axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rachel Primrose" <rachel.primr...@gmail.com>
Subject Re: General security error (Unexpected number of X509Data: for Signature)
Date Thu, 06 Dec 2007 20:26:40 GMT
Ah I finally got it working this way.  I was trying:

Options opt=new Options();
opt.setFrom(new EndpointReference("
https://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous"));
statusPort._getServiceClient().setOptions(opt);

it worked using this:

statusPort._getServiceClient().getOptions().setFrom(new EndpointReference("
https://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous"));

Thanks again!


On Dec 6, 2007 6:37 PM, Ruchith Fernando <ruchith.fernando@gmail.com> wrote:

> Please try using the setFrom() method in the Options[1] instance of
> the ServiceClient[2].
>
> Thanks,
> Ruchith
>
> 1.
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/client/Options.java
> 2.
> https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/client/ServiceClient.java
>
> On Dec 6, 2007 8:20 AM, Rachel Primrose <rachel.primrose@gmail.com> wrote:
> > Actually, all is going well.
> >
> > However, the server that I'm sending requests to requires a From field
> > in the addressing headers.
> >
> > I've been googling for about two hours, and can't seem to find a
> > solution for this.
> >
> > Here is my current axis2.xml (well the important parts)
> >
> > <axisconfig name="AxisJava2.0">
> >         <parameter name="enableNamespacePrefixOptimization"
> value="false"/>
> >         <parameter name="addressing.setMustUnderstand" value="false" />
> >         <parameter name="axis.sendMinimizedElements" value="false" />
> >         <parameter name="addressing.namespace.URI"
> > value="http://schemas.xmlsoap.org/ws/2004/03/addressing"/>
> >         <parameter name="addressing.sendReplyTo" value="true"/>
> >         <parameter name="addressing.sendFrom" value="true"/>
> >         <parameter name="disablePrettyXML" value="true"/>
> >
> >     <!-- Engage the addressing module -->
> >     <module ref="addressing"/>
> >     <moduleConfig name="addressing">
> >                 <parameter name="addressing.sendFrom">true</parameter>
> >         </moduleConfig>
> >
> >     <!-- Engage the security module -->
> >     <module ref="rampart"/>
> >
> >     <parameter name="OutflowSecurity">
> >       <action>
> >         <items>Timestamp Signature</items>
> >         <user>wow</user>
> >         <passwordCallbackClass>nz.co.maxnet.oot.utils.PWCallback
> </passwordCallbackClass>
> >         <signaturePropFile>wow.properties</signaturePropFile>
> >         <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> >         <!-- <signatureParts>
> >                       {Element}{
> http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7DBody>
> ;
> >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}Action<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DAction>
> ;
> >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DMessageID>
> ;
> >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}To<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DTo>
> ;
> >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}From<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DFrom>
> ;
> >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DReplyTo>
> ;
> >                       {Element}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd%7DTimestamp>
> "
> >                 </signatureParts> -->
> >       </action>
> >     </parameter>
> >
> >     <parameter name="InflowSecurity">
> >                 <action>
> >                         <items>Timestamp Signature Encrypt</items>
> >                         <passwordCallbackClass>
> nz.co.maxnet.oot.utils.PWCallback</passwordCallbackClass>
> >                         <signaturePropFile>wow.properties
> </signaturePropFile>
> >                 </action>
> >          </parameter>
> >
> >    <transportSender name="https"
> >
> > class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
> >         <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> >         <parameter name="Transfer-Encoding"
> locked="false">chunked</parameter>
> >     </transportSender>
> >
> >    <phaseOrder type="InFlow">
> >         <!--  System pre defined phases       -->
> >         <phase name="Transport">
> >             <handler name="RequestURIBasedDispatcher"
> >                      class="
> org.apache.axis2.engine.RequestURIBasedDispatcher">
> >                 <order phase="Transport"/>
> >             </handler>
> >             <handler name="SOAPActionBasedDispatcher"
> >                      class="
> org.apache.axis2.engine.SOAPActionBasedDispatcher">
> >                 <order phase="Transport"/>
> >             </handler>
> >         </phase>
> >         <phase name="Addressing">
> >                         <handler name="AddressingBasedDispatcher"
> > class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
> >                                 <order phase="Addressing" />
> >                         </handler>
> >                 </phase>
> >         <phase name="Security"/>
> >         <phase name="PreDispatch"/>
> >         <phase name="Dispatch" class="
> org.apache.axis2.engine.DispatchPhase">
> >             <handler name="SOAPMessageBodyBasedDispatcher"
