You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Sanjay Gupta <Sa...@billwiseinc.com> on 2009/04/16 21:04:29 UTC
Securing Axis2 REST Style Services
HI,
I have a POJO based services deployed in axis2 and it's working well. I have implememted the basic user/password security using rampart and it's working fine for SOAP calls. I generated the client using wsdl2java.My question is how do I secure the REST style calls. Do I need to do anything special. I need to deploy these services into production soon and any help or pointers would be greatly appreciated.
Thanks
Sanjay
Re: Securing Axis2 REST Style Services
Posted by Ruchith Fernando <ru...@gmail.com>.
BTW ... you can also simply construct a UsernameToken element and
insert the username and password as required and add it to the SOAP
header with the security header, by just using axiom :-)
-Ruchith
On Thu, Apr 23, 2009 at 4:23 AM, Ruchith Fernando
<ru...@gmail.com> wrote:
> Hi Sanjay,
>
> I'm trying to find a place that could throw the NPE in the
> xmlsec-1.4.1 code. I still can't find a problem
> JCEMapper.loadAlgorithms() method is called with an element picked out
> of the config file and it should simply be able to process the rest of
> it without an issue. If we had line numbers it would have been very
> easy to spot the issue.
>
> Can you please try using this jar [1] and see whether you can
> reproduce this error with it? ( hopefully this is compiled with debug
> info).
>
> Thanks,
> Ruchith
>
> 1. http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar
>
> On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta
> <Sa...@billwiseinc.com> wrote:
>> Hi Ruchith,
>> I am using verison 1.4.1.
>> xmlsec-1.4.1.jar
>>
>> Thanks
>> Sanjay
>>
>> -----Original Message-----
>> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
>> Sent: Wednesday, April 22, 2009 7:24 PM
>> To: axis-user@ws.apache.org
>> Subject: Re: Securing Axis2 REST Style Services
>>
>> Hi Sanjay,
>>
>> Which version of Apache xmlsec are you using?
>>
>> Thanks,
>> Ruchith
>>
>> On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta
>> <Sa...@billwiseinc.com> wrote:
>>> Hi Ruchith,
>>> Finally I got authentication working on rest call. I had to comment the db calls in the class that you provided to get past the db connection issue. Thank you so much for helping me out. Even though the authentication is working I get an error. See the stacktrace below. I see a jira for the same issue. Are there any side effect of this error?
>>> Thanks
>>> Sanjay
>>>
>>> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html
>>>
>>>
>>> [FATAL] Bad:
>>> java.lang.NullPointerException
>>> at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
>>> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
>>> at org.apache.xml.security.Init.init(Unknown Source)
>>> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
>>> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
>>> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
>>> at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
>>> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
>>> at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
>>> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
>>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>>> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>>> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>>> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>>> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>> at java.lang.Thread.run(Thread.java:619)
>>> java.lang.NullPointerException
>>> at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
>>> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
>>> at org.apache.xml.security.Init.init(Unknown Source)
>>> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
>>> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
>>> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
>>> at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
>>> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
>>> at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
>>> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
>>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>>> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>>> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>>> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>>> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>> at java.lang.Thread.run(Thread.java:619)
>>> -----Original Message-----
>>> From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
>>> Sent: Sunday, April 19, 2009 10:36 PM
>>> To: axis-user@ws.apache.org
>>> Subject: RE: Securing Axis2 REST Style Services
>>>
>>> Hi Ruchitch,
>>> Please ignore my previous message. The POXSecurityHandler class was not compiled correctly. I had to figure out all the dependencies and copy them to the axis2 lib dir one by one. Painful but I think I have them all now. Now I am stuck on this error. How can I avoid connection the database wso2wsas_db. I think I don't need to this for what I am trying to accomplish. I really appreciate your help.
>>> Thanks
>>> Sanjay
>>>
>>> Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke
>>> SEVERE: Servlet.service() for servlet AxisServlet threw exception
>>> org.hibernate.exception.GenericJDBCException: Cannot open connection
>>> at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
>>> at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
>>> at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
>>> at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
>>> at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426)
>>> at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144)
>>> at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119)
>>> at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57)
>>> at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>> at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301)
>>> at $Proxy4.beginTransaction(Unknown Source)
>>> at org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77)
>>> at org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300)
>>> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93)
>>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>>> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>>> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>>> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>>> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>>> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>> at java.lang.Thread.run(Thread.java:619)
>>> Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found.
>>> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
>>> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
>>> at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source)
>>> at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source)
>>> at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
>>> at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
>>> at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown Source)
>>> at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
>>> at java.sql.DriverManager.getConnection(DriverManager.java:582)
>>> at java.sql.DriverManager.getConnection(DriverManager.java:154)
>>> at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)
>>> at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423)
>>> ... 35 more
>>>
>>> -----Original Message-----
>>> From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
>>> Sent: Sunday, April 19, 2009 8:44 PM
>>> To: axis-user@ws.apache.org
>>> Subject: RE: Securing Axis2 REST Style Services
>>>
>>> Hi Ruchith,
>>> Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and
>>> javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error.
