axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sahni, Anurag" <anurag_sa...@uhc.com>
Subject RE: issue with Rampart
Date Tue, 30 Oct 2012 08:13:52 GMT
hi 

 

I will be using X509 tokens for signing my request and I am not encrypting those.

 

Moreover I am using aSymmetric binding  (if that has to do anything with this issue)

I have already specified security policy namspace in my policy.xml 

 

Is Rampart compatiable with Websphere and what versions of Rampart and Axis2 ar compatiable.

 

Regards

Anurag Sahni

 

 

From: Martin Gainty [mailto:mgainty@hotmail.com] 
Sent: Friday, October 26, 2012 5:43 PM
To: java-dev@axis.apache.org
Subject: RE: issue with Rampart

 

somewhere in your client code you have a reqest for a security token
Token responseToken = stsClient.requestSecurityToken(loadPolicy("policy.xml"), "http://localhost:8080/axis2/services/STS",
loadPolicy("sts_policy.xml"), null);

as the policy.xml is located locally we can examine the namespace assignments from policy.xml

<wsp:Policy wsu:Id="SgnOnlyAnonymous"
        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
        xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
        xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
        xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SymmetricBinding>
                <wsp:Policy>
                    <sp:ProtectionToken>
                        <wsp:Policy>
                            <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference/>
                                    <sp:WssX509V3Token10/>
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:ProtectionToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic256/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Lax/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                    <sp:OnlySignEntireHeadersAndBody/>
                </wsp:Policy>
            </sp:SymmetricBinding>
            <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <wsp:Policy>
                        <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                            <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                                <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/STS</Address>
                            </Issuer>
                            <sp:RequestSecurityTokenTemplate>
                                <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
                                <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
                                <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
                            </sp:RequestSecurityTokenTemplate>
                            <wsp:Policy>
                                <sp:RequireInternalReference/>
                            </wsp:Policy>
                        </sp:IssuedToken>
                    </wsp:Policy>
             </sp:SupportingTokens>
            <sp:SignedParts>
                <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
                <sp:Body/>
            </sp:SignedParts>
            <sp:Wss11>
                <wsp:Policy>
                    <sp:MustSupportRefKeyIdentifier/>
                    <sp:MustSupportRefIssuerSerial/>
                    <sp:MustSupportRefThumbprint/>
                    <sp:MustSupportRefEncryptedKey/>
                <sp:RequireSignatureConfirmation/>
                </wsp:Policy>
            </sp:Wss11>
            <sp:Trust10>
                <wsp:Policy>
                    <sp:MustSupportIssuedTokens/>
                    <sp:RequireClientEntropy/>
                    <sp:RequireServerEntropy/>
                </wsp:Policy>
            </sp:Trust10>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

notice the namespace assignment for the encompassing Policy element is
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"

if we looked at the policy.xml you are referencing in client code would we see a non-null
namespace assignment?
Martin 
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité


Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire
prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe
quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information
seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les
email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune
responsabilité pour le contenu fourni.





________________________________

Subject: issue with Rampart
Date: Fri, 26 Oct 2012 05:49:58 -0500
From: anurag_sahni@uhc.com
To: java-dev@axis.apache.org

Hi I am facing this error on client side.

Not able to invoke Rampart correctly 

 

My policy is attached herewith .

 

I am using Rampart 1.6.0 and Axis2  version 1.5

I am runing it on IBM Websphere 7 and getting this error 

 

[10/22/12 2:41:32:909 CDT] 00000033 SystemErr     R java.lang.RuntimeException: Undefined
'Security policy namespace cannot be null.' resource property

[10/22/12 2:41:32:910 CDT] 00000033 SystemErr     R     at org.apache.rampart.RampartException.getMessage(RampartException.java:81)

[10/22/12 2:41:32:910 CDT] 00000033 SystemErr     R     at org.apache.rampart.RampartException.<init>(RampartException.java:41)

[10/22/12 2:41:32:910 CDT] 00000033 SystemErr     R     at org.apache.rampart.RampartException.<init>(RampartException.java:57)

[10/22/12 2:41:32:911 CDT] 00000033 SystemErr     R     at org.apache.rampart.RampartMessageData.setWSSecurityVersions(RampartMessageData.java:373)

[10/22/12 2:41:32:911 CDT] 00000033 SystemErr     R     at org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:261)

[10/22/12 2:41:32:911 CDT] 00000033 SystemErr     R     at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61)

[10/22/12 2:41:32:911 CDT] 00000033 SystemErr     R     at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)

[10/22/12 2:41:32:911 CDT] 00000033 SystemErr     R     at org.apache.axis2.engine.Phase.invoke(Phase.java:318)

[10/22/12 2:41:32:911 CDT] 00000033 SystemErr     R     at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:347)

[10/22/12 2:41:32:912 CDT] 00000033 SystemErr     R     at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:512)

[10/22/12 2:41:32:912 CDT] 00000033 SystemErr     R     at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:401)

[10/22/12 2:41:32:912 CDT] 00000033 SystemErr     R     at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)

[10/22/12 2:41:32:912 CDT] 00000033 SystemErr     R     at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)

[10/22/12 2:41:32:912 CDT] 00000033 SystemErr     R     at searchregionplanmediation.searchregionplan.SearchRegionPlanExport_SearchRegionPlanHttpServiceStub.searchRegionPlan(SearchRegionPlanExport_SearchRegionPlanHttpServiceStub.java:190)

[10/22/12 2:41:32:912 CDT] 00000033 SystemErr     R     at com.uhg.uhc.employerportal.transactions.gps.esb.serviceimpl.SearchRegionPlanService.prepareSearchRegionPlanResponse(SearchRegionPlanService.java:139)

[10/22/12 2:41:32:913 CDT] 00000033 SystemErr     R     at com.uhg.uhc.employerportal.transactions.gps.esb.serviceimpl.SearchRegionPlanService.getSearchRegionPlan(SearchRegionPlanService.java:110)

[10/22/12 2:41:32:913 CDT] 00000033 SystemErr     R     at com.uhg.uhc.employerportal.transactions.gps.GPSSearchRegionPlan.invoke(GPSSearchRegionPlan.java:165)

[10/22/12 2:41:32:913 CDT] 00000033 SystemErr     R     at com.uhg.uhc.employerportal.transactions.tools.AuditService.doAudit(AuditService.java:361)

 

 

Is it a bug in Rampart or some compatibility issue with Websphere 7.5???

 

 

Regards

Anurag Sahni


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

Mime
View raw message