> >
> > class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
> >                 <order phase="Dispatch"/>
> >             </handler>
> >             <handler name="InstanceDispatcher"
> >                      class="org.apache.axis2.engine.InstanceDispatcher">
> >                 <order phase="Dispatch"/>
> >             </handler>
> >         </phase>
> >         <!--  System pre defined phases       -->
> >         <!--   After Postdispatch phase module author or or service
> > author can add any phase he want      -->
> >         <phase name="OperationInPhase"/>
> >         <phase name="soapmonitorPhase"/>
> >     </phaseOrder>
> >     <phaseOrder type="OutFlow">
> >         <phase name="Addressing">
> >                         <handler name="AddressingBasedDispatcher"
> > class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
> >                                 <order phase="Addressing" />
> >                         </handler>
> >                 </phase>
> >         <phase name="soapmonitorPhase"/>
> >         <phase name="OperationOutPhase"/>
> >         <!--system predefined phase-->
> >         <!--these phase will run irrespective of the service-->
> >         <phase name="PolicyDetermination"/>
> >         <phase name="MessageOut"/>
> >         <phase name="Security"/>
> >     </phaseOrder>
> >
> > As always, any help is appreciated.
> >
> > Thanks.
> >
> >  - Rachel
> >
> >
> > On Dec 6, 2007 1:45 PM, Ruchith Fernando <ruchith.fernando@gmail.com>
> wrote:
> > > Interop problems ...  You probably want to switch to using the
> > > WS-SecurityPolicy based configuration.
> > > I can assure you that Rampart + WS-SecurityPolicy interops with .NET
> > > (WCF) on WS-Security 1.0, WS-Security 1.1 and WS-SecureConversation
> > > scenarios.
> > >
> > > The test suite we used for the interop with WCF services is available
> > > here [1] where we have 66 successful scenarios on the above three
> > > specs.
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > [1] https://wso2.org/repos/wso2/trunk/interop/test-suites/security
> > >
> > >
> > > On Dec 6, 2007 3:07 AM, Rachel Primrose <rachel.primrose@gmail.com>
> wrote:
> > > > Right on the button - eclipse + classpaths = pain.
> > > >
> > > > I renamed everything to wow.whatever and now I'm onto the .NET
> interop
> > > > problems, which I will probably be posting about when I get really
> > > > stuck.
> > > >
> > > > Thanks so much.
> > > >
> > > >
> > > > On Dec 5, 2007 7:46 PM, Ruchith Fernando <ruchith.fernando@gmail.com>
> wrote:
> > > > > Yep ... everything looks fine ... However I'm wondering whether
> you
> > > > > have any other client_crypto.properties file in your classpath
> that
> > > > > causes the wrong keystore to be picked where there's no key with
> alias
> > > > > test123.
> > > > >
> > > > > Therefore can you please rename the keystore file and the
> .properties
> > > > > file and check.
> > > > >
> > > > > Thanks,
> > > > > Ruchith
> > > > >
> > > > >
> > > > > On Dec 5, 2007 5:50 AM, Rachel Primrose <rachel.primrose@gmail.com>
> wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I've been having trouble signing my messages as they go out,
and
> the
> > > > > > usual "is the alias the right one" solution I've been reading
> about
> > > > > > does not work!
> > > > > >
> > > > > > Here is my keystore:
> > > > > >
> > > > > > Keystore type: PKCS12
> > > > > > Keystore provider: SunJSSE
> > > > > >
> > > > > > Your keystore contains 1 entry
> > > > > >
> > > > > > Alias name: test123
> > > > > > Creation date: 5/12/2007
> > > > > > Entry type: PrivateKeyEntry
> > > > > > Certificate chain length: 3
> > > > > > Certificate[1]:
> > > > > >
> > > > > > Here is my axis2.xml security outflow:
> > > > > >
> > > > > > <parameter name="OutflowSecurity">
> > > > > >       <action>
> > > > > >         <items>Timestamp Signature</items>
> > > > > >         <user>test123</user>
> > > > > >         <passwordCallbackClass>test.oot.PWCallback
> </passwordCallbackClass>
> > > > > >
> <signaturePropFile>client_crypto.properties</signaturePropFile>
> > > > > >
> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> > > > > >         <parameter name="referencePropertyNames"
> > > > > > value="{Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}Action;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo;{Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DAction;%7BElement%7D%7Bhttp://schemas.xmlsoap.org/ws/2004/03/addressing%7DMessageID;%7BElement%7D%7Bhttp://schemas.xmlsoap.org/ws/2004/03/addressing%7DReplyTo;%7BElement%7D%7Bhttp://schemas.xmlsoap.org/ws/2004/03/addressing%7DTo>
> "
> > > > > > />
> > > > > >         <parameter name="signatureParts" value="
> > > > > >                       {Element}{
> http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7DBody>
> ;
> > > > > >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}Action<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DAction>
> ;
> > > > > >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DMessageID>
> ;
> > > > > >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}To<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DTo>
> ;
> > > > > >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}From<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DFrom>
