axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: Axis2: Checking signed SOAP requests with Rampart...
Date Wed, 14 Jun 2006 04:36:06 GMT
Hi,

You have a slight typo in the rampart configuration parameter.

>  <parameter name="InFlowSecurity">

The above should change to <parameter name="InflowSecurity">
Note that the third letter of the parameter name is lower case 'f'.

Also since you only expect Timestamp and Signature (and no encryption)
the action/items should not have 'Encrypt' in it. Therefore it should
change to:
<items>Timestamp Signature</items>

Thanks,
Ruchith

---------- Forwarded message ----------
From: Johan Roch <jroch@hotmail.com>
Date: Jun 13, 2006 9:17 PM
Subject: Axis2: Checking signed SOAP requests with Rampart...
To: axis-user@ws.apache.org



Hello,

I would like to check security for incoming soap requests at server side
using the Rampart module(Axis 2). I have an existing client that sends
signed SOAP requests(no encryption).
The problem is that the signature is never checked. I can see this in the
log(debug level):

DEBUG - Phase.invoke(372) | Invoking phase "Security"
DEBUG - Phase.invoke(379) | Invoking Handler 'SecurityInHandler' in Phase
'Security'
DEBUG - WSDoAllReceiver.processMessage(92) | WSDoAllReceiver: enter invoke()
DEBUG - Phase.invoke(392) | Checking post-conditions for phase "Security"
DEBUG - Phase.invoke(362) | Checking pre-condition for Phase "PreDispatch"
DEBUG - Phase.invoke(372) | Invoking phase "PreDispatch"
DEBUG - Phase.invoke(379) | Invoking Handler 'AddressingFinalInHandler' in
Phase 'PreDispatch'
DEBUG - AddressingInHandler.invoke(71) | Starting WS-Addressing Final IN
handler ...
DEBUG - AddressingInHandler.invoke(87) | No Headers present corresponding to
WS-Addressing Final
DEBUG - Phase.invoke(379) | Invoking Handler 'AddressingSubmissionInHandler'
in Phase 'PreDispatch'
DEBUG - AddressingInHandler.invoke(71) | Starting WS-Addressing Submission
IN handler ...
DEBUG - AddressingInHandler.invoke(87) | No Headers present corresponding to
WS-Addressing Submission


It seems that the handler is invoked but the security headers are not found.
Is there something wrong with my request below?

Thx in advance.
Johan.

