axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From v2cg4ss <ssel...@datamentors.com>
Subject Re: How to use Username Token and Signature Policy Together
Date Wed, 02 Sep 2009 19:35:10 GMT

I found this and I get a bit farther:

http://www.nabble.com/Rampart-Username-and-signed-certificate-td19843845.html#a19850367

I am now getting:

[ERROR] Cannot find key for alias: [client] in keystore of type [JKS] from
provider [SUN version 1.6] with size [2] and aliases: {server, client}
[ERROR] The signature or decryption was invalid; nested exception is: 
	java.lang.Exception: Cannot find key for alias: [client]
org.apache.axis2.AxisFault: The signature or decryption was invalid; nested
exception is: 
	java.lang.Exception: Cannot find key for alias: [client]
	at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
	at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
	at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
	at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
	at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
	at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
	at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
	at java.lang.Thread.run(Thread.java:619)


My services.xml now has the following:

                <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                </sp:AsymmetricBinding>
                
	            <sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	            </sp:SignedSupportingTokens>
                
                <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                </sp:Wss10>
                
                <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <sp:Body/>
                </sp:SignedParts>

                <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy">
                    <ramp:user>server</ramp:user>
                    <ramp:userCertAlias>server</ramp:userCertAlias>
                   
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler</ramp:passwordCallbackClass>

                    <ramp:signatureCrypto>
                        <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
                            <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                            <ramp:property
name="org.apache.ws.security.crypto.merlin.file">server.jks</ramp:property>
                            <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">server</ramp:property>
                        </ramp:crypto>
                    </ramp:signatureCrypto>
                </ramp:RampartConfig>

And my client policy.xml has the following:

			<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
			</sp:AsymmetricBinding>
			
            <sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            </sp:SignedSupportingTokens>
			
			<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
			</sp:Wss10>

			<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
				<sp:Body/>
			</sp:SignedParts>


                <!--
                         I get the following stack trace if the
encryptionuser is not specified:

Exception in thread "main" org.apache.axis2.AxisFault: Encryption user not
specified (The context is created by the initiating party)
	at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
                -->


			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
				<ramp:user>client</ramp:user>
                <ramp:userCertAlias>client</ramp:userCertAlias>
                <ramp:encryptionUser>client</ramp:encryptionUser>
			
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler</ramp:passwordCallbackClass>
				
                <ramp:sslConfig> 
                  <ramp:property
name="javax.net.ssl.trustStore">client.jks</ramp:property>
                  <ramp:property
name="javax.net.ssl.trustStorePassword">client</ramp:property> 
                </ramp:sslConfig>
				
				<ramp:signatureCrypto>
					<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
						<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
						<ramp:property
name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
						<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">client</ramp:property>
					</ramp:crypto>
				</ramp:signatureCrypto>
			</ramp:RampartConfig>