> ;
> > > > > >                       {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DReplyTo>
> ;
> > > > > >                       {Element}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd%7DTimestamp>
> "
> > > > > > />
> > > > > >       </action>
> > > > > >     </parameter>
> > > > > >
> > > > > > Here is my client_crypto.properties file:
> > > > > >
> > > > > >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > > > > org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> > > > > > org.apache.ws.security.crypto.merlin.keystore.password=test
> > > > > > org.apache.ws.security.crypto.merlin.keystore.alias=test123
> > > > > > org.apache.ws.security.crypto.merlin.file=oot-stage.p12
> > > > > >
> > > > > > And my pwcallback class:
> > > > > >
> > > > > >  pc.setPassword("test");
> > > > > >
> > > > > > The error I get is:
> > > > > >
> > > > > > org.apache.axis2.AxisFault: WSHandler: Signature: error during
> message
> > > > > > procesingorg.apache.ws.security.WSSecurityException: General
> security
> > > > > > error (Unexpected number of X509Data: for Signature); nested
> exception
> > > > > > is:
> > > > > >         org.apache.ws.security.WSSecurityException: WSHandler:
> Signature:
> > > > > > error during message
> > > > > > procesingorg.apache.ws.security.WSSecurityException: General
> security
> > > > > > error (Unexpected number of X509Data: for Signature)
> > > > > >         at
> org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java
> :92)
> > > > > >         at org.apache.rampart.handler.WSDoAllHandler.invoke(
> WSDoAllHandler.java:74)
> > > > > >         at org.apache.axis2.engine.Phase.invoke(Phase.java:382)
> > > > > >         at org.apache.axis2.engine.AxisEngine.invoke(
> AxisEngine.java:522)
> > > > > >         at org.apache.axis2.engine.AxisEngine.send(
> AxisEngine.java:655)
> > > > > >         at
> org.apache.axis2.description.OutInAxisOperationClient.send(
> OutInAxisOperation.java:237)
> > > > > >         at
> org.apache.axis2.description.OutInAxisOperationClient.execute(
> OutInAxisOperation.java:202)
> > > > > > Caused by: org.apache.ws.security.WSSecurityException:
> WSHandler:
> > > > > > Signature: error during message
> > > > > > procesingorg.apache.ws.security.WSSecurityException: General
> security
> > > > > > error (Unexpected number of X509Data: for Signature)
> > > > > >         at org.apache.ws.security.action.SignatureAction.execute
> (SignatureAction.java:57)
> > > > > >         at
> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java
> :192)
> > > > > >         at org.apache.rampart.handler.WSDoAllSender.processBasic
> (WSDoAllSender.java:254)
> > > > > >         at
> org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java
> :86)
> > > > > >         ... 8 more
> > > > > >
> > > > > > And when I set level=DEBUG in my log4j.properties:
> > > > > >
> > > > > > 985  [main] DEBUG org.apache.ws.security.util.Loader  - Trying
> to find
> > > > > > [client_crypto.properties] using
> > > > > > sun.misc.Launcher$AppClassLoader@11b86e7 class loader.
> > > > > > 1000 [main] DEBUG
> > > > > > org.apache.ws.security.components.crypto.CryptoFactory  - Using
> Crypto
> > > > > > Engine [org.apache.ws.security.components.crypto.Merlin]
> > > > > > 1000 [main] DEBUG org.apache.ws.security.util.Loader  - Trying
> to find
> > > > > > [oot-stage.p12] using sun.misc.Launcher$AppClassLoader@11b86e7class
> > > > > > loader.
> > > > > > 1000 [main] DEBUG org.apache.ws.security.util.Loader  - Trying
> to find
> > > > > > [oot-stage.p12] using sun.misc.Launcher$AppClassLoader@11b86e7class
> > > > > > loader.
> > > > > > 1000 [main] DEBUG org.apache.ws.security.util.Loader  - Trying
> to find
> > > > > > [oot-stage.p12] using ClassLoader.getSystemResource().
> > > > > > 1563 [main] DEBUG org.apache.ws.security.handler.WSHandler 
-
> > > > > > Performing Action: 32
> > > > > > 1563 [main] DEBUG org.apache.ws.security.message.WSSecTimestamp
-
> > > > > > Begin add timestamp...
> > > > > > 1578 [main] DEBUG org.apache.ws.security.handler.WSHandler 
-
> > > > > > Performing Action: 2
> > > > > > 1578 [main] DEBUG org.apache.ws.security.message.WSSecSignature
-
> > > > > > Beginning signing...
> > > > > >
> > > > > >
> > > > > > As you can see, all matches up, but the actual signing fails!
> > > > > >
> > > > > > Any help would be greatly appreciated.
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > >
> > > > > > Kind regards,
> > > > > >
> > > > > > Rachel Primrose
> > > > > > E: rachel.primrose@gmail.com
> > > > > >
> > > > > >
> ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > http://blog.ruchith.org
> > > > > http://wso2.org
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Kind regards,
> > > >
> > > > Rachel Primrose
> > > > E: rachel.primrose@gmail.com
> > > > M: 021 969 728
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > >
> > > >
> > >
> > >
> > >
> > > --
> > > http://blog.ruchith.org
> > > http://wso2.org
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
>
> --
> http://blog.ruchith.org
> http://wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>


-- 
Kind regards,

Rachel Primrose
E: rachel.primrose@gmail.com
M: 021 969 728

Mime
View raw message