You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by jing <ta...@nceas.ucsb.edu> on 2011/08/17 01:45:37 UTC
How to get username/password on the service side by using rampart
Hi, everyone:
I am using rampart-1.4 to secure a axis2-1.4 web service.
Here is my setting on client.axis2.xml for rampart:
<module ref="rampart" />
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken Timestamp</items>
<user>wsuser</user>
<passwordCallbackClass>org.kepler.executionWS.client.PWHandlerClient</passwordCallbackClass>
</action>
</parameter>
The PWHandlerClient class will read a property file to set password for
wsuser:
public class PWHandlerClient implements CallbackHandler {
private static final String WS_USER_PROPS =
"conf/UserManagement.properties";
public void handle (Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
String id = pwcb.getIdentifer();
if (id == null)
System.out.println("no users");
//get user info from configuration file
try {
Properties pros = new Properties();
BufferedInputStream prosFile = new
BufferedInputStream(new FileInputStream(WS_USER_PROPS));
pros.load(prosFile);
pwcb.setPassword(pros.getProperty(id));
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
Here is my services.xml about the rampart on my service side:
<module ref="rampart" />
<parameter name="InflowSecurity">
<action>
<items>UsernameToken Timestamp</items>
<passwordCallbackClass>org.kepler.executionWS.PWHandlerServer</passwordCallbackClass>
</action>
</parameter>
The PWHandlerServer class looks like:
public void handle (Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
System.out.println(""+i+"=========== the identifier is
"+pc.getIdentifer());
System.out.println(""+i+"=========== the usag is
"+pc.getUsage());
System.out.println(""+i+"=========== the password is
"+pc.getPassword());
pc.setPassword("wsuserPass");
}
}
System.out.println("reach the end =====!");
}
The output always is:
0=========== the identifier is wsuser
0=========== the usag is 2
0=========== the password is null
reach the end =====!
You see, the service PWHandlerServer couldn't get the password. The
value is null. I have to manually set the password by:
pc.setPassword("wsuserPass");
By the way, the username/password (they wsuser/wsuserPass) was sent to
the service correctly. If i set a different password by:
pc.setPassword("hello") on the service side,my code will get a
WSSecurityException.
My purpose is: if i can get the username/password pair on service side,
I can send this pair to a ldap server to authenticate if the
username/password from client is valid. If it is valid, the operation
will be continue. Otherwise, it stops.
I looked an article on this page:
http://wso2.org/library/3190#Step_3._Engaging_Rampart_and_setting_authentication_information
On service side, it has some code like:
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i< callbacks.length; i++) {
//When the server side need to authenticate the user
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
if(pwcb.getIdentifer().equals("apache")&& pwcb.getPassword().equals("password")) {
//If authentication successful, simply return
return;
} else {
throw new UnsupportedCallbackException(callbacks[i], "check failed");
}
}
}
It seems his code can get the password on service's CallbackHandler.
Do you have any idea why i can't get the password on the service side?
Thank you very much!
Regards,
Jing
By the way, my client code is:
/**
* Constructor
*/
public KeplerExeWSClient(String endPoint, boolean
loadConfigFromJar) throws Exception{
this.loadConfigFromJar = loadConfigFromJar;
options = new Options();
options.setProperty(Constants.Configuration.ENABLE_SWA,
Constants.VALUE_TRUE);
options.setSoapVersionURI(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI);
// Increase the time out when sending large attachments
options.setTimeOutInMilliSeconds(1000000);
EndpointReference epr = new EndpointReference(endPoint);
options.setTo(epr);
if (loadConfigFromJar) {
//System.out.println("load config from jar");
cofigContext =
ConfigurationContextFactory.createDefaultConfigurationContext();
} else {
//System.out.println("load config from file system");
cofigContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(this.axis2ModulePath,
this.axis2xmlPath);
}
}
/**
* Get the status of a workflowRun with given id
* @param workflowRunId
* @return
*/
public String getStatus(String workflowRunId) throws Exception
{
String action = "getStatus";
options.setAction("urn:"+action);
OperationClient keplerWSClient = createOperationClient(options);
MessageContext mc = createMessageWithoutAttach(action,
workflowRunId);
keplerWSClient.addMessageContext(mc);
keplerWSClient.execute(true);
//Let's get the message context for the response
OMElement outputs = getResponseOMElement(keplerWSClient, action);
//get corresponding output
OMElement outputOME = outputs.getFirstChildWithName(new
QName(KEPLER_NAME_SPACE,"return"));
return outputOME.getText();
}
/*
* Creates an OperationClient object
*/
private OperationClient createOperationClient(Options options)
throws Exception
{
ServiceClient sender = new ServiceClient(cofigContext, null);
sender.setOptions(options);
OperationClient keplerWSClient = sender
.createClient(ServiceClient.ANON_OUT_IN_OP);
return keplerWSClient;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org
RE: How to get username/password on the service side by using rampart
Posted by Dipesh Garg <di...@erevmax.com>.
