axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: [Axis2] Client side configuration parameters
Date Sat, 08 Apr 2006 02:49:26 GMT
Hi Xinjun,

YES, You can use the same client repo to access different services. In
that case you will have to have differnt axis2.xml file configured to
access different services:

For example,
 - you have two services that require different security configurations.
  - your repo directory is /usr/temp/client_repo
  - you have your configured client's axis2.xml files in
/usr/temp/conig/s1.axis2.xml and
/usr/temp/conig/s2.axis2.xml

Now in your client application you can create two ServiceClients to
access two services with different configuration contexts:

//Create a ctxConfig with s1's config
ConfigurationContext confCtx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("/usr/temp/client_repo
", "/usr/temp/conig/s1.axis2.xml");
ServiceClient serviceClient = new ServiceClient(confCtx, null);

//Make the call to service 1
....
....

//Create a ctxConfig with s2's config
ConfigurationContext confCtx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("/usr/temp/client_repo
", "/usr/temp/conig/s2.axis2.xml");
ServiceClient serviceClient = new ServiceClient(confCtx, null);

//Make the call to service 2
....
....

NOW let me introduce another way of doing this :-) with the SAME
client side axis2.xml where we only have to put <module ref="security"
/> entry in the axis2.xml.

If you include the axis2-security-0.95.jar into your classpath you
will have the  following two classes available:
org.apache.axis2.security.handler.config.InflowConfiguration and
org.apache.axis2.security.handler.config.OutflowConfiguration

You can create instances of these two classes and provide the same
information that you provide in the "InflowSecurity" and
"OutflowSecurity" parameters using the settter methods available
(Example: [2]).

Once you have set the information properly in InflowConfiguration and
OutflowConfiguration instances you can call the getProperty() method
on each one of them and obtain two
org.apache.axis2.description.Parameter instances.

Now you can set these two Parameter objects in the
org.apache.axis2.client.Options object that you set in the service
client as shown below:

Options op = new Options();
op.setsetProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
outflowConfig.getProperty());
op.setProperty(WSSHandlerConstants.INFLOW_SECURITY, inflowConfig.getProperty());

///configure the other parametes in op
...
...

serviceClient.setOptions(op);

Now when  you want to invoke another service with a different security
config you will only have create a provide new Parametes to options
with new configurations. Please note that you will have to call
getProperty again in OutflowConfiguration and InflowConfiguration
objects once you have reconfigured them to get the updated parameter.

Hope this helps :-)

Thanks,
Ruchith

[1] http://svn.apache.org/repository/axis2/jars/axis2-security-0.95.jar
[2] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/integration/test/org/apache/axis2/security/Scenario4Test.java

