Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 99760 invoked from network); 2 Sep 2009 19:35:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Sep 2009 19:35:44 -0000 Received: (qmail 66481 invoked by uid 500); 2 Sep 2009 19:35:41 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 66414 invoked by uid 500); 2 Sep 2009 19:35:41 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 66404 invoked by uid 99); 2 Sep 2009 19:35:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Sep 2009 19:35:41 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Sep 2009 19:35:30 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1Mivbq-00035o-4x for axis-user@ws.apache.org; Wed, 02 Sep 2009 12:35:10 -0700 Message-ID: <25264293.post@talk.nabble.com> Date: Wed, 2 Sep 2009 12:35:10 -0700 (PDT) From: v2cg4ss To: axis-user@ws.apache.org Subject: Re: How to use Username Token and Signature Policy Together In-Reply-To: <25262491.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: sselvia@datamentors.com References: <25262491.post@talk.nabble.com> X-Virus-Checked: Checked by ClamAV on apache.org I found this and I get a bit farther: http://www.nabble.com/Rampart-Username-and-signed-certificate-td19843845.html#a19850367 I am now getting: [ERROR] Cannot find key for alias: [client] in keystore of type [JKS] from provider [SUN version 1.6] with size [2] and aliases: {server, client} [ERROR] The signature or decryption was invalid; nested exception is: java.lang.Exception: Cannot find key for alias: [client] org.apache.axis2.AxisFault: The signature or decryption was invalid; nested exception is: java.lang.Exception: Cannot find key for alias: [client] at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95) at org.apache.axis2.engine.Phase.invoke(Phase.java:318) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:619) My services.xml now has the following: server server org.apache.rampart.samples.policy.sample02.PWCBHandler JKS server.jks server And my client policy.xml has the following: client client client org.apache.rampart.samples.policy.sample02.PWCBHandler client.jks client JKS client.jks client v2cg4ss wrote: > > Is it possible to use these together? I took a stab at it and this is my > service.xml and client policy xml: > > I added the following block to the service.xml prior to the rampart > element and I did the same for the policy.xml. I used sample02 as the > test service and client. > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" > /> > > > > > Service.xml: > > > > > class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> > > locked="false">org.apache.rampart.samples.policy.sample02.SimpleService > > > > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > > > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> > > > > > > > > > > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> > > > > > > > > > > > > > > > > > > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" > /> > > > > xmlns:ramp="http://ws.apache.org/rampart/policy"> > myUser > jksUser > > org.apache.rampart.samples.policy.sample02.PWCBHandler > > > provider="org.apache.ws.security.components.crypto.Merlin"> > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > name="org.apache.ws.security.crypto.merlin.file">myJKS.jks > name="org.apache.ws.security.crypto.merlin.keystore.password">jksPSWD > > > > > > > > > > policy.xml: > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> > > > > > > > > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> > > > > > > > > > > > > > > > > > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > > > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" > /> > > > > > myUser > jksUser > > org.apache.rampart.samples.policy.sample02.PWCBHandler > > > name="javax.net.ssl.trustStore">myJKS.jks > name="javax.net.ssl.trustStorePassword">jksPSWD > > > > provider="org.apache.ws.security.components.crypto.Merlin"> > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > name="org.apache.ws.security.crypto.merlin.file">myJKS.jks > name="org.apache.ws.security.crypto.merlin.keystore.password">jksPSWD > > > > > > > > > -- View this message in context: http://www.nabble.com/How-to-use-Username-Token-and-Signature-Policy-Together-tp25262491p25264293.html Sent from the Axis - User mailing list archive at Nabble.com.