<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
mustUnderstand="1" soapenv:actor="">
<wsse:BinarySecurityToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="Id-ref2VerifySignature"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">MIIDjjCCAnagAwIBAgILAQAAAAABAxNSI6QwDQYJKoZIhvcNAQEFBQAwJTELMAkGA1UEBhMCQkUx
FjAUBgNVBAMTDUdvdmVybm1lbnQgQ0EwHhcNMDUwNDA1MTcwNDM5WhcNMDYwNDA1MTcwNDM5WjBE
MQswCQYDVQQGEwJCRTEQMA4GA1UEAxMHRlJOQi5CRTEUMBIGA1UEChMLNDA5LjM1Ny4zMjExDTAL
BgNVBAsTBEZSTkIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp1VEDpvYhctJp+agiQdpzsWsC6zI
nIUo7EkrIGQEbrI1COcvLIsQp3CN10sHAhOkFIu0A+H+onJ2XgTEt2FAhwIDAQABo4IBZjCCAWIw
RAYDVR0gBD0wOzA5BgdgOAEBAQMDMC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LmVp
ZC5iZWxnaXVtLmJlMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBT1Qdziis6XVgXoU2dG1/RP
Z7J2DzAdBgNVHQ4EFgQUXiuc2/NDXnAqbnoTGE1JHzTX0VAwPQYDVR0fBDYwNDAyoDCgLoYsaHR0
cDovL2NybC5laWQuYmVsZ2l1bS5iZS9nb3Zlcm5tZW50MjAwNS5jcmwwCQYDVR0TBAIwADARBglg
hkgBhvhCAQEEBAMCBLAwbQYIKwYBBQUHAQEEYTBfMDUGCCsGAQUFBzAChilodHRwOi8vY2VydHMu
ZWlkLmJlbGdpdW0uYmUvYmVsZ2l1bXJzLmNydDAmBggrBgEFBQcwAYYaaHR0cDovL29jc3AuZWlk
LmJlbGdpdW0uYmUwDQYJKoZIhvcNAQEFBQADggEBABOqebsV63FaY1Ekf5TS9WufW4+zJRe3BOZs
ZUGPMFUJs65nWsjlzMtOHS3wfyReq01uIG2HQkZ0XK+/NJ56Xh+xJNywgbo9mxRhCBgTUqSM/feT
uYPrZAB1O7QHEH4PLoDNtJtZ8+Zz+GXfARLS5AMSfjqtxwvj4+Pgt6HAuxHb/4mDS1C4xFQNZhZR
+XkFtFku1AjN9cXQMFN6vtmYKhwduPj6yxtE4wmnZ559V9DyFLi/feonoA1/H1vIwAGWbhYIjEDG
yApoBEBoGkpHvoWeoQRWwiRf9WGIbLZ5Mcq1SFGPF06+4kkYmJUnPNtXT3yO2hHBP8c4ftXsrgHu
iBo=</wsse:BinarySecurityToken><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
<ds:Reference URI="#id-21826773">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>iLwjzNrDGK562cdtEMfDi0mALgM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
gLziQrLd7oAAxd67IChIDKgImRuPbKrLe0ZuyIa+fFesfrZFuCc643Q6lfTMs0rXXYEU3btQdEpQ
CQObiTCH1A==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-1899108">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="STRId-8047015"><wsse:Reference URI="#Id-ref2VerifySignature"
/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2006-06-13T15:31:03Z</wsu:Created><wsu:Expires>2006-06-13T15:31:03Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header><soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-21826773"><fphp100
xmlns="http://fsb.belgium.be/prove"><ns1:fphp100
xmlns:ns1="http://fsb.belgium.be/prove/fphp100"><ns2:notary
xmlns:ns2="http://fsb.belgium.be/prove/notary"><ns2:office_id>217063</ns2:office_id><ns2:lang>fr</ns2:lang><ns2:nrn>60052301706</ns2:nrn><ns2:num_kbo_not>0477430931</ns2:num_kbo_not><ns2:num_kbo_fed>0409357321</ns2:num_kbo_fed></ns2:notary><ns1:person><ns1:last_name>r</ns1:last_name><ns1:birth_date_year>1977</ns1:birth_date_year></ns1:person></ns1:fphp100></fphp100></soapenv:Body></soapenv:Envelope>

Services.xml:

<serviceGroup>
        <service name="findPerson">
        <messageReceivers>
                <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
class="com.notary.fphp.FindPersonMessageReceiverInOut"/>
        </messageReceivers>
        <parameter name="ServiceClass" locked="false">
                com.notary.fphp.FindPersonSkeleton
        </parameter>

        <parameter name="InFlowSecurity">
                <action>
                        <items>Timestamp Signature Encrypt</items>

<signaturePropFile>interop.properties</signaturePropFile>
                </action>
        </parameter>

        <operation name="fphp100" mep="http://www.w3.org/2004/08/wsdl/in-out">

<actionMapping>http://fsb.belgium.be/prove/fphp100</actionMapping>
        </operation>
        <operation name="testSOAPFault"
mep="http://www.w3.org/2004/08/wsdl/in-out">

<actionMapping>http://fsb.belgium.be/prove/testSOAPFault</actionMapping>
        </operation>
        <operation name="ping" mep="http://www.w3.org/2004/08/wsdl/in-out">
                <actionMapping>http://fsb.belgium.be/prove/ping</actionMapping>
        </operation>
</service>
</serviceGroup>

interop.properties:

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=changeit
org.apache.ws.security.crypto.merlin.file=D:/WebServices/keystore/testKeystore



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message