axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jaime Hablutzel Egoavil <hablutz...@gmail.com>
Subject Re: MTOM, DOOM and axis 2
Date Thu, 05 Jan 2012 23:43:09 GMT
OK, the client code that generates *two different signatures* but
transports the equivalent thing over the network is:

*DOOM enabled*

public class BinaryClient {

    public static void main(String[] args) throws Exception {

        ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
"D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
        RPCServiceClient client = new RPCServiceClient(ctx, null);
        Options opts = new Options();
        opts.setAction("ns:echo");
        EndpointReference to = new EndpointReference();
        to.setAddress("http://localhost:8080/anywhere");
        opts.setTo(to);

opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
org.apache.axis2.Constants.VALUE_TRUE);
        //Set the rampart parameters
        opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
getOutflowConfiguration());
        opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
getInflowConfiguration());
       opts.setProperty(WSSHandlerConstants.USE_DOOM,
org.apache.axis2.Constants.VALUE_TRUE);
        client.setOptions(opts);

        //Engage rampart
        client.engageModule("rampart");

        DataHandler dh = new DataHandler(new
FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
        client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
new Object[]{dh});
    }

    public static Parameter getOutflowConfiguration() {
        OutflowConfiguration ofc = new OutflowConfiguration();
        ofc.setActionItems("Signature");
        ofc.setUser("client");
        ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
        ofc.setSignaturePropFile("client.properties");

ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
        ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
        ofc.setEncryptionUser("service");
        return ofc.getProperty();
    }

    public static Parameter getInflowConfiguration() {
        InflowConfiguration ifc = new InflowConfiguration();
        ifc.setActionItems("Signature");
        ifc.setSignaturePropFile("client.properties");
        return ifc.getProperty();
    }

}



*Without DOOM*

public class BinaryClient {

    public static void main(String[] args) throws Exception {

        ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository",
"D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml");
        RPCServiceClient client = new RPCServiceClient(ctx, null);
        Options opts = new Options();
        opts.setAction("ns:echo");
        EndpointReference to = new EndpointReference();
        to.setAddress("http://localhost:8080/anywhere");
        opts.setTo(to);

opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM,
org.apache.axis2.Constants.VALUE_TRUE);
        //Set the rampart parameters
        opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
getOutflowConfiguration());
        opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY,
getInflowConfiguration());
//        opts.setProperty(WSSHandlerConstants.USE_DOOM,
org.apache.axis2.Constants.VALUE_TRUE);
        client.setOptions(opts);

        //Engage rampart
        client.engageModule("rampart");

        DataHandler dh = new DataHandler(new
FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml"));
        client.invokeRobust(new QName("http://client.mtom.sample", "echo"),
new Object[]{dh});
    }

    public static Parameter getOutflowConfiguration() {
        OutflowConfiguration ofc = new OutflowConfiguration();
        ofc.setActionItems("Signature");
        ofc.setUser("client");
        ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler");
        ofc.setSignaturePropFile("client.properties");

ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
        ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
        ofc.setEncryptionUser("service");
        return ofc.getProperty();
    }

    public static Parameter getInflowConfiguration() {
        InflowConfiguration ifc = new InflowConfiguration();
        ifc.setActionItems("Signature");
        ifc.setSignaturePropFile("client.properties");
        return ifc.getProperty();
    }

}


*And given that the server after canonicalization will only expect one type
of signature it fails.*



On Thu, Dec 29, 2011 at 1:26 PM, Andreas Veithen
<andreas.veithen@gmail.com>wrote:

> Can you sent use the code that produces the message causing the
> problems, including everything you do to configure Rampart? That
> should allow us to reproduce the problem.
>
> Andreas
>
> On Thu, Dec 29, 2011 at 17:16, Jaime Hablutzel Egoavil
> <hablutzel1@gmail.com> wrote:
> > Axis 1.6.1, rampart 1.6.1, axiom 1.2.12
> > By the way I discovered that this problem only arises when using
> >
> > client.invokeRobust(new QName("http://client.mtom.sample", "echo"), new
> > Object[]{dh});
> >
> > And not with
> >
> >  client.sendReceive(elem)
> >
> > And I'm looking that the first one creates
> >
> > <soapenv:Body
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
> > xmlns=""><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include"
> > href="cid:0710aab4c96720a1886956170b3b109376c02d3e09c5233e@apache.org"
> > /></arg0></echo></soapenv:Body>
> >
> > And the second one:
> >
> > <soapenv:Body
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> > wsu:Id="id-2"><ns1:echo
> > xmlns:ns1="http://client.mtom.sample"><arg0><xop:Include
> > xmlns:xop="http://www.w3.org/2004/08/xop/include"
> > href="cid:ff5f2e1026b6fe4b08a45687431ea67221606586a337e626@apache.org"
> > /></arg0></ns1:echo></soapenv:Body>
> >
> >
> > Anyway using the second it is working but with the first the stripped
> > xmlns="" makes the signature value different so the server after
> > canonicalization produces a different value and validation fails
> >
> > On Thu, Dec 29, 2011 at 4:31 AM, Andreas Veithen <
> andreas.veithen@gmail.com>
> > wrote:
> >>
> >> What are the Axis2, Rampart and Axiom versions that you are using?
> >>
> >> Andreas
> >>
> >> On Tue, Dec 27, 2011 at 23:18, Jaime Hablutzel Egoavil
> >> <hablutzel1@gmail.com> wrote:
> >> > Hi I want to post an apparent bug when DOOM option is activated in the
> >> > client, so the SOAP message include xop:Include even when using
> >> > WS-Signature
> >> > and doesn't send the message in base64, this way getting advantage of
> >> > MTOM.
> >> >
> >> > When using DOOM the canonicalized data to create the digest is:
> >> >
> >> > <soapenv:Body xmlns:soapenv="
> http://schemas.xmlsoap.org/soap/envelope/"
> >> >
> >> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >> > wsu:Id="id-2"><echo
> >> >
> >> > xmlns="http://client.mtom.sample
> "><arg0>b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
> >> >
> >> > But when DOOM is disabled the data is:
> >> >
> >> > <soapenv:Body xmlns:soapenv="
> http://schemas.xmlsoap.org/soap/envelope/"
> >> >
> >> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
> >> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample"><arg0
> >> >
> >> >
> xmlns="">b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body>
> >> >
> >> > Look at the difference in red color. This causes the digest value to
> be
> >> > different so the server gets confused and is unable to validate the
> >> > signature when using DOOM in the client. A workaround seems to be to
> use
> >> > only namespaced elements so the xmlns="" doesn't get generated never.
> >> >
> >> > I would like to know if someone has reached this problem when using
> MTOM
> >> > +
> >> > WS-Signature in axis 2.
> >> >
> >> > Other thing, DOOM option is not really well documented anywhere in
> axis2
> >> > website and I just found that it was available to make real MTOM with
> >> > WS-Signature debugging the source code for three days u.u.
> >> >
> >> > Good bye
> >> >
> >> >
> >> >
> >> > --
> >> > Jaime Hablutzel - 9-9956-3299
> >> >
> >> > (tildes omitidas intencionalmente)
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> >> For additional commands, e-mail: java-dev-help@axis.apache.org
> >>
> >
> >
> >
> > --
> > Jaime Hablutzel - 9-9956-3299
> >
> > (tildes omitidas intencionalmente)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
> For additional commands, e-mail: java-dev-help@axis.apache.org
>
>


-- 
Jaime Hablutzel - 9-9956-3299

(tildes omitidas intencionalmente)

Mime
View raw message