>>>
>>> SEVERE: StandardWrapper.Throwable
>>> java.lang.Error: Unresolved compilation problems:
>>> The import javax.servlet.http cannot be resolved
>>> The import javax.servlet.http cannot be resolved
>>> HttpServletRequest cannot be resolved to a type
>>> HttpServletRequest cannot be resolved to a type
>>> HttpServletResponse cannot be resolved to a type
>>> HttpServletResponse cannot be resolved to a type
>>> HttpServletResponse cannot be resolved
>>>
>>> at org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44)
>>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>>>
>>> I tried unzipping the servlet-api.jar in classes dir and got this error.
>>> SEVERE: Servlet /axis2 threw load() exception
>>> java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet
>>> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104)
>>> at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
>>> at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058)
>>> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364)
>>> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
>>> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
>>> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
>>> at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
>>> at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
>>> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>>> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
>>> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>>> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
>>> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
>>> at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
>>> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
>>> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>>> at org.apache.catalina.core.StandardService.start(StandardService.java:516)
>>> at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
>>> at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
>>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>>>
>>>
>>> I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
>>> Thanks
>>> Sanjay
>>>
>>> -----Original Message-----
>>> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
>>> Sent: Thursday, April 16, 2009 5:52 PM
>>> To: axis-user@ws.apache.org
>>> Subject: Re: Securing Axis2 REST Style Services
>>>
>>> Oops :-)
>>>
>>> Here you go :
>>>
>>> https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
>>>
>>> On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
>>> <Sa...@billwiseinc.com> wrote:
>>>> Hi Ruchith,
>>>> Thanks for the quick reply. Could you please point me to the link that talks about this solutions.
>>>> Thanks
>>>> Sanjay
>>>>
>>>> -----Original Message-----
>>>> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
>>>> Sent: Thursday, April 16, 2009 4:31 PM
>>>> To: axis-user@ws.apache.org
>>>> Subject: Re: Securing Axis2 REST Style Services
>>>>
>>>> Hi,
>>>>
>>>> For the REST style calls you can use HTTPS + Basic Auth
>>>>
>>>> Have a look at this [1] handler from WSO2 WSAS. This will simply add
>>>> the UsernameToken into the SOAP representation of the incoming REST
>>>> request, which will be processed by Rampart (which you have already
>>>> configured).
>>>>
>>>> Thanks,
>>>> Ruchith
>>>>
>>>> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
>>>> <Sa...@billwiseinc.com> wrote:
>>>>> HI,
>>>>>
>>>>> I have a POJO based services deployed in axis2 and it's working well. I have
>>>>> implememted the basic user/password security using rampart and it's working
>>>>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>>>>> how do I secure the REST style calls. Do I need to do anything special. I
>>>>> need to deploy these services into production soon and any help or pointers
>>>>> would be greatly appreciated.
>>>>>
>>>>> Thanks
>>>>>
>>>>> Sanjay
>>>>
>>>>
>>>>
>>>> --
>>>> http://blog.ruchith.org
>>>>
>>>
>>>
>>>
>>> --
>>> http://blog.ruchith.org
>>>
>>
>>
>>
>> --
>> http://blog.ruchith.org
>>
>
>
>
> --
> http://blog.ruchith.org
>
--
http://blog.ruchith.org
Re: Securing Axis2 REST Style Services
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Sanjay,
I'm trying to find a place that could throw the NPE in the
xmlsec-1.4.1 code. I still can't find a problem
JCEMapper.loadAlgorithms() method is called with an element picked out
of the config file and it should simply be able to process the rest of
it without an issue. If we had line numbers it would have been very
easy to spot the issue.
Can you please try using this jar [1] and see whether you can
reproduce this error with it? ( hopefully this is compiled with debug
info).
Thanks,
Ruchith
1. http://dist.wso2.org/maven2/org/apache/santuario/xmlsec/534045-patched/xmlsec-534045-patched.jar
On Wed, Apr 22, 2009 at 11:49 PM, Sanjay Gupta
<Sa...@billwiseinc.com> wrote:
> Hi Ruchith,
> I am using verison 1.4.1.
> xmlsec-1.4.1.jar
>
> Thanks
> Sanjay
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Wednesday, April 22, 2009 7:24 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Hi Sanjay,
>
> Which version of Apache xmlsec are you using?
>
> Thanks,
> Ruchith
>
> On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta
> <Sa...@billwiseinc.com> wrote:
>> Hi Ruchith,
>> Finally I got authentication working on rest call. I had to comment the db calls in the class that you provided to get past the db connection issue. Thank you so much for helping me out. Even though the authentication is working I get an error. See the stacktrace below. I see a jira for the same issue. Are there any side effect of this error?
