You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@tuscany.apache.org by Philip Housley <ph...@metavante.eu> on 2009/02/09 10:34:31 UTC
Cannot engage web service security
Hi,
Firstly, sorry about posting on this issue twice, but I didn't get a response last time, and I could really do with getting this going.
I simply cannot make Tuscany driven webservices require security - even when I run the samples which use policies, security is not engaged. The simplest sample for this is helloworld-ws-service-secure. If I build directly from the 1.4 src distro, and then ant run, I get:
C:\src\tuscany-sca-1.4\samples\helloworld-ws-service-secure>ant run
Buildfile: build.xml
run:
[java] 09-Feb-2009 09:33:59 org.apache.tuscany.sca.node.impl.NodeImpl <init>
[java] INFO: Creating node: helloworldws.composite
[java] 09-Feb-2009 09:33:59 org.apache.tuscany.sca.node.impl.NodeImpl configureNode
[java] INFO: Loading contribution: file:/C:/src/tuscany-sca-1.4/samples/helloworld-ws-service-secure/target/sample-helloworld-ws-service-secure.jar
[java] >>>Initializing WSPolicyProcessor
[java] 09-Feb-2009 09:34:00 org.apache.tuscany.sca.node.impl.NodeImpl configureNode
[java] INFO: Loading composite: jar:file:/C:/src/tuscany-sca-1.4/samples/helloworld-ws-service-secure/target/sample-helloworld-ws-service-secure.jar!/helloworldws.composite
[java] 09-Feb-2009 09:34:00 org.apache.tuscany.sca.node.impl.NodeImpl start
[java] INFO: Starting node: helloworldws.composite
[java] - Module validation failed: The system is attempting to engage a module that is not available: rampart
[java] - Module validation failed: The system is attempting to engage a module that is not available: rampart
[java] - No JMS connection factories are defined.Will not listen for any JMS messages
[java] - No JMS connection factories are defined.Will not listen for any JMS messages
[java] 09-Feb-2009 09:34:01 org.apache.tuscany.sca.http.jetty.JettyServer addServletMapping
[java] - No JMS connection factories are defined.Will not listen for any JMS messages
[java] - No JMS connection factories are defined.Will not listen for any JMS messages
[java] INFO: Added Servlet mapping: http://CZC8191YB0:8085/HelloWorldService
[java] 09-Feb-2009 09:34:01 org.apache.tuscany.sca.http.jetty.JettyServer addServletMapping
[java] HelloWorld server started (press enter to shutdown)
[java] INFO: Added Servlet mapping: http://CZC8191YB0:8085/HelloWorldWsPolicyService
If I then call the webservice (using soapUI) I don't need to provide any sort of security information, and yet the service responds. Even a bare request like:
POST http://192.168.2.232:8085/HelloWorldWsPolicyService HTTP/1.1
Content-Type: text/xml;charset=UTF-8
SOAPAction: "urn:getGreetings"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: 192.168.2.232:8085
Content-Length: 277
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:hel="http://helloworld">
<soapenv:Header/>
<soapenv:Body>
<hel:getGreetings>
<hel:name>phil</hel:name>
</hel:getGreetings>
</soapenv:Body>
</soapenv:Envelope>
Is accepted.
The main application I need security for acts the same way, using tomcat instead of jetty, and I've found the same result on Linux as on Windows, so I'm sure it isn't system dependent. I've also tried 1.4 branch head and 1.x branch with no success.
I will gratefully try anything suggested, and can provide any logs etc. Thanks in advance.
Philip Housley
Re: Cannot engage web service security
Posted by Simon Laws <si...@googlemail.com>.
On Tue, Feb 10, 2009 at 4:45 PM, Philip Housley <philip.housley@metavante.eu
> wrote:
> From: Simon Laws [mailto:simonslaws@googlemail.com]
> Sent: 10 February 2009 16:44
> To: user@tuscany.apache.org
> Subject: Re: Cannot engage web service security
>
>
> Quick update on TUSCANY-2824. There was some missing configuration that was
> causing the security handlers to be omitted. I've turned this back on for
> the username/password handlers but there is some underlying problem with the
> WSSecurity handlers when I turn them back on so I'm still looking at that.
>
> I'm making changes in the 1.x codebase. As I get through that are you able
> to pick up the code from there and compile it?
>
> Regards
>
> Simon
>
> ----------
>
> That's fine for me, I can test against any version. I will probably need
> to backport to 1.4, but I should be able to do that myself if I need to.
>
> Thanks for your time,
>
> Phil.