Is any good e-book for Axis2
Dipesh Garg
_____
From: Thilina Mahesh Buddhika [mailto:thilinamb@gmail.com]
Sent: Wednesday, August 17, 2011 2:57 PM
To: java-user@axis.apache.org
Subject: Re: How to get username/password on the service side by using
rampart
Hi Jing,
By looking at the code segments and configurations, I could not identify
anything suspicious. I am not sure whether there is a bug in this particular
version.
Is it possible for you to try this with the latest release (Rampart 1.5.1
and Axis2 1.5.5). Also please try to use the policy based configuration,
because that is the model we encourage users to follow. You can find a
similar scenario in the first sample of under the policy section in the
Rampart distribution.
Thanks,
Thilina
On Wed, Aug 17, 2011 at 5:15 AM, jing <ta...@nceas.ucsb.edu> wrote:
Hi, everyone:
I am using rampart-1.4 to secure a axis2-1.4 web service.
Here is my setting on client.axis2.xml for rampart:
<module ref="rampart" />
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken Timestamp</items>
<user>wsuser</user>
<passwordCallbackClass>org.kepler.executionWS.client.PWHandlerClient</passwo
rdCallbackClass>
</action>
</parameter>
The PWHandlerClient class will read a property file to set password for
wsuser:
public class PWHandlerClient implements CallbackHandler {
private static final String WS_USER_PROPS =
"conf/UserManagement.properties";
public void handle (Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
String id = pwcb.getIdentifer();
if (id == null)
System.out.println("no users");
//get user info from configuration file
try {
Properties pros = new Properties();
BufferedInputStream prosFile = new BufferedInputStream(new
FileInputStream(WS_USER_PROPS));
pros.load(prosFile);
pwcb.setPassword(pros.getProperty(id));
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
}
}
Here is my services.xml about the rampart on my service side:
<module ref="rampart" />
<parameter name="InflowSecurity">
<action>
<items>UsernameToken Timestamp</items>
<passwordCallbackClass>org.kepler.executionWS.PWHandlerServer</passwordCallb
ackClass>
</action>
</parameter>
The PWHandlerServer class looks like:
public void handle (Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
System.out.println(""+i+"=========== the identifier is
"+pc.getIdentifer());
System.out.println(""+i+"=========== the usag is
"+pc.getUsage());
System.out.println(""+i+"=========== the password is
"+pc.getPassword());
pc.setPassword("wsuserPass");
}
}
System.out.println("reach the end =====!");
}
The output always is:
0=========== the identifier is wsuser
0=========== the usag is 2
0=========== the password is null
reach the end =====!
You see, the service PWHandlerServer couldn't get the password. The value is
null. I have to manually set the password by:
pc.setPassword("wsuserPass");
By the way, the username/password (they wsuser/wsuserPass) was sent to the
service correctly. If i set a different password by:
pc.setPassword("hello") on the service side,my code will get a
WSSecurityException.
My purpose is: if i can get the username/password pair on service side, I
can send this pair to a ldap server to authenticate if the username/password
from client is valid. If it is valid, the operation will be continue.
Otherwise, it stops.
I looked an article on this page:
http://wso2.org/library/3190#Step_3._Engaging_Rampart_and_setting_authentica
tion_information
On service side, it has some code like:
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i< callbacks.length; i++) {
//When the server side need to authenticate the user
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
if(pwcb.getIdentifer().equals("apache")&&
pwcb.getPassword().equals("password")) {
//If authentication successful, simply return
return;
} else {
throw new UnsupportedCallbackException(callbacks[i], "check
failed");
}
}
}
It seems his code can get the password on service's CallbackHandler.
Do you have any idea why i can't get the password on the service side?
Thank you very much!