>> Thanks
>> Sanjay
>>
>> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html
>>
>>
>> [FATAL] Bad:
>> java.lang.NullPointerException
>> at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
>> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
>> at org.apache.xml.security.Init.init(Unknown Source)
>> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
>> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
>> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
>> at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
>> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
>> at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
>> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>> at java.lang.Thread.run(Thread.java:619)
>> java.lang.NullPointerException
>> at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
>> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
>> at org.apache.xml.security.Init.init(Unknown Source)
>> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
>> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
>> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
>> at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
>> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
>> at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
>> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>> at java.lang.Thread.run(Thread.java:619)
>> -----Original Message-----
>> From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
>> Sent: Sunday, April 19, 2009 10:36 PM
>> To: axis-user@ws.apache.org
>> Subject: RE: Securing Axis2 REST Style Services
>>
>> Hi Ruchitch,
>> Please ignore my previous message. The POXSecurityHandler class was not compiled correctly. I had to figure out all the dependencies and copy them to the axis2 lib dir one by one. Painful but I think I have them all now. Now I am stuck on this error. How can I avoid connection the database wso2wsas_db. I think I don't need to this for what I am trying to accomplish. I really appreciate your help.
>> Thanks
>> Sanjay
>>
>> Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke
>> SEVERE: Servlet.service() for servlet AxisServlet threw exception
>> org.hibernate.exception.GenericJDBCException: Cannot open connection
>> at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
>> at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
>> at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
>> at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
>> at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426)
>> at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144)
>> at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119)
>> at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57)
>> at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301)
>> at $Proxy4.beginTransaction(Unknown Source)
>> at org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77)
>> at org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300)
>> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93)
>> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
>> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
>> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
>> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>> at java.lang.Thread.run(Thread.java:619)
>> Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found.
>> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
>> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
>> at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source)
>> at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source)
>> at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
>> at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
>> at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown Source)
>> at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
>> at java.sql.DriverManager.getConnection(DriverManager.java:582)
>> at java.sql.DriverManager.getConnection(DriverManager.java:154)
>> at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)
>> at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423)
>> ... 35 more
>>
>> -----Original Message-----
>> From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
>> Sent: Sunday, April 19, 2009 8:44 PM
>> To: axis-user@ws.apache.org
>> Subject: RE: Securing Axis2 REST Style Services
>>
>> Hi Ruchith,
>> Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and
>> javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error.
>>
>> SEVERE: StandardWrapper.Throwable
>> java.lang.Error: Unresolved compilation problems:
>> The import javax.servlet.http cannot be resolved
>> The import javax.servlet.http cannot be resolved
>> HttpServletRequest cannot be resolved to a type
>> HttpServletRequest cannot be resolved to a type
>> HttpServletResponse cannot be resolved to a type
>> HttpServletResponse cannot be resolved to a type
>> HttpServletResponse cannot be resolved
>>
>> at org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44)
>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>>
>> I tried unzipping the servlet-api.jar in classes dir and got this error.
>> SEVERE: Servlet /axis2 threw load() exception
>> java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet
>> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104)
>> at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
>> at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058)
>> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364)
>> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
>> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
>> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
>> at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
>> at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
>> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
>> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
>> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
>> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
>> at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
>> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
>> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>> at org.apache.catalina.core.StandardService.start(StandardService.java:516)
>> at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
>> at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>>
>>
>> I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
>> Thanks
>> Sanjay
>>
>> -----Original Message-----
>> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
>> Sent: Thursday, April 16, 2009 5:52 PM
>> To: axis-user@ws.apache.org
>> Subject: Re: Securing Axis2 REST Style Services
>>
>> Oops :-)
>>
>> Here you go :
>>
>> https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
>>
>> On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
>> <Sa...@billwiseinc.com> wrote:
>>> Hi Ruchith,
>>> Thanks for the quick reply. Could you please point me to the link that talks about this solutions.
>>> Thanks
>>> Sanjay
>>>
>>> -----Original Message-----
>>> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
>>> Sent: Thursday, April 16, 2009 4:31 PM
>>> To: axis-user@ws.apache.org
>>> Subject: Re: Securing Axis2 REST Style Services
>>>
>>> Hi,
>>>
>>> For the REST style calls you can use HTTPS + Basic Auth
>>>
>>> Have a look at this [1] handler from WSO2 WSAS. This will simply add
>>> the UsernameToken into the SOAP representation of the incoming REST
>>> request, which will be processed by Rampart (which you have already
>>> configured).
>>>
>>> Thanks,
>>> Ruchith
>>>
>>> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
>>> <Sa...@billwiseinc.com> wrote:
>>>> HI,
>>>>
>>>> I have a POJO based services deployed in axis2 and it's working well. I have
>>>> implememted the basic user/password security using rampart and it's working
>>>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>>>> how do I secure the REST style calls. Do I need to do anything special. I
>>>> need to deploy these services into production soon and any help or pointers
>>>> would be greatly appreciated.