On 4/7/06, Xinjun Chen <xjchen001@gmail.com> wrote:
> Hi Ruchith,
>
> You are right! When I install my Tomcat, I used the JDK 1.5 though I
> have set JAVA_HOME to JDK 1.4. Now I am using Tomcat 5.5 with JDK 1.4
> (compatibility package installed). I have successfully tested the
> security sample in Axis2 0.95.
> But I have another question. I deployed another web service with
> different InflowSecurity and OutflowSecurity parameters. I can either
> use another client repository or modify the axis2.xml in the
> repository. I am wondering whether it is possible for me to use the
> same client repository for different services.
>
> Regards,
> Xinjun
>
>
> On 4/6/06, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> > Hi Xinjun,
> >
> > Unfortunately the security sample in 0.94 is broken :-(
> >
> > Please try the security sample provided in Axis2 0.95
> > http://ws.apache.org/axis2/download.cgi
> >
> > AND please make sure you use the security sample provided separately
> > in the distribution.
> >
> > BTW looking at your exception trace I think you are using JDK 1.5 and if so
> >  1.) please follow the instructions in "General -> #3" in the Axis2 faq [1].
> >  2.) you will need to have xalan-2.6.jar in the client's classpath
> > and in the axis2/WEB-INF/li dir as well.
> >
> > Thanks,
> > Ruchith
> >
> > [1] http://ws.apache.org/axis2/download.cgi
> >
> > On 4/6/06, Xinjun Chen <xjchen001@gmail.com> wrote:
> > > Hi Ruchith,
> > >
> > > I am really very very grateful to your enlighting explanation and
> > > clarification.
> > > I will go ahead with it. I just tried the security sample with the
> > > attached error message. I have already followed the steps in the
> > > ReadMe file in security sample folder. The following is the snippet of
> > > the error message. The full error message is attached.
> > > I will try Axis2 0.95 security at meanwhile.
> > > The original exception is BadPaddingException. Did i missed something?
> > > As mentioned, I have followed the instruction in the read me file.
> > >
> > >
> > > F:\download\axis2\axis2-std-0.94-bin\samples\security\src>java sample.security.C
> > > lient ..\client_repo 8080
> > > org.apache.axis2.AxisFault: org.apache.axis2.AxisFault: WSDoAllReceiver: securit
> > > y processing failed; nested exception is:
> > >         org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt
data;
> > >  nested exception is:
> > >         org.apache.xml.security.encryption.XMLEncryptionException: pad block
cor
> > > rupted
> > > Original Exception was javax.crypto.BadPaddingException: pad block corrupted
> > >         at org.apache.axis2.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java
> > > :165)
> > >         at org.apache.axis2.engine.Phase.invoke(Phase.java:376)
> > >
> > >
> > > Regards,
> > > Xinjun
> > >
> > >
> > > On 4/6/06, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:
> > > > Hi Xinjun,
> > > >
> > > > Please see my inline comments:
> > > >
> > > > On 4/6/06, Xinjun Chen <xjchen001@gmail.com> wrote:
> > > > > When testing the Axis2 0.94 security module, I have some questions
> > > > > regarding client side configuration. I raised the following question
> > > > > after reading the webpage
> > > > > http://ws.apache.org/axis2/0_94/security-module.html.
> > > >
> > > > I recommend you to use the 0.95 security.mar and please note that the
> > > > Axis2 repository structure is different in 0.95.
> > > >
> > > > >
> > > > > 1. The page mentions that client side configuration parameters can
be
> > > > > set in the axis2.xml of the client's Axis2 repository.
> > > > > My question is is this referring to the directory
> > > > > \axis2-std-0.94-bin\repository\services ?
> > > > > It is initially empty. What will be the root element in the client
> > > > > respository axis2.xml? Could you help me to get some sample client
> > > > > side configuration?
> > > >
> > > > When you have to engage a client side module you will have to use an
> > > > Axis2 repository.
> > > > This repository just have to be a specific directory structure. Following
is the
> > > > Axis2 repository structure for a client if you are using 0.95 or the
> > > > current SVN snapshot.
> > > >
> > > >  repo_dir <- This is the repo directory name and can be anything and
can be
> > > >    |        anywhere in your dick where you have permission :-).
> > > >    |
> > > >   +--conf
> > > >    |       |
> > > >    |      +-- axis2.xml
> > > >    |
> > > >   +--modules  <- This directory contains .mar files
> > > >            |
> > > >           +-- security.mar
> > > >
> > > >
> > > > Now when you create a ServiceClient you can supply the configuration
> > > > context  created using the configured using the repo dir.
> > > >
> > > > If you have a look at the souce of the security sample's client [1]
> > > > you can see how this is done. (lines: 48, 49)
> > > >
> > > > Now the you will have to have following XML entries in the axis2.xml
> > > > that is in the client's repo's conf dir
> > > >
> > > > <!--Enagege the security module -->
> > > >
> > > > <module ref="security" />
> > > >
> > > > <!-- Configure the security module to include a username token in the
msg -->
> > > >
> > > >    <parameter name="OutflowSecurity">
> > > >      <action>
> > > >        <items>UsernameToken</items>
> > > >        <user>your_user_name</user>
> > > >        <passwordCallbackClass>callback.hancler.Class</passwordCallbackClass>
> > > >        <passwordType>PasswordText</passwordType>
> > > >      </action>
> > > >    </parameter>
> > > >
> > > > The above parameter will include a username token in the security
> > > > header in the request message. The username will be "your_user_name"
> > > > and the password will be picked up using the callback.hancler.Class.
> > > > You will have to write this class which is an impl of the
> > > > java.auth.Callback interface. And you will have to set the password
> > > > into the WSPasswordCallback objects that is given into the handle()
> > > > method. Example: [2]
> > > >
> > > > Now you have your client side configured properly :-)
> > > >
> > > > >
> > > > > 2. If a developer only downloaded WAR distribution and put the war
> > > > > inside the Tomcat webapps folder. Can he/she still configure the
> > > > > client side? How?
> > > >
> > > > YES
> > > > The client side it independent from the services and there's no need
> > > > for anyone to use the same repository that is available inside tomcat
> > > > when the war is expanded.
> > > >
> > > > One can configure the services' security by configuring the axis2.xml
> > > > available in the WEB-INF/con dir in the war to include the
> > > > <module ref="security" /> entry AND by including the configuration
> > > > parameters in  each service's services.xml file.
> > > >
> > > > >
> > > > > 3. The page mentioned per service level security configuration. Could
> > > > > you also provided some details? My understanding is that the security
> > > > > configuration (security policy and security information) will be
read
> > > > > by the WSDoAllHandler inside the security.module. I checked both
> > > > > WSDoAllSender and WSDoAllReceiver, but could not figure out where
how
> > > > > can WSDoAllHandler find out the security configuration file.
> > > >
> > > > We do not processes WS-securityPolicy yet. And we use two parameters to
> > > > configure the security module as explained here [3].
> > > > When configuring security for services you can include these elements
in
> > > > in the services.xml of each of those services as children of the document
> > > > element ("service" element). Then each request directed at any of the
> > > > operations of the service are expected to be secured as configured.
> > > >
> > > > HandlerParameterDecoder.processParameters() method is used to extract
> > > > information from these parameters. This is used in both WSDoAll* handlers.
> > > >
> > > > >
> > > > > 4. As for the PasswordCallbackClass, is it possible to use the same
> > > > > PasswordCallbackClass for both client and server if I combine the
> > > > > client and server into the Axis2 installation in Tomcat?
> > > >
> > > > yes
> > > >
> > > > >
> > > > > 5. Does Axis2 security module allow plain username and password for
> > > > > authentication? Can I specify the username and password inside the
> > > > > configuration?
> > > > >
> > > > yes it allows plain text password and the username is anyway plain text.
> > > >
> > > > You will have to specify the username in the configuration parameter
> > > > but you cannot specify the password in the configuration. You will
> > > > have to use the PasswordCallbackClass to provide the password for a
> > > > given username.
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > p.s.
> > > > Once again ... I recommend you to use the 0.95 or the current SVN and
> > > > please note that you will have to include the following jars in the
> > > > client's classpath and if you are using secured services in Tomcat :
> > > > in the axis2/WEB-INF/lib dir:
> > > >
> > > > bcprov-jdk13-131.jar
> > > > commons-discovery-0.2.jar
> > > > wss4j-SNAPSHOT.jar
> > > > xmlsec-1.2.1.jar
> > > >
> > > > [1] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java
> > > > [2] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/PWCallback.java
> > > > [3] http://ws.apache.org/axis2/0_95/security-module.html
> > > >
> > >
> > >
> > >
> >
>

Mime
View raw message