ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dittmann, Werner" <werner.dittm...@siemens.com>
Subject AW: RES: How to configure UsernameTokenSignature
Date Tue, 05 Jul 2005 14:15:11 GMT
Steve,

if you like to sig/encrypt elements of the adressing part
of the request pls place the security handler _after_ the
adressing handler. It is necessary that the elements are in
the request before WSS4J can encrypt/sign the elements.

Regards,
Werner

> -----Ursprüngliche Nachricht-----
> Von: Steve Behrendt [mailto:steve@weg.com.br] 
> Gesendet: Dienstag, 5. Juli 2005 15:59
> An: Steve Behrendt; Dittmann, Werner
> Cc: fx-dev@ws.apache.org
> Betreff: RES: RES: How to configure UsernameTokenSignature
> 
> 
> >The problem in this case is, that the process of add the 
> "action" property doesn't work. It always throws a exception:
> 
> I fixed the problem. The URI class only accept a argument 
> that is conformed to a schema like "http://getclientes". I 
> changed the "ServiceInterfaceStub.class" like this:
> 
> 	    
> _call.setSOAPActionURI("http://localhost/WebServiceGMC/webserv
> icegmc.asmx?op=getClientes");
>         //_call.setSOAPActionURI("getClientes");
> 
> It's strange, but it works. Do anyone say why that works that way?
> 
> 
> Steve
> 
> -----Mensagem original-----
> De: Steve Behrendt 
> Enviada em: terça-feira, 5 de julho de 2005 10:21
> Para: Dittmann, Werner
> Cc: fx-dev@ws.apache.org
> Assunto: RES: RES: How to configure UsernameTokenSignature
> 
> 
> Werner,
> 
> Thanks for the hint!! Now I want to add the addributes 
> "action", "MessageId", "ReplayTo" and "To".
> When I use the ws-adressing-project, the handler always call 
> the part of the "action", even I don't define it in the .wsdd 
> file. I think it's a bug, or isn't it?
> The problem in this case is, that the process of add the 
> "action" property doesn't work. It always throws a exception:
> 
> AxisFault
>  faultCode: 
> {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
>  faultSubcode: 
>  faultString: 
> org.apache.axis.types.URI$MalformedURIException: No scheme 
> found in URI.
>  faultActor: 
>  faultNode: 
>  faultDetail: 
> 	
> {http://xml.apache.org/axis/}stackTrace:org.apache.axis.types.
> URI$MalformedURIException: No scheme found in URI.
> 	at org.apache.axis.types.URI.initialize(URI.java:483)
> 	at org.apache.axis.types.URI.&lt;init&gt;(URI.java:281)
> 	at org.apache.axis.types.URI.&lt;init&gt;(URI.java:265)
> 	at 
> org.apache.axis.message.addressing.handler.AddressingHandler.p
> rocessClientRequest(AddressingHandler.java:240)
> 	at 
> org.apache.axis.message.addressing.handler.AddressingHandler.i
> nvoke(AddressingHandler.java:108)
> 	at 
> org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> Strategy.java:32)
> 	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> 	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> 	at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> 	at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> 	at org.apache.axis.client.Call.invoke(Call.java:2748)
> 	at org.apache.axis.client.Call.invoke(Call.java:2424)
> 	at org.apache.axis.client.Call.invoke(Call.java:2347)
> 	at org.apache.axis.client.Call.invoke(Call.java:1804)
> 	at 
> net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> aceStub.java:284)
> 	at net.weg.service.client.main(client.java:96)
> 
> 	{http://xml.apache.org/axis/}hostname:brjgsd181091
> 
> org.apache.axis.types.URI$MalformedURIException: No scheme 
> found in URI.
> 	at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
> 	at 
> org.apache.axis.message.addressing.handler.AddressingHandler.i
> nvoke(AddressingHandler.java:121)
> 	at 
> org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> Strategy.java:32)
> 	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> 	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> 	at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> 	at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> 	at org.apache.axis.client.Call.invoke(Call.java:2748)
> 	at org.apache.axis.client.Call.invoke(Call.java:2424)
> 	at org.apache.axis.client.Call.invoke(Call.java:2347)
> 	at org.apache.axis.client.Call.invoke(Call.java:1804)
> 	at 
> net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> aceStub.java:284)
> 	at net.weg.service.client.main(client.java:96)
> Caused by: org.apache.axis.types.URI$MalformedURIException: 
> No scheme found in URI.