>>>>
>>>> Thanks
>>>>
>>>> Sanjay
>>>
>>>
>>>
>>> --
>>> http://blog.ruchith.org
>>>
>>
>>
>>
>> --
>> http://blog.ruchith.org
>>
>
>
>
> --
> http://blog.ruchith.org
>
--
http://blog.ruchith.org
RE: Securing Axis2 REST Style Services
Posted by Sanjay Gupta <Sa...@billwiseinc.com>.
Hi Ruchith,
I am using verison 1.4.1.
xmlsec-1.4.1.jar
Thanks
Sanjay
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Wednesday, April 22, 2009 7:24 PM
To: axis-user@ws.apache.org
Subject: Re: Securing Axis2 REST Style Services
Hi Sanjay,
Which version of Apache xmlsec are you using?
Thanks,
Ruchith
On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta
<Sa...@billwiseinc.com> wrote:
> Hi Ruchith,
> Finally I got authentication working on rest call. I had to comment the db calls in the class that you provided to get past the db connection issue. Thank you so much for helping me out. Even though the authentication is working I get an error. See the stacktrace below. I see a jira for the same issue. Are there any side effect of this error?
> Thanks
> Sanjay
>
> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html
>
>
> [FATAL] Bad:
> java.lang.NullPointerException
> at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
> at org.apache.xml.security.Init.init(Unknown Source)
> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
> at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
> at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:619)
> java.lang.NullPointerException
> at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
> at org.apache.xml.security.Init.init(Unknown Source)
> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
> at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
> at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:619)
> -----Original Message-----
> From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
> Sent: Sunday, April 19, 2009 10:36 PM
> To: axis-user@ws.apache.org
> Subject: RE: Securing Axis2 REST Style Services
>
> Hi Ruchitch,
> Please ignore my previous message. The POXSecurityHandler class was not compiled correctly. I had to figure out all the dependencies and copy them to the axis2 lib dir one by one. Painful but I think I have them all now. Now I am stuck on this error. How can I avoid connection the database wso2wsas_db. I think I don't need to this for what I am trying to accomplish. I really appreciate your help.
> Thanks
> Sanjay
>
> Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke
> SEVERE: Servlet.service() for servlet AxisServlet threw exception
> org.hibernate.exception.GenericJDBCException: Cannot open connection
> at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
> at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
> at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
> at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
> at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426)
> at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144)
> at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119)
> at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57)
> at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301)
> at $Proxy4.beginTransaction(Unknown Source)
> at org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77)
> at org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300)
> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found.
> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
> at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source)
> at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source)
> at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
> at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
> at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown Source)
> at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
> at java.sql.DriverManager.getConnection(DriverManager.java:582)
> at java.sql.DriverManager.getConnection(DriverManager.java:154)
> at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)
> at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423)
> ... 35 more
>
> -----Original Message-----
> From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
> Sent: Sunday, April 19, 2009 8:44 PM
> To: axis-user@ws.apache.org
> Subject: RE: Securing Axis2 REST Style Services
>
> Hi Ruchith,
> Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and
> javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error.
>
> SEVERE: StandardWrapper.Throwable
> java.lang.Error: Unresolved compilation problems:
> The import javax.servlet.http cannot be resolved
> The import javax.servlet.http cannot be resolved
> HttpServletRequest cannot be resolved to a type
> HttpServletRequest cannot be resolved to a type
> HttpServletResponse cannot be resolved to a type
> HttpServletResponse cannot be resolved to a type
> HttpServletResponse cannot be resolved
>
> at org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>
> I tried unzipping the servlet-api.jar in classes dir and got this error.
> SEVERE: Servlet /axis2 threw load() exception
> java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet
> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104)
> at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
> at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
> at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
> at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> at org.apache.catalina.core.StandardService.start(StandardService.java:516)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>
>
> I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
> Thanks
> Sanjay
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Thursday, April 16, 2009 5:52 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Oops :-)
>
> Here you go :
>
> https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
>
> On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
> <Sa...@billwiseinc.com> wrote:
>> Hi Ruchith,
>> Thanks for the quick reply. Could you please point me to the link that talks about this solutions.
>> Thanks
>> Sanjay
>>
>> -----Original Message-----
>> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
>> Sent: Thursday, April 16, 2009 4:31 PM
>> To: axis-user@ws.apache.org
>> Subject: Re: Securing Axis2 REST Style Services
>>
>> Hi,
>>
>> For the REST style calls you can use HTTPS + Basic Auth
>>
>> Have a look at this [1] handler from WSO2 WSAS. This will simply add
>> the UsernameToken into the SOAP representation of the incoming REST
>> request, which will be processed by Rampart (which you have already
>> configured).
>>
>> Thanks,
>> Ruchith
>>
>> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
>> <Sa...@billwiseinc.com> wrote:
>>> HI,
>>>
>>> I have a POJO based services deployed in axis2 and it's working well. I have
>>> implememted the basic user/password security using rampart and it's working
>>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>>> how do I secure the REST style calls. Do I need to do anything special. I
>>> need to deploy these services into production soon and any help or pointers
>>> would be greatly appreciated.