v2cg4ss wrote:
> 
> Is it possible to use these together?  I took a stab at it and this is my
> service.xml and client policy xml:
> 
> I added the following block to the service.xml prior to the rampart
> element and I did the same for the policy.xml.  I used sample02 as the
> test service and client.
> 
> <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>   <wsp:Policy>
>       <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
> />
>   </wsp:Policy>
> </sp:SignedSupportingTokens>
> 
> 
> Service.xml:
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <service>
>     <operation name="echo">
>         <messageReceiver
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>     </operation>
>     <parameter name="ServiceClass"
> locked="false">org.apache.rampart.samples.policy.sample02.SimpleService</parameter>
> 
>     <module ref="rampart"/>
>     <module ref="addressing"/>
> 
>     <wsp:Policy wsu:Id="SigOnly"
>                
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>                 xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>         <wsp:ExactlyOne>
>             <wsp:All>
>                 <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                     <wsp:Policy>
>                         <sp:InitiatorToken>
>                             <wsp:Policy>
>                                 <sp:X509Token
>                                        
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
>                                     <wsp:Policy>
>                                         <sp:RequireThumbprintReference/>
>                                         <sp:WssX509V3Token10/>
>                                     </wsp:Policy>
>                                 </sp:X509Token>
>                             </wsp:Policy>
>                         </sp:InitiatorToken>
>                         <sp:RecipientToken>
>                             <wsp:Policy>
>                                 <sp:X509Token
>                                        
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
>                                     <wsp:Policy>
>                                         <sp:RequireThumbprintReference/>
>                                         <sp:WssX509V3Token10/>
>                                     </wsp:Policy>
>                                 </sp:X509Token>
>                             </wsp:Policy>
>                         </sp:RecipientToken>
>                         <sp:AlgorithmSuite>
>                             <wsp:Policy>
>                                 <sp:TripleDesRsa15/>
>                             </wsp:Policy>
>                         </sp:AlgorithmSuite>
>                         <sp:Layout>
>                             <wsp:Policy>
>                                 <sp:Strict/>
>                             </wsp:Policy>
>                         </sp:Layout>
>                         <sp:IncludeTimestamp/>
>                         <sp:OnlySignEntireHeadersAndBody/>
>                     </wsp:Policy>
>                 </sp:AsymmetricBinding>
>                 <sp:Wss10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                     <wsp:Policy>
>                         <sp:MustSupportRefKeyIdentifier/>
>                         <sp:MustSupportRefIssuerSerial/>
>                     </wsp:Policy>
>                 </sp:Wss10>
>                 <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                     <sp:Body/>
>                 </sp:SignedParts>
> 
> 	            <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 	              <wsp:Policy>
> 	                <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
> />
> 	              </wsp:Policy>
> 	            </sp:SignedSupportingTokens>
> 
>                 <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy">
>                     <ramp:user>myUser</ramp:user>
>                     <ramp:encryptionUser>jksUser</ramp:encryptionUser>
>                    
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler</ramp:passwordCallbackClass>
> 
>                     <ramp:signatureCrypto>
>                         <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
>                             <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>                             <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">myJKS.jks</ramp:property>
>                             <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">jksPSWD</ramp:property>
>                         </ramp:crypto>
>                     </ramp:signatureCrypto>
>                 </ramp:RampartConfig>
> 
>             </wsp:All>
>         </wsp:ExactlyOne>
>     </wsp:Policy>
> </service>
> 
> policy.xml:
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> 	<wsp:ExactlyOne>
> 		<wsp:All>
> 			<sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<wsp:Policy>
> 					<sp:InitiatorToken>
> 						<wsp:Policy>
> 							<sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> 								<wsp:Policy>
> 									<sp:WssX509V3Token10/>
> 								</wsp:Policy>
> 							</sp:X509Token>
> 						</wsp:Policy>
> 					</sp:InitiatorToken>
> 					<sp:RecipientToken>
> 						<wsp:Policy>
> 							<sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> 								<wsp:Policy>
> 									<sp:WssX509V3Token10/>
> 								</wsp:Policy>
> 							</sp:X509Token>
> 						</wsp:Policy>
> 					</sp:RecipientToken>
> 					<sp:AlgorithmSuite>
> 						<wsp:Policy>
> 							<sp:TripleDesRsa15/>
> 						</wsp:Policy>
> 					</sp:AlgorithmSuite>
> 					<sp:Layout>
> 						<wsp:Policy>
> 							<sp:Strict/>
> 						</wsp:Policy>
> 					</sp:Layout>
> 					<sp:IncludeTimestamp/>
> 					<sp:OnlySignEntireHeadersAndBody/>
> 				</wsp:Policy>
> 			</sp:AsymmetricBinding>
> 			<sp:Wss10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<wsp:Policy>
> 					<sp:MustSupportRefKeyIdentifier/>
> 					<sp:MustSupportRefIssuerSerial/>
> 				</wsp:Policy>
> 			</sp:Wss10>
> 
> 			<sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<sp:Body/>
> 			</sp:SignedParts>
> 
> 		<sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 			<wsp:Policy>
> 				<sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
> />
> 		  </wsp:Policy>
> 		</sp:SignedSupportingTokens>
> 
> 			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
> 				<ramp:user>myUser</ramp:user>
> 				<ramp:encryptionUser>jksUser</ramp:encryptionUser>
> 			
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler</ramp:passwordCallbackClass>
> 				
>                 <ramp:sslConfig> 
>                   <ramp:property
> name="javax.net.ssl.trustStore">myJKS.jks</ramp:property>
>                   <ramp:property
> name="javax.net.ssl.trustStorePassword">jksPSWD</ramp:property> 
>                 </ramp:sslConfig>
> 				
> 				<ramp:signatureCrypto>
> 					<ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> 						<ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> 						<ramp:property
> name="org.apache.ws.security.crypto.merlin.file">myJKS.jks</ramp:property>
> 						<ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">jksPSWD</ramp:property>
> 					</ramp:crypto>
> 				</ramp:signatureCrypto>
> 			</ramp:RampartConfig>
> 
> 		</wsp:All>
> 	</wsp:ExactlyOne>
> </wsp:Policy>
> 
> 

-- 
View this message in context: http://www.nabble.com/How-to-use-Username-Token-and-Signature-Policy-Together-tp25262491p25264293.html
Sent from the Axis - User mailing list archive at Nabble.com.


Mime
View raw message