> 	at org.apache.axis.types.URI.initialize(URI.java:483)
> 	at org.apache.axis.types.URI.<init>(URI.java:281)
> 	at org.apache.axis.types.URI.<init>(URI.java:265)
> 	at 
> org.apache.axis.message.addressing.handler.AddressingHandler.p
> rocessClientRequest(AddressingHandler.java:240)
> 	at 
> org.apache.axis.message.addressing.handler.AddressingHandler.i
> nvoke(AddressingHandler.java:108)
> 	... 11 more
> 
> 
> My wsdd-File is that:
> 
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"
>             
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
>          
> <globalConfiguration >
> 	<requestFlow>
> 		<handler 
> type="java:org.apache.ws.axis.security.WSDoAllSender" >
>   			<parameter name="action" 
> value="Timestamp UsernameTokenSignature" />
> 	   		<parameter name="passwordCallbackClass" 
> value="net.weg.service.PWCallback" />				
> 								  
> 	   		<parameter name="signatureParts" 
> value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; 
> 	   			
> {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-
> wss-wssecurity-utility-1.0.xsd}Timestamp;" />
> 		</handler>
> 		
> 		<handler name="addr" 
> type="java:org.apache.axis.message.addressing.handler.Addressi
> ngHandler">  
> 	       		<parameter 
> name="referencePropertyNames" 
> value="{Element}{http://schemas.xmlsoap.org/ws/2004/03/address
> ing}MessageID;
>  				
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplayTo;
>  				
> {Element}{http://schemas.xmlsoap.org/ws/2004/03/addressing}To"/>  
>      	</handler>
> 		
> 	</requestFlow>
> </globalConfiguration>  
> 
> <transport name="java" 
> pivot="java:org.apache.axis.transport.java.JavaSender"/>
> <transport name="http" 
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <transport name="local" 
> pivot="java:org.apache.axis.transport.local.LocalSender"/>
>  
> </deployment>
> 
> 
> The Program throws the exception at this point in the 
> "org.apache.axis.message.addressing.handler.AddressingHandler"
>  in the method "processClientRequest"
> 
>         // set Action
>         String action = msgContext.getSOAPActionURI();
>         if (action != null) {
>             headers.setAction(new Action(new URI(action))); 
> ///// Here is the exception thrown --> action has the value 
> "getClientes" - the name of the method in the webservice.
>         } else if(headers.getAction() != null) {
>             msgContext.setUseSOAPAction(true);
>             // Make SOAP action match
>             
> msgContext.setSOAPActionURI(headers.getAction().toString());
>         }
> 
> Thanks to everyone!!!!
> 
> Steve
> 
> 
> -----Mensagem original-----
> De: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
> Enviada em: terça-feira, 5 de julho de 2005 03:28
> Para: Steve Behrendt
> Cc: fx-dev@ws.apache.org
> Assunto: AW: RES: How to configure UsernameTokenSignature
> 
> 
> Steve.
> 
> about the problem "Timestamp" not found, just
> reverse the actions. That is do "Timestamp"
> first, then the Signature. The handler works
> from left to right, builds up the request
> as it works thru the actions. This, you try
> to perform a Signature of en element that is 
> not yet build into the request.
> 
> Regards,
> Werner
> 
> > -----Ursprüngliche Nachricht-----
> > Von: Steve Behrendt [mailto:steve@weg.com.br] 
> > Gesendet: Montag, 4. Juli 2005 19:28
> > An: Werner Dittmann
> > Cc: fx-dev@ws.apache.org
> > Betreff: RES: RES: How to configure UsernameTokenSignature
> > 
> > 
> > Werner,
> > 
> > Thanks for the tip. Now I have another problem. The engine 
> > don't signate a part of the message. It stops with a 
> > Exception shown at the bottom of the Mail. 
> > 
> > .NET with wse2.0 sp3 uses signature based on usernametoken 
> > for the "wsa:Action", "wsa:MessageID", "wsa:ReplayTo", 
> > "wsa:To", "wsu:Timestamp" and the "soap:Body wsu:Id" 
> > elements. I began with Timestamp, but it downs't work.