>>>
>>> Thanks
>>>
>>> Sanjay
>>
>>
>>
>> --
>> http://blog.ruchith.org
>>
>
>
>
> --
> http://blog.ruchith.org
>
--
http://blog.ruchith.org
Re: Securing Axis2 REST Style Services
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Sanjay,
Which version of Apache xmlsec are you using?
Thanks,
Ruchith
On Mon, Apr 20, 2009 at 7:41 PM, Sanjay Gupta
<Sa...@billwiseinc.com> wrote:
> Hi Ruchith,
> Finally I got authentication working on rest call. I had to comment the db calls in the class that you provided to get past the db connection issue. Thank you so much for helping me out. Even though the authentication is working I get an error. See the stacktrace below. I see a jira for the same issue. Are there any side effect of this error?
> Thanks
> Sanjay
>
> http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html
>
>
> [FATAL] Bad:
> java.lang.NullPointerException
> at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
> at org.apache.xml.security.Init.init(Unknown Source)
> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
> at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
> at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:619)
> java.lang.NullPointerException
> at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
> at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
> at org.apache.xml.security.Init.init(Unknown Source)
> at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
> at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
> at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
> at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
> at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
> at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:619)
> -----Original Message-----
> From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
> Sent: Sunday, April 19, 2009 10:36 PM
> To: axis-user@ws.apache.org
> Subject: RE: Securing Axis2 REST Style Services
>
> Hi Ruchitch,
> Please ignore my previous message. The POXSecurityHandler class was not compiled correctly. I had to figure out all the dependencies and copy them to the axis2 lib dir one by one. Painful but I think I have them all now. Now I am stuck on this error. How can I avoid connection the database wso2wsas_db. I think I don't need to this for what I am trying to accomplish. I really appreciate your help.
> Thanks
> Sanjay
>
> Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke
> SEVERE: Servlet.service() for servlet AxisServlet threw exception
> org.hibernate.exception.GenericJDBCException: Cannot open connection
> at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
> at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
> at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
> at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
> at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426)
> at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144)
> at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119)
> at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57)
> at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301)
> at $Proxy4.beginTransaction(Unknown Source)
> at org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77)
> at org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300)
> at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
> at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
> at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
> at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found.
> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
> at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
> at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source)
> at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source)
> at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
> at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
> at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown Source)
> at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
> at java.sql.DriverManager.getConnection(DriverManager.java:582)
> at java.sql.DriverManager.getConnection(DriverManager.java:154)
> at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)
> at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423)
> ... 35 more
>
> -----Original Message-----
> From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
> Sent: Sunday, April 19, 2009 8:44 PM
> To: axis-user@ws.apache.org
> Subject: RE: Securing Axis2 REST Style Services
>
> Hi Ruchith,
> Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and
> javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error.
>
> SEVERE: StandardWrapper.Throwable
> java.lang.Error: Unresolved compilation problems:
> The import javax.servlet.http cannot be resolved
> The import javax.servlet.http cannot be resolved
> HttpServletRequest cannot be resolved to a type
> HttpServletRequest cannot be resolved to a type
> HttpServletResponse cannot be resolved to a type
> HttpServletResponse cannot be resolved to a type
> HttpServletResponse cannot be resolved
>
> at org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>
> I tried unzipping the servlet-api.jar in classes dir and got this error.
> SEVERE: Servlet /axis2 threw load() exception
> java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet
> at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104)
> at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
> at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
> at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
> at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> at org.apache.catalina.core.StandardService.start(StandardService.java:516)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
>
>
> I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
> Thanks
> Sanjay
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Thursday, April 16, 2009 5:52 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Oops :-)
>
> Here you go :
>
> https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
>
> On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
> <Sa...@billwiseinc.com> wrote:
>> Hi Ruchith,
>> Thanks for the quick reply. Could you please point me to the link that talks about this solutions.
>> Thanks
>> Sanjay
>>
>> -----Original Message-----
>> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
>> Sent: Thursday, April 16, 2009 4:31 PM
>> To: axis-user@ws.apache.org
>> Subject: Re: Securing Axis2 REST Style Services
>>
>> Hi,
>>
>> For the REST style calls you can use HTTPS + Basic Auth
>>
>> Have a look at this [1] handler from WSO2 WSAS. This will simply add
>> the UsernameToken into the SOAP representation of the incoming REST
>> request, which will be processed by Rampart (which you have already
>> configured).
>>
>> Thanks,
>> Ruchith
>>
>> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
>> <Sa...@billwiseinc.com> wrote:
>>> HI,
>>>
>>> I have a POJO based services deployed in axis2 and it's working well. I have
>>> implememted the basic user/password security using rampart and it's working
>>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>>> how do I secure the REST style calls. Do I need to do anything special. I
>>> need to deploy these services into production soon and any help or pointers
>>> would be greatly appreciated.
