axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roxanne Yee" <r...@akimeka.com>
Subject FW: Newbie Basics: Security Policy
Date Tue, 15 Jul 2008 21:40:48 GMT



-----Original Message-----
From: Roxanne Yee [mailto:ryee@akimeka.com]
Sent: Tue 7/15/2008 8:11 AM
To: rampart-dev@ws.apache.org
Subject: RE: Newbie Basics: Security Policy
 
Just to verify how this policy would work...
So if I use this policy, I can just tell soapUI to add a User Name Token with username "alice"
and password "bobPW", and I should receive an echo back (using the service in the samples)
in the response? However, when I do this, for some reason I receive and error. The RAW messages
are reprinted below:


REQUEST:
Host: 192.168.1.247:8080
Content-Length: 803
User-Agent: Jakarta Commons-HttpClient/3.0.1
Content-Type: application/soap+xml;charset=UTF-8;action="urn:echo"
 
<soap:Envelope xmlns:sam="http://sample01.policy.samples.rampart.apache.org" xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
  <soap:Header>
    <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken wsu:Id="UsernameToken-10518016" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>alice</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password>
      </wsse:UsernameToken>
      </wsse:Security>
  </soap:Header>
  <soap:Body>
      <sam:echo>
         <!--Optional:-->
         <sam:param0>?</sam:param0>
      </sam:echo>
  </soap:Body>
</soap:Envelope>


RESPONSE:
HTTP/1.1 500 Internal Server Error
Date: Tue, 15 Jul 2008 18:05:24 GMT
Transfer-Encoding: chunked
Connection: close
Content-Type: application/soap+xml; action="http://www.w3.org/2005/08/addressing/soap/fault";charset=UTF-8
Server: Apache-Coyote/1.1

<?xml version='1.0' encoding='UTF-8'?>
   <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
     <soapenv:Body>
       <soapenv:Fault>
          <soapenv:Code>
            <soapenv:Value>soapenv:Receiver</soapenv:Value>
          </soapenv:Code>
          <soapenv:Reason>
             <soapenv:Text xml:lang="en-US">java.lang.NoSuchMethodError: org.apache.ws.security.message.WSSecHeader.isEmpty(Lorg/w3c/dom/Document;)Z</soapenv:Text>
          </soapenv:Reason>
          <soapenv:Detail />
       </soapenv:Fault>
     </soapenv:Body>
   </soapenv:Envelope>


Thanks.

=>RY

-----Original Message-----
From: Nandana Mihindukulasooriya [mailto:nandana.cse@gmail.com]
Sent: Mon 7/14/2008 8:01 AM
To: rampart-dev@ws.apache.org
Subject: Re: Newbie Basics: Security Policy
 
Hi Roxane,

This is the policy to be used. Hope you know how to attach this policy to
services.xml and to a client. Please go through the Rampart policy samples
and you will be able to see how that is done. If you have further questions,
please feel free to throw them in.

regards,
nandana

<wsp:Policy wsu:Id="UT" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
      <wsp:All>
               <sp:SupportingTokens xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
                <sp:UsernameToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
/>
                </wsp:Policy>
        </sp:SupportingTokens>

        <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">

            <ramp:user>username</ramp:user>

<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
        </ramp:RampartConfig>

      </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

On Mon, Jul 14, 2008 at 11:53 PM, Roxanne Yee <ryee@akimeka.com> wrote:

> If I simply wanted to implement a web service that used a User Name Token
> authentication system with a Username and Password in Plaintext (no SSL for
> now, cause I'm a little sketchy on how to actually set that up), what would
> I need to do if using the Policy handler configuration?
>
> Thanks.
>
> => RY
>



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message