Regards,
Jing
By the way, my client code is:
/**
* Constructor
*/
public KeplerExeWSClient(String endPoint, boolean loadConfigFromJar)
throws Exception{
this.loadConfigFromJar = loadConfigFromJar;
options = new Options();
options.setProperty(Constants.Configuration.ENABLE_SWA,
Constants.VALUE_TRUE);
options.setSoapVersionURI(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI);
// Increase the time out when sending large attachments
options.setTimeOutInMilliSeconds(1000000);
EndpointReference epr = new EndpointReference(endPoint);
options.setTo(epr);
if (loadConfigFromJar) {
//System.out.println("load config from jar");
cofigContext =
ConfigurationContextFactory.createDefaultConfigurationContext();
} else {
//System.out.println("load config from file system");
cofigContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(this.ax
is2ModulePath, this.axis2xmlPath);
}
}
/**
* Get the status of a workflowRun with given id
* @param workflowRunId
* @return
*/
public String getStatus(String workflowRunId) throws Exception
{
String action = "getStatus";
options.setAction("urn:"+action);
OperationClient keplerWSClient = createOperationClient(options);
MessageContext mc = createMessageWithoutAttach(action,
workflowRunId);
keplerWSClient.addMessageContext(mc);
keplerWSClient.execute(true);
//Let's get the message context for the response
OMElement outputs = getResponseOMElement(keplerWSClient, action);
//get corresponding output
OMElement outputOME = outputs.getFirstChildWithName(new
QName(KEPLER_NAME_SPACE,"return"));
return outputOME.getText();
}
/*
* Creates an OperationClient object
*/
private OperationClient createOperationClient(Options options) throws
Exception
{
ServiceClient sender = new ServiceClient(cofigContext, null);
sender.setOptions(options);
OperationClient keplerWSClient = sender
.createClient(ServiceClient.ANON_OUT_IN_OP);
return keplerWSClient;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org
--
Thilina Mahesh Buddhika
http://blog.thilinamb.com
Re: How to get username/password on the service side by using rampart
Posted by Thilina Mahesh Buddhika <th...@gmail.com>.
Hi Jing,
By looking at the code segments and configurations, I could not identify
anything suspicious. I am not sure whether there is a bug in this particular
version.
Is it possible for you to try this with the latest release (Rampart 1.5.1
and Axis2 1.5.5). Also please try to use the policy based configuration,
because that is the model we encourage users to follow. You can find a
similar scenario in the first sample of under the policy section in the
Rampart distribution.
Thanks,
Thilina
On Wed, Aug 17, 2011 at 5:15 AM, jing <ta...@nceas.ucsb.edu> wrote:
> Hi, everyone:
>
> I am using rampart-1.4 to secure a axis2-1.4 web service.
>
> Here is my setting on client.axis2.xml for rampart:
>
> <module ref="rampart" />
> <parameter name="OutflowSecurity">
> <action>
> <items>UsernameToken Timestamp</items>
> <user>wsuser</user>
> <passwordCallbackClass>org.**kepler.executionWS.client.**PWHandlerClient</
> **passwordCallbackClass>
> </action>
> </parameter>
>
> The PWHandlerClient class will read a property file to set password for
> wsuser:
> public class PWHandlerClient implements CallbackHandler {
>
> private static final String WS_USER_PROPS = "conf/UserManagement.**
> properties";
>
>
> public void handle (Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
> String id = pwcb.getIdentifer();
> if (id == null)
> System.out.println("no users");
> //get user info from configuration file
> try {
> Properties pros = new Properties();
> BufferedInputStream prosFile = new BufferedInputStream(new
> FileInputStream(WS_USER_PROPS)**);
> pros.load(prosFile);
> pwcb.setPassword(pros.**getProperty(id));
> } catch (FileNotFoundException e) {
> e.printStackTrace();
> } catch (IOException e) {
> e.printStackTrace();
> } catch (Exception e) {
> e.printStackTrace();
> }
> }
> }
> }
>
>
> Here is my services.xml about the rampart on my service side:
> <module ref="rampart" />
> <parameter name="InflowSecurity">
> <action>
> <items>UsernameToken Timestamp</items>
> <passwordCallbackClass>org.**kepler.executionWS.**PWHandlerServer</**
> passwordCallbackClass>
> </action>
> </parameter>
>
> The PWHandlerServer class looks like:
> public void handle (Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> if (callbacks[i] instanceof WSPasswordCallback) {
> WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
> System.out.println(""+i+"=====**====== the identifier is
> "+pc.getIdentifer());
> System.out.println(""+i+"=====**====== the usag is
> "+pc.getUsage());
> System.out.println(""+i+"=====**====== the password is
> "+pc.getPassword());
> pc.setPassword("wsuserPass");
> }
> }
> System.out.println("reach the end =====!");
> }
>
> The output always is:
> 0=========== the identifier is wsuser
> 0=========== the usag is 2
> 0=========== the password is null
> reach the end =====!