>>>
>>> Thanks
>>>
>>> Sanjay
>>
>>
>>
>> --
>> http://blog.ruchith.org
>>
>
>
>
> --
> http://blog.ruchith.org
>
--
http://blog.ruchith.org
RE: Securing Axis2 REST Style Services
Posted by Sanjay Gupta <Sa...@billwiseinc.com>.
Hi Ruchith,
Finally I got authentication working on rest call. I had to comment the db calls in the class that you provided to get past the db connection issue. Thank you so much for helping me out. Even though the authentication is working I get an error. See the stacktrace below. I see a jira for the same issue. Are there any side effect of this error?
Thanks
Sanjay
http://wso2.org/mailarchive/ds-java-dev/2008-August/001970.html
[FATAL] Bad:
java.lang.NullPointerException
at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
at org.apache.xml.security.Init.init(Unknown Source)
at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
java.lang.NullPointerException
at org.apache.xml.security.algorithms.JCEMapper.loadAlgorithms(Unknown Source)
at org.apache.xml.security.algorithms.JCEMapper.init(Unknown Source)
at org.apache.xml.security.Init.init(Unknown Source)
at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:233)
at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:256)
at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:265)
at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:275)
at org.apache.ws.security.message.WSSecBase.<init>(WSSecBase.java:52)
at org.apache.ws.security.message.WSSecUsernameToken.<init>(WSSecUsernameToken.java:62)
at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:183)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
-----Original Message-----
From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
Sent: Sunday, April 19, 2009 10:36 PM
To: axis-user@ws.apache.org
Subject: RE: Securing Axis2 REST Style Services
Hi Ruchitch,
Please ignore my previous message. The POXSecurityHandler class was not compiled correctly. I had to figure out all the dependencies and copy them to the axis2 lib dir one by one. Painful but I think I have them all now. Now I am stuck on this error. How can I avoid connection the database wso2wsas_db. I think I don't need to this for what I am trying to accomplish. I really appreciate your help.
Thanks
Sanjay
Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet AxisServlet threw exception
org.hibernate.exception.GenericJDBCException: Cannot open connection
at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426)
at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144)
at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119)
at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57)
at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301)
at $Proxy4.beginTransaction(Unknown Source)
at org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77)
at org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300)
at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found.
at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown Source)
at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:154)
at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)
at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423)
... 35 more
-----Original Message-----
From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
Sent: Sunday, April 19, 2009 8:44 PM
To: axis-user@ws.apache.org
Subject: RE: Securing Axis2 REST Style Services
Hi Ruchith,
Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and
javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error.
SEVERE: StandardWrapper.Throwable
java.lang.Error: Unresolved compilation problems:
The import javax.servlet.http cannot be resolved
The import javax.servlet.http cannot be resolved
HttpServletRequest cannot be resolved to a type
HttpServletRequest cannot be resolved to a type
HttpServletResponse cannot be resolved to a type
HttpServletResponse cannot be resolved to a type
HttpServletResponse cannot be resolved
at org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
I tried unzipping the servlet-api.jar in classes dir and got this error.
SEVERE: Servlet /axis2 threw load() exception
java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
Thanks
Sanjay
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Thursday, April 16, 2009 5:52 PM
To: axis-user@ws.apache.org
Subject: Re: Securing Axis2 REST Style Services
Oops :-)
Here you go :
https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
<Sa...@billwiseinc.com> wrote:
> Hi Ruchith,
> Thanks for the quick reply. Could you please point me to the link that talks about this solutions.
> Thanks
> Sanjay
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Thursday, April 16, 2009 4:31 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Hi,
>
> For the REST style calls you can use HTTPS + Basic Auth
>
> Have a look at this [1] handler from WSO2 WSAS. This will simply add
> the UsernameToken into the SOAP representation of the incoming REST
> request, which will be processed by Rampart (which you have already
> configured).
>
> Thanks,
> Ruchith
>
> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
> <Sa...@billwiseinc.com> wrote:
>> HI,
>>
>> I have a POJO based services deployed in axis2 and it's working well. I have
>> implememted the basic user/password security using rampart and it's working
>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>> how do I secure the REST style calls. Do I need to do anything special. I
>> need to deploy these services into production soon and any help or pointers
>> would be greatly appreciated.
>>
>> Thanks
>>
>> Sanjay
>
>
>
> --
> http://blog.ruchith.org
>
--
http://blog.ruchith.org
RE: Securing Axis2 REST Style Services
Posted by Sanjay Gupta <Sa...@billwiseinc.com>.
Hi Ruchitch,
Please ignore my previous message. The POXSecurityHandler class was not compiled correctly. I had to figure out all the dependencies and copy them to the axis2 lib dir one by one. Painful but I think I have them all now. Now I am stuck on this error. How can I avoid connection the database wso2wsas_db. I think I don't need to this for what I am trying to accomplish. I really appreciate your help.
