axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Fielenbach <fielenb...@fb5.uni-siegen.de>
Subject Re: Loading external WSS Policy by Rampart
Date Thu, 24 Feb 2011 13:30:56 GMT
Am 24.02.2011 13:57, schrieb Thilina Mahesh Buddhika:
> Do you see any errors during the service deployment when an external 
> policy reference is used?
>
> I guess, the policy is not properly attached to the service which is 
> the most probable reason for the Must Understand check failed error.
>
> Thanks,
> Thilina
>
> On Thu, Feb 24, 2011 at 5:03 PM, Thomas Fielenbach 
> <fielenbach@fb5.uni-siegen.de <mailto:fielenbach@fb5.uni-siegen.de>> 
> wrote:
>
>     Hi all,
>
>     Currently I'm working on securing messages with rampart. Therefore
>     I just add Username/Pass/Timestamp in a policy. This works all
>     fine (at client and at server-side) using a code first approach
>     and defining the policy as well as the rampart-config in the
>     services.xml.
>     services.xml (partially):
>     <service name="UserNameTokenService">
>     <parameter name="ServiceClass" locked="false">unt.UserNameToken
>     </parameter>
>     <operation name="add">
>     <messageReceiver
>     class="org.apache.axis2.rpc.receivers.RPCMessageReceiver" />
>     </operation>
>     <module ref="rampart" />
>     <wsp:Policy wsu:Id="UsernameTokenOverHTTP"
>     ...
>     <sp:SignedSupportingTokens
>                      
>      xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>     <wsp:Policy>
>     <sp:UsernameToken
>                              
>      sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
>     />
>     </wsp:Policy>
>     </sp:SignedSupportingTokens>
>     <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
>     <ramp:passwordCallbackClass>unt.PWCBHandler</ramp:passwordCallbackClass>
>     </ramp:RampartConfig>
>     </wsp:All>
>     ...
>
>     When I want to use contract first and load a policy document from
>     an external source (e.g.
>     http://ip:port/axis2/external-policy.xml), the Axis2-framework
>     responds with "
>     Exception in thread "main" org.apache.axis2.AxisFault: Must
>     Understand check failed for header
>     http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>     : Security    at
>     org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:446)
>     ..."
>
>     The (relevant) part of the WSDL:
>     <wsdl:portType name="UserNameTokenExternalPolicyServicePortType">
>     <wsdl:operation name="add">
>     <wsdl:input message="ns:addRequest" wsaw:Action="urn:add">
>     </wsdl:input>
>     <wsdl:output message="ns:addResponse" wsaw:Action="urn:addResponse">
>     </wsdl:output>
>     </wsdl:operation>
>     <wsp:PolicyReference
>     URI="http://localhost:7080/axis2/external-policy.xml#TS_AUTH-UNT-PASS"
>     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>
>     </wsdl:portType>
>
>     The services.xml is the same like above but wss- policy is
>     deleted. I have tried to define the rampart-config 1) in the
>     services.xml 2) in the external-policy.xml, but both times the
>     error stated above occurs.
>
>     Tracking the request with TCPMon shows that the client sends a
>     valid request to the server.
>
>     Is it generally possbile to use references to policies with
>     rampart? If so, how do I have to change my code for that?
>
>     Thanks in advance & Best regards
>
>
>     -- 
>     *************************
>     Universität Siegen
>     Institut: Wirtschaftsinformatik, Bereich: IT-Sicherheit
>     Hölderlinstr. 3
>     57068 Siegen
>
>     Raum: H-C 8329/3
>     Tel.: +49-271-740-3041
>     Fax: +49-271-740-3444
>     Mail: fielenbach@fb5.uni-siegen.de
>     <mailto:fielenbach@fb5.uni-siegen.de>
>
>     Web: http://www.uni-siegen.de/fb5/itsec/index.html?lang=de
>     *************************
>
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
>     <mailto:java-user-unsubscribe@axis.apache.org>
>     For additional commands, e-mail: java-user-help@axis.apache.org
>     <mailto:java-user-help@axis.apache.org>
>
>
>
>
> -- 
> Thilina Mahesh Buddhika
> http://blog.thilinamb.com
Hi,

There is no error occuring during deployment. Web Service is available, 
rampart is engaged as module and there are no exceptions during 
deployment (AXIS2 as webapp in a tomcat).

Thats the question. Is axis2/rampart capable of reading an external 
policy  (here available in the tomcat)? In my wsdl the policy is bound 
to the portType with: <wsp:PolicyReference 
URI="http://localhost:7080/axis2/external-policy.xml#TS_AUTH-UNT-PASS" 
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/>

  Moreover there is the question where/how I have to define the 
rampart-configs? Normally this would be placed directly in the policy 
defined in the services.xml but maybe thats not a feasible approach if 
the policy is placed externally.

Best regards
Thomas

-- 
*************************
Universität Siegen
Institut: Wirtschaftsinformatik, Bereich: IT-Sicherheit
Hölderlinstr. 3
57068 Siegen

Raum: H-C 8329/3
Tel.: +49-271-740-3041
Fax: +49-271-740-3444
Mail: fielenbach@fb5.uni-siegen.de

Web: http://www.uni-siegen.de/fb5/itsec/index.html?lang=de
*************************


Mime
View raw message