>
Hi Phil
So that was all a bit more painful that I expected. What caused the problem
was that I think we upgrade from Axis 1.3 to Axis 1.4 with our security
disabled so there are a few lurking issues. I've now have a successful build
with security enabled. You need revisions 743002 and 743732 from the 1.x
branch. <http://svn.apache.org/viewcvs?view=rev&rev=743732>
I haven't closed of TUSCANY2824 just yet as the changes I have made leave
two issues unresolved (see the JIRA). I have work rounds for the two issues
but not final resolution.
Let me know how you get on.
Regards
Simon
RE: Cannot engage web service security
Posted by Philip Housley <ph...@metavante.eu>.
From: Simon Laws [mailto:simonslaws@googlemail.com]
Sent: 10 February 2009 16:44
To: user@tuscany.apache.org
Subject: Re: Cannot engage web service security
Quick update on TUSCANY-2824. There was some missing configuration that was causing the security handlers to be omitted. I've turned this back on for the username/password handlers but there is some underlying problem with the WSSecurity handlers when I turn them back on so I'm still looking at that.
I'm making changes in the 1.x codebase. As I get through that are you able to pick up the code from there and compile it?
Regards
Simon
----------
That's fine for me, I can test against any version. I will probably need to backport to 1.4, but I should be able to do that myself if I need to.
Thanks for your time,
Phil.
Re: Cannot engage web service security
Posted by Simon Laws <si...@googlemail.com>.
On Mon, Feb 9, 2009 at 2:04 PM, Philip Housley
<ph...@metavante.eu>wrote:
> From: Simon Laws [mailto:simonslaws@googlemail.com]
> Sent: 09 February 2009 13:45
> To: user@tuscany.apache.org
> Subject: Re: Cannot engage web service security
>
> Ok, thanks Phil. I'm seeing the same here and even the SCA to SCA secure
> test doesn't actually look like it's operating correctly. I'll look into it.
> Can you raise a JIRA so we have a number to track the problem against.
>
> Thanks
>
> Simon
>
> ----------
>
> Created, https://issues.apache.org/jira/browse/TUSCANY-2824
>
> Thanks again, please let me know if there's anything I can do to help.
>
> Phil.
>
Hi Phil
Quick update on TUSCANY-2824. There was some missing configuration that was
causing the security handlers to be omitted. I've turned this back on for
the username/password handlers but there is some underlying problem with the
WSSecurity handlers when I turn them back on so I'm still looking at that.
I'm making changes in the 1.x codebase. As I get through that are you able
to pick up the code from there and compile it?
Regards
Simon
RE: Cannot engage web service security
Posted by Philip Housley <ph...@metavante.eu>.
From: Simon Laws [mailto:simonslaws@googlemail.com]
Sent: 09 February 2009 13:45
To: user@tuscany.apache.org
Subject: Re: Cannot engage web service security
Ok, thanks Phil. I'm seeing the same here and even the SCA to SCA secure test doesn't actually look like it's operating correctly. I'll look into it. Can you raise a JIRA so we have a number to track the problem against.
Thanks
Simon
----------
Created, https://issues.apache.org/jira/browse/TUSCANY-2824
Thanks again, please let me know if there's anything I can do to help.
Phil.
Re: Cannot engage web service security
Posted by Simon Laws <si...@googlemail.com>.
On Mon, Feb 9, 2009 at 10:02 AM, Philip Housley <philip.housley@metavante.eu
> wrote:
> (Outlook cannot deal with mail lists, or proper replies for that matter, so
> trimmed right down.)
>
> From: Simon Laws [mailto:simonslaws@googlemail.com]
> Sent: 09 February 2009 09:57
> To: user@tuscany.apache.org
> Subject: Re: Cannot engage web service security
>
>
> Sorry that you didn't get a response when you posted before. Not sure what
> happened there. Let me run this up and see what happens for me. While I do
> that do you get the same effect if you use the "HelloWorldService" endpoint
> at http://CZC8191YB0:8085/HelloWorldService?
>
> Regards
>
> Simon
>
>
> Exactly the same from the other endpoint. No output from the password
> callback, and no complaints about missing tokens or anything, just the reply
> from the service.
>
> Thanks,
>
> Phil.
>
Ok, thanks Phil. I'm seeing the same here and even the SCA to SCA secure
test doesn't actually look like it's operating correctly. I'll look into it.
Can you raise a JIRA so we have a number to track the problem against.
Thanks
Simon
RE: Cannot engage web service security
Posted by Philip Housley <ph...@metavante.eu>.
(Outlook cannot deal with mail lists, or proper replies for that matter, so trimmed right down.)