Thanks
Sanjay
Apr 20, 2009 12:30:50 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet AxisServlet threw exception
org.hibernate.exception.GenericJDBCException: Cannot open connection
at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:426)
at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144)
at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119)
at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57)
at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.hibernate.context.ThreadLocalSessionContext$TransactionProtectionWrapper.invoke(ThreadLocalSessionContext.java:301)
at $Proxy4.beginTransaction(Unknown Source)
at org.wso2.wsas.persistence.dao.ServiceDAO.getService(ServiceDAO.java:77)
at org.wso2.wsas.persistence.PersistenceManager.getService(PersistenceManager.java:300)
at org.wso2.wsas.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:93)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.transport.http.util.RESTUtil.invokeAxisEngine(RESTUtil.java:136)
at org.apache.axis2.transport.http.util.RESTUtil.processURLRequest(RESTUtil.java:130)
at org.apache.axis2.transport.http.AxisServlet$RestRequestProcessor.processURLRequest(AxisServlet.java:829)
at org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:255)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: SQL Exception: Database '../database/WSO2WSAS_DB' not found.
at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(Unknown Source)
at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Unknown Source)
at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:154)
at org.hibernate.connection.DriverManagerConnectionProvider.getConnection(DriverManagerConnectionProvider.java:110)
at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423)
... 35 more
-----Original Message-----
From: Sanjay Gupta [mailto:Sanjay.Gupta@billwiseinc.com]
Sent: Sunday, April 19, 2009 8:44 PM
To: axis-user@ws.apache.org
Subject: RE: Securing Axis2 REST Style Services
Hi Ruchith,
Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and
javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error.
SEVERE: StandardWrapper.Throwable
java.lang.Error: Unresolved compilation problems:
The import javax.servlet.http cannot be resolved
The import javax.servlet.http cannot be resolved
HttpServletRequest cannot be resolved to a type
HttpServletRequest cannot be resolved to a type
HttpServletResponse cannot be resolved to a type
HttpServletResponse cannot be resolved to a type
HttpServletResponse cannot be resolved
at org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
I tried unzipping the servlet-api.jar in classes dir and got this error.
SEVERE: Servlet /axis2 threw load() exception
java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
Thanks
Sanjay
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Thursday, April 16, 2009 5:52 PM
To: axis-user@ws.apache.org
Subject: Re: Securing Axis2 REST Style Services
Oops :-)
Here you go :
https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
<Sa...@billwiseinc.com> wrote:
> Hi Ruchith,
> Thanks for the quick reply. Could you please point me to the link that talks about this solutions.
> Thanks
> Sanjay
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Thursday, April 16, 2009 4:31 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Hi,
>
> For the REST style calls you can use HTTPS + Basic Auth
>
> Have a look at this [1] handler from WSO2 WSAS. This will simply add
> the UsernameToken into the SOAP representation of the incoming REST
> request, which will be processed by Rampart (which you have already
> configured).
>
> Thanks,
> Ruchith
>
> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
> <Sa...@billwiseinc.com> wrote:
>> HI,
>>
>> I have a POJO based services deployed in axis2 and it's working well. I have
>> implememted the basic user/password security using rampart and it's working
>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>> how do I secure the REST style calls. Do I need to do anything special. I
>> need to deploy these services into production soon and any help or pointers
>> would be greatly appreciated.
>>
>> Thanks
>>
>> Sanjay
>
>
>
> --
> http://blog.ruchith.org
>
--
http://blog.ruchith.org
RE: Securing Axis2 REST Style Services
Posted by Sanjay Gupta <Sa...@billwiseinc.com>.
Hi Ruchith,
Thanks for proving the class. I am assuming that I needed to add this handler to the transport phase after SOAPActionBasedDispatcher. I was able to find the wso2 dependencies from wso2wsas version 2.3. and able to compile the class by using wso2wsas-core-2.3.jar and wso2utils-2.2.jar files. But I am having trouble when I run it. The program depends javax.servlet.http.HttpServletRequest and
javax.servlet.http.HttpServletResponse classes and they are available in servlet-api.jar in standard tomcat 6.0.18. But for some reason I get this error.
SEVERE: StandardWrapper.Throwable
java.lang.Error: Unresolved compilation problems:
The import javax.servlet.http cannot be resolved
The import javax.servlet.http cannot be resolved
HttpServletRequest cannot be resolved to a type
HttpServletRequest cannot be resolved to a type
HttpServletResponse cannot be resolved to a type
HttpServletResponse cannot be resolved to a type
HttpServletResponse cannot be resolved
at org.wso2.wsas.security.pox.POXSecurityHandler.<init>(POXSecurityHandler.java:44)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
I tried unzipping the servlet-api.jar in classes dir and got this error.
SEVERE: Servlet /axis2 threw load() exception
java.lang.ClassCastException: org.apache.axis2.transport.http.AxisServlet cannot be cast to javax.servlet.Servlet
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1104)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4364)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:924)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:887)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1147)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
I would really appreciate any help. I am using axis2-1.4.1 with rampart 1.4.
