axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Baldwin" <boome...@gmail.com>
Subject Re: [Axis2] accessing a policy-secured webservice using a WSDL2Java client
Date Thu, 26 Jul 2007 19:11:03 GMT
thank you for the reply, Amila.

The example you provided is basically what I'm using, however I'm now
getting the error "Could not validate signature using any of the supported
token types"

I compared the weblogic debug logs when I hit it with a clientgen client
(works) and with my Axis2 client (not working)...everything seems almost
exact.  The encryption algorithms listed are exactly the same, so its not
like I'm trying to use a different signature algorithm with Axis2.
The weblogic logs show that both the clientgen client and Axis2 client send
a signed timestamp, signed body, and signed token.  The weblogic log with
the clientgen client however shows that it continues on with a message about
'trying to validate identity assertion token ~ x509'  and that all works and
the client is allowed to connect.

I went so far as to modify my webService to remove the Auth policy leaving
only the Sign policy.  I then tried Axis2 again and got the same error about
'could not validate signature using any of the supported token types'.

I greatly appreciate your response to my earlier message and I hope you can
help me debug this problem.
Brian


On 7/26/07, Amila Suriarachchi <amilasuriarachchi@gmail.com> wrote:
>
> this is what you can do with the Axis2 and rampart
>
> first geneate the code using wsdl2java tool use -u and -g options as well.
>
> then get a rampart distribution and put all requried libs to the class
> path (these comes with the rampart distributtion) and put the .mar files to
> the repository modules.
>
> Install full strength security jars (with out this some security
> assertions does not work)
>
> write the client code like this
>
> ConfigurationContext confContext =
>
> ConfigurationContextFactory.createConfigurationContextFromFileSystem(AXIS2_REPOSITORY,
AXIS2_XML);
>         stub = new
> PingService10MutualCertificate10SignEncrypt_IPingServiceStub(confContext);
>         stub._getServiceClient().engageModule("rampart");
>
>        // set the rampart config properties correctly
>         CryptoConfig signcriptoInfo = new CryptoConfig();
>         signcriptoInfo.setProvider(Merlin.class.getName());
>         Properties properties = new Properties();
>         properties.setProperty("
> org.apache.ws.security.crypto.merlin.keystore.type ", "JKS");
>         properties.setProperty("org.apache.ws.security.crypto.merlin.file",
> "security_client_wcf/conf/sec.jks");
>         properties.setProperty("
> org.apache.ws.security.crypto.merlin.keystore.password ", "password");
>         signcriptoInfo.setProp(properties);
>
>         CryptoConfig encriptcriptoInfo = new CryptoConfig();
>         encriptcriptoInfo.setProp(properties);
>         encriptcriptoInfo.setProvider (Merlin.class.getName());
>
>         RampartConfig config = new RampartConfig();
>         config.setUser("alice");
>         config.setEncryptionUser("bob");
>         config.setPwCbClass(" util.PasswordCallbackHandler");
>         config.setSigCryptoConfig(signcriptoInfo);
>         config.setEncrCryptoConfig(encriptcriptoInfo);
>
>         ramapConfigPolicy = new Policy();
>         ramapConfigPolicy.addAssertion (config);
>
> try {
>
> stub._getServiceClient().getAxisService().getPolicyInclude().addPolicyElement(
>                     PolicyInclude.ANON_POLICY, ramapConfigPolicy);
>             String result = stub.echo ("Test String");
>             System.out.println("Result ==> " + result);
>         } catch (RemoteException e) {
>             e.printStackTrace();
>         }
>
>
> here stub refers to your generated stub.
> AXIS2_REPOSITORY refers to your axis2 repository. this should have the
> rampart mar files.
>
> here you have to set the key store, user names and passwords as given
> above.
>
> You may have a password callback class like this with the correct user
> names and passwords.
>
> public class PasswordCallbackHandler implements CallbackHandler {
>
>     public void handle(Callback[] callbacks) throws IOException,
>             UnsupportedCallbackException {
>         for (int i = 0; i < callbacks.length; i++) {
>             WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
>             String id = pwcb.getIdentifer();
>             if ("alice".equals(id)) {
>                 pwcb.setPassword ("ecila");
>             } else if ("bob".equals(id)) {
>                 pwcb.setPassword("bob");
>             }
>         }
>     }
> }
>
> thanks,
> Amila.
>
>
>
> On 7/26/07, Brian Baldwin <boomerb1@gmail.com> wrote:
> >
> > I've been using Axis1.x to access my webservice using WSDL2Java
> > generated
> > stubs...works great...I use the Locator class.
> >
> > I've modified my webservice to use WS-Policy directives (Sign and Auth).
> > The WSDL has changed as expected to include the <wsp:policy> elements
> > for
> > Sign and Auth.
> >
> > Do I need to use Axis2/Rampart to generate the client stubs and apply
> > the
> > encryption now that my webservice is using WS-Policy directives?
> > Is there an example for using Axis/Axis2 to access a policy-enabled web
> > service?
> >
> > My webservice is deployed to WLS 9.2 and I can use weblogic's
> > clientgen-generated stubs to encrypt and digitally-sign the
> > message.  However, I would like my clients to be able to use Axis.
> > I've been trying to use Axis2/Rampart but can't get it working.
> > I've been getting an 'InvalidKeyException:  Wrong key usage'.
> >
> > Follow on question would be with WS-Policy Auth.xml does that mean I
> > should
> > use the Encrypt item in the OutflowSecurity parameter for Rampart?  Does
> > WS-Policy Sign.xml map to the Signature item in OutflowSecurity?  What
> > WS-Policy would cause me to need to use the Timestamp item in
> > OutflowSecurity?
> >
> > Thank you in advance
> > Brian
> >
>
>
>
> --
> Amila Suriarachchi,
> WSO2 Inc.

Mime
View raw message