> > 
> > AxisFault
> >  faultCode: 
> > {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
> >  faultSubcode: 
> >  faultString: WSDoAllSender: Error during Signatur with 
> > UsernameToken 
> > secretorg.apache.ws.security.WSSecurityException: General 
> > security error (WSEncryptBody/WSSignEnvelope: Element to 
> > encrypt/sign not found: 
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> > rity-secext-1.0.xsd, Timestamp)
> >  faultActor: 
> >  faultNode: 
> >  faultDetail: 
> > 	{http://xml.apache.org/axis/}stackTrace:WSDoAllSender: 
> > Error during Signatur with UsernameToken 
> > secretorg.apache.ws.security.WSSecurityException: General 
> > security error (WSEncryptBody/WSSignEnvelope: Element to 
> > encrypt/sign not found: 
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> > rity-secext-1.0.xsd, Timestamp)
> > 	at 
> > org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction
> > (WSDoAllSender.java:512)
> > 	at 
> > org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender
> > .java:336)
> > 	at 
> > org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> > Strategy.java:32)
> > 	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> > 	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> > 	at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> > 	at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> > 	at org.apache.axis.client.Call.invoke(Call.java:2748)
> > 	at org.apache.axis.client.Call.invoke(Call.java:2424)
> > 	at org.apache.axis.client.Call.invoke(Call.java:2347)
> > 	at org.apache.axis.client.Call.invoke(Call.java:1804)
> > 	at 
> > net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> > aceStub.java:284)
> > 	at net.weg.service.client.main(client.java:95)
> > 
> > 	{http://xml.apache.org/axis/}hostname:brjgsd181091
> > 
> > WSDoAllSender: Error during Signatur with UsernameToken 
> > secretorg.apache.ws.security.WSSecurityException: General 
> > security error (WSEncryptBody/WSSignEnvelope: Element to 
> > encrypt/sign not found: 
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> > rity-secext-1.0.xsd, Timestamp)
> > 	at 
> > org.apache.ws.axis.security.WSDoAllSender.performUT_SIGNAction
> > (WSDoAllSender.java:512)
> > 	at 
> > org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender
> > .java:336)
> > 	at 
> > org.apache.axis.strategies.InvocationStrategy.visit(Invocation
> > Strategy.java:32)
> > 	at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> > 	at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> > 	at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127)
> > 	at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
> > 	at org.apache.axis.client.Call.invoke(Call.java:2748)
> > 	at org.apache.axis.client.Call.invoke(Call.java:2424)
> > 	at org.apache.axis.client.Call.invoke(Call.java:2347)
> > 	at org.apache.axis.client.Call.invoke(Call.java:1804)
> > 	at 
> > net.weg.service.ServiceInterfaceStub.getClientes(ServiceInterf
> > aceStub.java:284)
> > 
> > 	at net.weg.service.client.main(client.java:95)
> > 
> > Here is my .wsdd-File:
> > 
> > <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> >             
> > xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> >          
> > <globalConfiguration >
> > 	<requestFlow>
> > 		<handler 
> > type="java:org.apache.ws.axis.security.WSDoAllSender" >
> >   			<parameter name="action" 
> > value="UsernameTokenSignature Timestamp" />
> > 	   		<parameter name="passwordCallbackClass" 
> > value="net.weg.service.PWCallback" />				
> > 								  
> > 	   		<parameter name="signatureParts" 
> > value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-
> > 200401-wss-wssecurity-secext-1.0.xsd}Timestamp" />
> > 		</handler>
> > 	</requestFlow>
> > </globalConfiguration>  
> > 
> > <transport name="java" 
> > pivot="java:org.apache.axis.transport.java.JavaSender"/>
> > <transport name="http" 
> > pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> > <transport name="local" 
> > pivot="java:org.apache.axis.transport.local.LocalSender"/>
> >  
> > </deployment>
> > 
> > Any idea?
> > Thanks!!!
> > 
> > Steve
> > 
> > -----Mensagem original-----
> > De: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
> > Enviada em: sábado, 2 de julho de 2005 07:42
> > Para: Steve Behrendt
> > Cc: fx-dev@ws.apache.org
> > Assunto: Re: RES: How to configure UsernameTokenSignature
> > 
> > 
> > Steve,
> > 
> > just remove the action that you don't want from the scenarios, e.g
> > the encrypt.
> > 
> > On the Callback problem: as the deployment setup overwrights the
> > progeamatic setup the "passwordCallbackClass parameter"
> > will be used by the handler. As I can see you define a java
> > source file here - not a class. pls check your setup and fix
> > it.
> > 
> > Regards,
> > Werner
> > 
> > Steve Behrendt schrieb:
> > > Werner,
> > > 
> > > 
> > >>AFAIK the Secnario 3a (or 2a?) of the interop scenarios
> > >>show ho to use the stuff. 
> > > 
> > > 
> > > The Problem is that the stuff is only shown with encryption 
> > etc. But I only want to use a signature base on the 
> > UsernameToken - for an implementation with Microsoft .NET.
> > > But when I call the method of the service, the handler 
> > (PasswordCallBackHandler) is not passed.
