axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: [Axis2] Client side configuration parameters
Date Thu, 06 Apr 2006 13:20:45 GMT
Hi Xinjun,

Unfortunately the security sample in 0.94 is broken :-(

Please try the security sample provided in Axis2 0.95
http://ws.apache.org/axis2/download.cgi

AND please make sure you use the security sample provided separately
in the distribution.

BTW looking at your exception trace I think you are using JDK 1.5 and if so
  1.) please follow the instructions in "General -> #3" in the Axis2 faq [1].
  2.) you will need to have xalan-2.6.jar in the client's classpath
and in the axis2/WEB-INF/li dir as well.

Thanks,
Ruchith

[1] http://ws.apache.org/axis2/download.cgi

On 4/6/06, Xinjun Chen <xjchen001@gmail.com> wrote:
> Hi Ruchith,
>
> I am really very very grateful to your enlighting explanation and
> clarification.
> I will go ahead with it. I just tried the security sample with the
> attached error message. I have already followed the steps in the
> ReadMe file in security sample folder. The following is the snippet of
> the error message. The full error message is attached.
> I will try Axis2 0.95 security at meanwhile.
> The original exception is BadPaddingException. Did i missed something?
> As mentioned, I have followed the instruction in the read me file.
>
>
> F:\download\axis2\axis2-std-0.94-bin\samples\security\src>java sample.security.C
> lient ..\client_repo 8080
> org.apache.axis2.AxisFault: org.apache.axis2.AxisFault: WSDoAllReceiver: securit
> y processing failed; nested exception is:
>         org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
>  nested exception is:
>         org.apache.xml.security.encryption.XMLEncryptionException: pad block cor
> rupted
> Original Exception was javax.crypto.BadPaddingException: pad block corrupted
>         at org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
> :165)
>         at org.apache.axis2.engine.Phase.invoke(Phase.java:376)
>
>
> Regards,
> Xinjun
>
>
> On 4/6/06, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> > Hi Xinjun,
> >
> > Please see my inline comments:
> >
> > On 4/6/06, Xinjun Chen <xjchen001@gmail.com> wrote:
> > > When testing the Axis2 0.94 security module, I have some questions
> > > regarding client side configuration. I raised the following question
> > > after reading the webpage
> > > http://ws.apache.org/axis2/0_94/security-module.html.
> >
> > I recommend you to use the 0.95 security.mar and please note that the
> > Axis2 repository structure is different in 0.95.
> >
> > >
> > > 1. The page mentions that client side configuration parameters can be
> > > set in the axis2.xml of the client's Axis2 repository.
> > > My question is is this referring to the directory
> > > \axis2-std-0.94-bin\repository\services ?
> > > It is initially empty. What will be the root element in the client
> > > respository axis2.xml? Could you help me to get some sample client
> > > side configuration?
> >
> > When you have to engage a client side module you will have to use an
> > Axis2 repository.
> > This repository just have to be a specific directory structure. Following is the
> > Axis2 repository structure for a client if you are using 0.95 or the
> > current SVN snapshot.
> >
> >  repo_dir <- This is the repo directory name and can be anything and can be
> >    |        anywhere in your dick where you have permission :-).
> >    |
> >   +--conf
> >    |       |
> >    |      +-- axis2.xml
> >    |
> >   +--modules  <- This directory contains .mar files
> >            |
> >           +-- security.mar
> >
> >
> > Now when you create a ServiceClient you can supply the configuration
> > context  created using the configured using the repo dir.
> >
> > If you have a look at the souce of the security sample's client [1]
> > you can see how this is done. (lines: 48, 49)
> >
> > Now the you will have to have following XML entries in the axis2.xml
> > that is in the client's repo's conf dir
> >
> > <!--Enagege the security module -->
> >
> > <module ref="security" />
> >
> > <!-- Configure the security module to include a username token in the msg -->
> >
> >    <parameter name="OutflowSecurity">
> >      <action>
> >        <items>UsernameToken</items>
> >        <user>your_user_name</user>
> >        <passwordCallbackClass>callback.hancler.Class</passwordCallbackClass>
> >        <passwordType>PasswordText</passwordType>
> >      </action>
> >    </parameter>
> >
> > The above parameter will include a username token in the security
> > header in the request message. The username will be "your_user_name"
> > and the password will be picked up using the callback.hancler.Class.
> > You will have to write this class which is an impl of the
> > java.auth.Callback interface. And you will have to set the password
> > into the WSPasswordCallback objects that is given into the handle()
> > method. Example: [2]
> >
> > Now you have your client side configured properly :-)
> >
> > >
> > > 2. If a developer only downloaded WAR distribution and put the war
> > > inside the Tomcat webapps folder. Can he/she still configure the
> > > client side? How?
> >
> > YES
> > The client side it independent from the services and there's no need
> > for anyone to use the same repository that is available inside tomcat
> > when the war is expanded.
> >
> > One can configure the services' security by configuring the axis2.xml
> > available in the WEB-INF/con dir in the war to include the
> > <module ref="security" /> entry AND by including the configuration
> > parameters in  each service's services.xml file.
> >
> > >
> > > 3. The page mentioned per service level security configuration. Could
> > > you also provided some details? My understanding is that the security
> > > configuration (security policy and security information) will be read
> > > by the WSDoAllHandler inside the security.module. I checked both
> > > WSDoAllSender and WSDoAllReceiver, but could not figure out where how
> > > can WSDoAllHandler find out the security configuration file.
> >
> > We do not processes WS-securityPolicy yet. And we use two parameters to
> > configure the security module as explained here [3].
> > When configuring security for services you can include these elements in
> > in the services.xml of each of those services as children of the document
> > element ("service" element). Then each request directed at any of the
> > operations of the service are expected to be secured as configured.
> >
> > HandlerParameterDecoder.processParameters() method is used to extract
> > information from these parameters. This is used in both WSDoAll* handlers.
> >
> > >
> > > 4. As for the PasswordCallbackClass, is it possible to use the same
> > > PasswordCallbackClass for both client and server if I combine the
> > > client and server into the Axis2 installation in Tomcat?
> >
> > yes
> >
> > >
> > > 5. Does Axis2 security module allow plain username and password for
> > > authentication? Can I specify the username and password inside the
> > > configuration?
> > >
> > yes it allows plain text password and the username is anyway plain text.
> >
> > You will have to specify the username in the configuration parameter
> > but you cannot specify the password in the configuration. You will
> > have to use the PasswordCallbackClass to provide the password for a
> > given username.
> >
> > Thanks,
> > Ruchith
> >
> > p.s.
> > Once again ... I recommend you to use the 0.95 or the current SVN and
> > please note that you will have to include the following jars in the
> > client's classpath and if you are using secured services in Tomcat :
> > in the axis2/WEB-INF/lib dir:
> >
> > bcprov-jdk13-131.jar
> > commons-discovery-0.2.jar
> > wss4j-SNAPSHOT.jar
> > xmlsec-1.2.1.jar
> >
> > [1] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java
> > [2] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/PWCallback.java
> > [3] http://ws.apache.org/axis2/0_95/security-module.html
> >
>
>
>

Mime
View raw message