                     <ramp:signatureCrypto>
> >                         <ramp:crypto
> > provider="org.apache.ws.security.components.crypto.Merlin">
> >                             <ramp:property
> >
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> >                             <ramp:property
> >
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> >                             <ramp:property
> > name="org.apache.ws.security.crypto.merlin.keystore.password">apache
> >                             </ramp:property>
> >                         </ramp:crypto>
> >                     </ramp:signatureCrypto>
> >
> >                 </ramp:RampartConfig>
> >                 </wsp:All>
> >             </wsp:ExactlyOne>
> >         </wsp:Policy>
> >
> >     </wsp:PolicyAttachment>
> >
> > </service>
> >
> >
>

Mime
View raw message