From: Simon Laws [mailto:simonslaws@googlemail.com]
Sent: 09 February 2009 09:57
To: user@tuscany.apache.org
Subject: Re: Cannot engage web service security
Sorry that you didn't get a response when you posted before. Not sure what happened there. Let me run this up and see what happens for me. While I do that do you get the same effect if you use the "HelloWorldService" endpoint at http://CZC8191YB0:8085/HelloWorldService?
Regards
Simon
Exactly the same from the other endpoint. No output from the password callback, and no complaints about missing tokens or anything, just the reply from the service.
Thanks,
Phil.
Re: Cannot engage web service security
Posted by Simon Laws <si...@googlemail.com>.
On Mon, Feb 9, 2009 at 9:34 AM, Philip Housley
<ph...@metavante.eu>wrote:
> Hi,
>
> Firstly, sorry about posting on this issue twice, but I didn't get a
> response last time, and I could really do with getting this going.
>
> I simply cannot make Tuscany driven webservices require security - even
> when I run the samples which use policies, security is not engaged. The
> simplest sample for this is helloworld-ws-service-secure. If I build
> directly from the 1.4 src distro, and then ant run, I get:
>
> C:\src\tuscany-sca-1.4\samples\helloworld-ws-service-secure>ant run
> Buildfile: build.xml
>
> run:
> [java] 09-Feb-2009 09:33:59 org.apache.tuscany.sca.node.impl.NodeImpl
> <init>
> [java] INFO: Creating node: helloworldws.composite
> [java] 09-Feb-2009 09:33:59 org.apache.tuscany.sca.node.impl.NodeImpl
> configureNode
> [java] INFO: Loading contribution:
> file:/C:/src/tuscany-sca-1.4/samples/helloworld-ws-service-secure/target/sample-helloworld-ws-service-secure.jar
> [java] >>>Initializing WSPolicyProcessor
> [java] 09-Feb-2009 09:34:00 org.apache.tuscany.sca.node.impl.NodeImpl
> configureNode
> [java] INFO: Loading composite:
> jar:file:/C:/src/tuscany-sca-1.4/samples/helloworld-ws-service-secure/target/sample-helloworld-ws-service-secure.jar!/helloworldws.composite
> [java] 09-Feb-2009 09:34:00 org.apache.tuscany.sca.node.impl.NodeImpl
> start
> [java] INFO: Starting node: helloworldws.composite
> [java] - Module validation failed: The system is attempting to engage a
> module that is not available: rampart
> [java] - Module validation failed: The system is attempting to engage a
> module that is not available: rampart
> [java] - No JMS connection factories are defined.Will not listen for
> any JMS messages
> [java] - No JMS connection factories are defined.Will not listen for
> any JMS messages
> [java] 09-Feb-2009 09:34:01
> org.apache.tuscany.sca.http.jetty.JettyServer addServletMapping
> [java] - No JMS connection factories are defined.Will not listen for
> any JMS messages
> [java] - No JMS connection factories are defined.Will not listen for
> any JMS messages
> [java] INFO: Added Servlet mapping:
> http://CZC8191YB0:8085/HelloWorldService
> [java] 09-Feb-2009 09:34:01
> org.apache.tuscany.sca.http.jetty.JettyServer addServletMapping
> [java] HelloWorld server started (press enter to shutdown)
> [java] INFO: Added Servlet mapping:
> http://CZC8191YB0:8085/HelloWorldWsPolicyService
>
> If I then call the webservice (using soapUI) I don't need to provide any
> sort of security information, and yet the service responds. Even a bare
> request like:
>
> POST http://192.168.2.232:8085/HelloWorldWsPolicyService HTTP/1.1
> Content-Type: text/xml;charset=UTF-8
> SOAPAction: "urn:getGreetings"
> User-Agent: Jakarta Commons-HttpClient/3.1
> Host: 192.168.2.232:8085
> Content-Length: 277
>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:hel="http://helloworld">
> <soapenv:Header/>
> <soapenv:Body>
> <hel:getGreetings>
> <hel:name>phil</hel:name>
> </hel:getGreetings>
> </soapenv:Body>
> </soapenv:Envelope>
>
> Is accepted.
>
> The main application I need security for acts the same way, using tomcat
> instead of jetty, and I've found the same result on Linux as on Windows, so
> I'm sure it isn't system dependent. I've also tried 1.4 branch head and 1.x
> branch with no success.
>
> I will gratefully try anything suggested, and can provide any logs etc.
> Thanks in advance.
>
> Philip Housley
>
>
Hi Philip
Sorry that you didn't get a response when you posted before. Not sure what
happened there. Let me run this up and see what happens for me. While I do
that do you get the same effect if you use the "HelloWorldService" endpoint
at http://CZC8191YB0:8085/HelloWorldService<http://czc8191yb0:8085/HelloWorldService>
?
Regards
Simon