axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ellecer Valencia <elle...@gmail.com>
Subject Problems setting up WS-Security with Rampart and Password Digest
Date Wed, 28 Oct 2009 05:30:04 GMT
Hi,

I've been able to set up WS-Security using username + Password in
plaintext using Rampart on one the sample Version webservice. However,
I've been stuck all day trying to get authentication using Password
Digest.

Now from the examples I've seen, it seems that the only difference
between the two kinds of authentication is this bit:

<wsp:Policy>
   <sp:HashPassword/>
</wsp:Policy>


I've tried to configure Password DIgest by adding this to the services.xml:

<service name="Version">
    <description>
        This service is to get the running Axis version
    </description>
    <parameter name="ServiceClass">sample.axisversion.Version</parameter>
    <operation name="getVersion">
    <messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver" />
    </operation>

    <!-- SET MODULE -->
	<module ref="rampart" />

    <!-- SET WS-POLICY -->
    <!-- DIGESTED PASSWORD -->

    <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                wsu:Id="UsernameToken">
      <wsp:ExactlyOne>
        <wsp:All>
          <sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
            <ws:Policy>
              <sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">

                <wsp:Policy>
                  <sp:HashPassword/>
                </wsp:Policy>

              </sp:UsernameToken>

            </wsp:Policy>
          </sp:SupportingTokens>

          <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
            <ramp:passwordCallbackClass>sample.axisversion.PWCBHandler</ramp:passwordCallbackClass>
          </ramp:RampartConfig>

        </wsp:All>
      </wsp:ExactlyOne>
    </wsp:Policy>
</service>

However, when I'm running the service, it seems to still be performing
plaintext authentication! I don't understand what's going on.

I've run the sample by Dennis Sosnoski from the IBM site from this URL:

http://www.ibm.com/developerworks/webservices/library/j-jws4/index.html

And that sample code is performing as it should, using password digest.

The above config is just copied from the fie hash-policy-server.xml in
his sample code (replaced the callback handler with my own), so I
can't see where else the config could be wrong.

Also, is all of WS-Policy meant to be displayed in generated WSDL? In
the generated WSDL it doesn't include the HashPassword bit.  The Ws
Policy shown in the WSDL is this:

    <wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                    <wsp:Policy>
                        <sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
                    </wsp:Policy>
                </sp:SupportingTokens>

            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>


So I guess there are 2 questions here:

1. Is WS-Policy in the WSDL also meant to indicate that PasswordDigest
is used instead of just plain text passwords? Would the above
behaviour indicate an Axis2 bug? I don't understand what other files
Axis could be looking at.

I haven't actually seen any examples of WSDL files that indicate
Password Digest is used in the WS Policy. If you've seen any out
there, send me the URL!

2. Does anyone have any clues or ideas on what else is wrong with the
above config, or what else needs to be configured to get WS-Security
with PasswordDigest working?

Software used:
Axis 1.5.1
Rampart 1.4

Thanks very much for any help you can give!


Ellecer

Mime
View raw message