> > > 
> > > My Handler:
> > > 
> > > <deployment xmlns="http://xml.apache.org/axis/wsdd/"
> > >             
> > xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
> > >          
> > > <globalConfiguration >
> > > 	<requestFlow>
> > > 		<handler 
> > type="java:org.apache.ws.axis.security.WSDoAllSender" >
> > >   			<parameter name="action" 
> > value="UsernameTokenSignature" />
> > > 	   		<parameter name="passwordCallbackClass" 
> > value="net.weg.service.PWCallback.java" />
> > > 		</handler>
> > > 	</requestFlow>
> > > </globalConfiguration>  
> > > 
> > > <transport name="java" 
> > pivot="java:org.apache.axis.transport.java.JavaSender"/>
> > > <transport name="http" 
> > pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> > > <transport name="local" 
> > pivot="java:org.apache.axis.transport.local.LocalSender"/>
> > >  
> > > </deployment>
> > > 
> > > and thats a part of my client:
> > > 
> > > 		PWCallback pwCallback = new PWCallback();
> > > 		ServiceInterfaceStub axisPort = 
> > (ServiceInterfaceStub)service;
> > > 		
> > > 		axisPort._setProperty(WSHandlerConstants.USER, 
> > usuario); //fixe o usuario
> > > 		
> > axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF,pwCal
> > lback); //fixe a classe //do handler
> > > 
> > > The Message is sent, but hasn't a Header with the 
> > UsenameToken or the Signature.
> > > 
> > > 
> > > For a little bit of help,
> > > i'm very gratefully.
> > > 
> > > STEVE
> > > 
> > > 
> > > -----Mensagem original-----
> > > De: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
> > > Enviada em: quarta-feira, 29 de junho de 2005 11:33
> > > Para: Steve Behrendt; fx-dev@ws.apache.org
> > > Assunto: AW: How to configure UsernameTokenSignature
> > > 
> > > 
> > > Steve,
> > > 
> > > AFAIK the Secnario 3a (or 2a?) of the interop scenarios
> > > show ho to use the stuff. 
> > > 
> > > We've not fully tested interop with Microsoft or others.
> > > 
> > > Regards,
> > > Werner
> > > 
> > > 
> > >>-----Ursprüngliche Nachricht-----
> > >>Von: Steve Behrendt [mailto:steve@weg.com.br] 
> > >>Gesendet: Mittwoch, 29. Juni 2005 14:36
> > >>An: fx-dev@ws.apache.org
> > >>Betreff: RES: How to configure UsernameTokenSignature
> > >>
> > >>
> > >>Hi,
> > >>
> > >>Is there now an existing implementation of the 
> > >>UsernameTokenSignature "Problem"?
> > >>Because my implementation is using only a UsernameToken and I 
> > >>want to implement more security, but without using keys.
> > >>
> > >>Greets,
> > >>Steve
> > >>
> > >>-----Mensagem original-----
> > >>De: Davanum Srinivas [mailto:davanum@gmail.com]
> > >>Enviada em: terça-feira, 21 de junho de 2005 10:53
> > >>Para: Dittmann, Werner
> > >>Cc: Granqvist, Hans; fx-dev@ws.apache.org
> > >>Assunto: Re: How to configure UsernameTokenSignature
> > >>
> > >>
> > >>Hi Werner,
> > >>
> > >>updated the specs directory. Please take a look and let me 
> > know if you
> > >>need something else.
> > >>
> > >>-- dims
> > >>
> > >>On 6/21/05, Dittmann, Werner <werner.dittmann@siemens.com> wrote:
> > >>
> > >>>Hans,
> > >>>
> > >>>are the drafts publicly available? Can't find
> > >>>them on the OASIS WSS pages.
> > >>>
> > >>>Regards,
> > >>>Werner
> > >>>
> > >>>
> > >>>>-----Ursprüngliche Nachricht-----
> > >>>>Von: Granqvist, Hans [mailto:hgranqvist@verisign.com]
> > >>>>Gesendet: Montag, 20. Juni 2005 17:31
> > >>>>An: fx-dev@ws.apache.org
> > >>>>Betreff: RE: How to configure UsernameTokenSignature
> > >>>>
> > >>>>
> > >>>>
> > >>>>><quote>
> > >>>>>The Username Token profile does not currently define a key
> > >>>>>derivation algorithm. The OASIS WSS TC is expected to address
> > >>>>>this issue in a subsequent specification. </quote>
> > >>>>
> > >>>>The latest (March 2005 and onward) WSS 1.1 draft of the
> > >>>>UsernameToken profile defines key derivation in section 4.
> > >>>>
> > >>>>Hans
> > >>>>
> > >>>
> > >>
> > >>-- 
> > >>Davanum Srinivas -http://blogs.cocoondev.org/dims/
> > >>
> > > 
> > > 
> > 
> > 
> 

Mime
View raw message