axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanjay Gupta <Sanjay.Gu...@billwiseinc.com>
Subject RE: Securing Axis2 REST Style Services
Date Mon, 20 Apr 2009 23:41:48 GMT
Hi Ruchith,
Finally I got authentication working on rest call. I had to comment the db calls in the class
that you provided to get past the db connection issue.  Thank you so much for helping me out.
Even though the authentication is working I get an error. See the stacktrace below. I see
a jira for the same issue. Are there any side effect of this error?
Thanks
Sanjay

http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html


[FATAL] Bad:
java.lang.NullPointerException
        at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
        at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
        at org.apache.xml.security.Init.init(Unknown Source)
        at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
        at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
        at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
        at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
        at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
        at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
        at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
        at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
        at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
        at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
        at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:619)
java.lang.NullPointerException
        at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
        at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
        at org.apache.xml.security.Init.init(Unknown Source)
        at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
        at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
        at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
        at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
        at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
        at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
        at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
        at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
        at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
        at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
        at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:619)
-----Original Message-----
From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
Sent: Sunday, April 19, 2009 10:36 PM
To: axis-user@ws.apache.org
Subject: RE: Securing Axis2 REST Style Services

Hi Ruchitch,
Please ignore my previous message. The POXSecurityHandler class was not compiled correctly.
I had to figure out all the dependencies and copy them to the axis2 lib dir one by one. Painful
but I think I have them all now. Now I am stuck on this error. How can I avoid connection
the database wso2wsas_db. I think I don't need to this for what I am trying to accomplish.
I really appreciate your help.
Thanks
Sanjay

Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet AxisServlet threw exception
org.hibernate.exception.GenericJDBCException: Cannot open connection
        at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
        at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
        at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
        at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
        at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426)
        at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144)
        at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119)
        at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57)
        at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301)
        at $Proxy4.beginTransaction(Unknown Source)
        at org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77)
        at org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300)
        at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
        at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
        at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
        at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
        at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:619)
Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found.
        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
        at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source)
        at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source)
        at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
        at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
        at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown Source)
        at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
        at java.sql.DriverManager.getConnection(DriverManager.java:582)
        at java.sql.DriverManager.getConnection(DriverManager.java:154)
        at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)
        at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423)
        ... 35 more

-----Original Message-----
From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
Sent: Sunday, April 19, 2009 8:44 PM
To: axis-user@ws.apache.org
Subject: RE: Securing Axis2 REST Style Services

Hi Ruchith,
Thanks for proving the class. I am assuming that I needed to add this handler to the transport
phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from  wso2wsas
version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar
files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest
and
javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in
standard tomcat 6.0.18. But for some reason I get this error.

SEVERE: StandardWrapper.Throwable
java.lang.Error: Unresolved compilation problems:
        The import javax.servlet.http cannot be resolved
        The import javax.servlet.http cannot be resolved
        HttpServletRequest cannot be resolved to a type
        HttpServletRequest cannot be resolved to a type
        HttpServletResponse cannot be resolved to a type
        HttpServletResponse cannot be resolved to a type
        HttpServletResponse cannot be resolved

        at org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

I tried unzipping the servlet-api.jar in classes dir and got this error.
SEVERE: Servlet /axis2 threw load() exception
java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to
javax.servlet.Servlet
        at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104)
        at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
        at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058)
        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364)
        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
        at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
        at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at org.apache.catalina.core.StandardService.start(StandardService.java:516)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)


I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
Thanks
Sanjay

-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Thursday, April 16, 2009 5:52 PM
To: axis-user@ws.apache.org
Subject: Re: Securing Axis2 REST Style Services

Oops  :-)

Here you go :

https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java

On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
<Sanjay.Gupta@billwiseinc.com> wrote:
> Hi Ruchith,
> Thanks for the quick reply. Could you please point me to the link that talks about this
solutions.
> Thanks
> Sanjay
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Thursday, April 16, 2009 4:31 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Hi,
>
> For the REST style calls you can use HTTPS + Basic Auth
>
> Have a look at this [1] handler from WSO2 WSAS. This will simply add
> the UsernameToken into the SOAP representation of the incoming REST
> request, which will be processed by Rampart (which you have already
> configured).
>
> Thanks,
> Ruchith
>
> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
> <Sanjay.Gupta@billwiseinc.com> wrote:
>> HI,
>>
>> I have a POJO based services deployed in axis2 and it's working well. I have
>> implememted the basic user/password security  using rampart and it's working
>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>> how do I secure the REST style calls. Do I need to do anything special. I
>> need to deploy these services into production soon and any help or pointers
>> would be greatly appreciated.
>>
>> Thanks
>>
>> Sanjay
>
>
>
> --
> http://blog.ruchith.org
>



--
http://blog.ruchith.org

Mime
View raw message