Thanks
Sanjay
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Thursday, April 16, 2009 5:52 PM
To: axis-user@ws.apache.org
Subject: Re: Securing Axis2 REST Style Services
Oops :-)
Here you go :
https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
<Sa...@billwiseinc.com> wrote:
> Hi Ruchith,
> Thanks for the quick reply. Could you please point me to the link that talks about this solutions.
> Thanks
> Sanjay
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Thursday, April 16, 2009 4:31 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Hi,
>
> For the REST style calls you can use HTTPS + Basic Auth
>
> Have a look at this [1] handler from WSO2 WSAS. This will simply add
> the UsernameToken into the SOAP representation of the incoming REST
> request, which will be processed by Rampart (which you have already
> configured).
>
> Thanks,
> Ruchith
>
> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
> <Sa...@billwiseinc.com> wrote:
>> HI,
>>
>> I have a POJO based services deployed in axis2 and it's working well. I have
>> implememted the basic user/password security using rampart and it's working
>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>> how do I secure the REST style calls. Do I need to do anything special. I
>> need to deploy these services into production soon and any help or pointers
>> would be greatly appreciated.
>>
>> Thanks
>>
>> Sanjay
>
>
>
> --
> http://blog.ruchith.org
>
--
http://blog.ruchith.org
Re: Securing Axis2 REST Style Services
Posted by Ruchith Fernando <ru...@gmail.com>.
Oops :-)
Here you go :
https://wso2.org/repos/wso2/branches/wsas/java/2.2/wsas/java/modules/core/src/org/wso2/wsas/security/pox/POXSecurityHandler.java
On Thu, Apr 16, 2009 at 8:36 PM, Sanjay Gupta
<Sa...@billwiseinc.com> wrote:
> Hi Ruchith,
> Thanks for the quick reply. Could you please point me to the link that talks about this solutions.
> Thanks
> Sanjay
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
> Sent: Thursday, April 16, 2009 4:31 PM
> To: axis-user@ws.apache.org
> Subject: Re: Securing Axis2 REST Style Services
>
> Hi,
>
> For the REST style calls you can use HTTPS + Basic Auth
>
> Have a look at this [1] handler from WSO2 WSAS. This will simply add
> the UsernameToken into the SOAP representation of the incoming REST
> request, which will be processed by Rampart (which you have already
> configured).
>
> Thanks,
> Ruchith
>
> On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
> <Sa...@billwiseinc.com> wrote:
>> HI,
>>
>> I have a POJO based services deployed in axis2 and it's working well. I have
>> implememted the basic user/password security using rampart and it's working
>> fine for SOAP calls. I generated the client using wsdl2java.My question is
>> how do I secure the REST style calls. Do I need to do anything special. I
>> need to deploy these services into production soon and any help or pointers
>> would be greatly appreciated.
>>
>> Thanks
>>
>> Sanjay
>
>
>
> --
> http://blog.ruchith.org
>
--
http://blog.ruchith.org
RE: Securing Axis2 REST Style Services
Posted by Sanjay Gupta <Sa...@billwiseinc.com>.
Hi Ruchith,
Thanks for the quick reply. Could you please point me to the link that talks about this solutions.
Thanks
Sanjay
-----Original Message-----
From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
Sent: Thursday, April 16, 2009 4:31 PM
To: axis-user@ws.apache.org
Subject: Re: Securing Axis2 REST Style Services
Hi,
For the REST style calls you can use HTTPS + Basic Auth
Have a look at this [1] handler from WSO2 WSAS. This will simply add
the UsernameToken into the SOAP representation of the incoming REST
request, which will be processed by Rampart (which you have already
configured).
Thanks,
Ruchith
On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
<Sa...@billwiseinc.com> wrote:
> HI,
>
> I have a POJO based services deployed in axis2 and it's working well. I have
> implememted the basic user/password security using rampart and it's working
> fine for SOAP calls. I generated the client using wsdl2java.My question is
> how do I secure the REST style calls. Do I need to do anything special. I
> need to deploy these services into production soon and any help or pointers
> would be greatly appreciated.
>
> Thanks
>
> Sanjay
--
http://blog.ruchith.org
Re: Securing Axis2 REST Style Services
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
For the REST style calls you can use HTTPS + Basic Auth
Have a look at this [1] handler from WSO2 WSAS. This will simply add
the UsernameToken into the SOAP representation of the incoming REST
request, which will be processed by Rampart (which you have already
configured).
Thanks,
Ruchith
On Thu, Apr 16, 2009 at 3:04 PM, Sanjay Gupta
<Sa...@billwiseinc.com> wrote:
> HI,
>
> I have a POJO based services deployed in axis2 and it's working well. I have
> implememted the basic user/password security using rampart and it's working
> fine for SOAP calls. I generated the client using wsdl2java.My question is
> how do I secure the REST style calls. Do I need to do anything special. I
> need to deploy these services into production soon and any help or pointers
> would be greatly appreciated.
>
> Thanks
>
> Sanjay
--
http://blog.ruchith.org