>
> You see, the service PWHandlerServer couldn't get the password. The value
> is null. I have to manually set the password by:
> pc.setPassword("wsuserPass");
>
> By the way, the username/password (they wsuser/wsuserPass) was sent to the
> service correctly. If i set a different password by:
> pc.setPassword("hello") on the service side,my code will get a
> WSSecurityException.
>
>
> My purpose is: if i can get the username/password pair on service side, I
> can send this pair to a ldap server to authenticate if the username/password
> from client is valid. If it is valid, the operation will be continue.
> Otherwise, it stops.
>
> I looked an article on this page:
> http://wso2.org/library/3190#**Step_3._Engaging_Rampart_and_**
> setting_authentication_**information<http://wso2.org/library/3190#Step_3._Engaging_Rampart_and_setting_authentication_information>
> On service side, it has some code like:
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>
> for (int i = 0; i< callbacks.length; i++) {
>
> //When the server side need to authenticate the user
> WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[**i];
>
> if(pwcb.getIdentifer().equals(**"apache")&&
> pwcb.getPassword().equals("**password")) {
> //If authentication successful, simply return
> return;
> } else {
> throw new UnsupportedCallbackException(**callbacks[i],
> "check failed");
> }
>
> }
> }
>
> It seems his code can get the password on service's CallbackHandler.
>
> Do you have any idea why i can't get the password on the service side?
>
> Thank you very much!
>
> Regards,
>
> Jing
>
>
> By the way, my client code is:
> /**
> * Constructor
> */
> public KeplerExeWSClient(String endPoint, boolean loadConfigFromJar)
> throws Exception{
> this.loadConfigFromJar = loadConfigFromJar;
> options = new Options();
> options.setProperty(Constants.**Configuration.ENABLE_SWA,
> Constants.VALUE_TRUE);
> options.setSoapVersionURI(**SOAP11Constants.SOAP_ENVELOPE_**
> NAMESPACE_URI);
> // Increase the time out when sending large attachments
> options.**setTimeOutInMilliSeconds(**1000000);
> EndpointReference epr = new EndpointReference(endPoint);
> options.setTo(epr);
> if (loadConfigFromJar) {
> //System.out.println("load config from jar");
> cofigContext = ConfigurationContextFactory.**
> createDefaultConfigurationCont**ext();
>
> } else {
> //System.out.println("load config from file system");
> cofigContext = ConfigurationContextFactory.**
> createConfigurationContextFrom**FileSystem(this.**axis2ModulePath,
> this.axis2xmlPath);
> }
> }
>
> /**
> * Get the status of a workflowRun with given id
> * @param workflowRunId
> * @return
> */
> public String getStatus(String workflowRunId) throws Exception
> {
> String action = "getStatus";
> options.setAction("urn:"+**action);
> OperationClient keplerWSClient = createOperationClient(options)**;
> MessageContext mc = createMessageWithoutAttach(**action,
> workflowRunId);
> keplerWSClient.**addMessageContext(mc);
> keplerWSClient.execute(true);
>
> //Let's get the message context for the response
> OMElement outputs = getResponseOMElement(**keplerWSClient, action);
> //get corresponding output
> OMElement outputOME = outputs.getFirstChildWithName(**new
> QName(KEPLER_NAME_SPACE,"**return"));
>
> return outputOME.getText();
> }
>
> /*
> * Creates an OperationClient object
> */
> private OperationClient createOperationClient(Options options) throws
> Exception
> {
> ServiceClient sender = new ServiceClient(cofigContext, null);
> sender.setOptions(options);
> OperationClient keplerWSClient = sender
> .createClient(ServiceClient.**ANON_OUT_IN_OP);
> return keplerWSClient;
> }
>
>
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: java-user-unsubscribe@axis.**apache.org<ja...@axis.apache.org>
> For additional commands, e-mail: java-user-help@axis.apache.org
>
>
--
Thilina Mahesh Buddhika
http://blog.thilinamb.com