You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@tuscany.apache.org by Marina Deslaugiers <ma...@orange-ftgroup.com> on 2008/05/07 14:49:56 UTC
Re: Need help again on binding to external web service with login authentication within Tuscany
Hi Simon,
Thanks for the explanations. I will download and have a look to the
calculator example you mention.
However, I already have seen the sample/helloworld-ws-reference
(service)-secure and I do not know whether and how I can use the
policies they define ; indeed, as I said, I use to bind to a non-SCA
web service - say the web service is not encapsulated in a SCA
component.
So, in this case, can I use the manner you indicate to me ? if yes,
what are the changes to introduce in the policy description
(definitions.xml and/or other files)?
Regards,
Marina.
> samples/helloworld-ws-reference-secure and
> samples/helloworld-ws-service-secure
>
Le 7 mai 08 à 12:13, Simon Laws a écrit :
> On Mon, May 5, 2008 at 4:11 PM, Marina Deslaugiers <
> marina.deslaugiers@orange-ftgroup.com> wrote:
>
>> Hi,
>> Hello,
>>
>> I am coming back to you as I now have to connect to an external web
>> service with user/password authentication and I do not know how
>> this can be
>> done (using policies I guess) in tuscany.
>>
>> I use a coding analogue to the one in the simple HelloWorld Web
>> service
>> example provided (and corrected by you) in
>>
>> * [jira] Commented: (TUSCANY-2268) Exceptions errors on binding
>> toexternal web services*
>>
>> The WSDL of the web service seems to be in "document literal"
>> encoding.
>> However, the web service (accessible at the following URL ttp://
>> 161.105.181.118/xml/SMSEnabler/V2.0/SMSSenderSEI which is
>> different of the
>> one mentioned in the WSDL file) is private to our company so it is
>> not
>> publicly available.
>>
>> Attached to this e-mail is the WSDL file.
>>
>> Can you help me again, please ?
>>
>> thanks.
>>
>> *Regards,*
>> **
>> *Marina.*
>> **
>>
>> **
>> *
>> *
>>
>>
>>
> Hi Marina
>
> The sample samples/calculator-ws-secure-webapp shows some username
> and
> password based authentication. For example, you will note that some
> of the
> references/service require authentication..
>
>
> <component name="CalculatorServiceComponent">
> <implementation.java
> class="calculator.CalculatorServiceImpl"/>
> <reference name="addService" >
> <interface.java interface="calculator.AddService" />
> <binding.ws uri="
> http://localhost:8080/sample-calculator-ws-secure-webapp/
> AddServiceComponent
> "
> requires="authentication" />
> </reference>
>
> ....
>
> <component name="AddServiceComponent">
> <implementation.java class="calculator.AddServiceImpl"/>
> <service name="AddService">
> <interface.java interface="calculator.AddService" />
> <binding.ws requires="authentication"/>
> </service>
>
>
> In this case the definitions.xml file defines service and reference
> policy
> sets that implement this intent as follows
>
> <sca:policySet name="calc:wsAuthenticationPolicy"
> provides="sca:authentication"
> appliesTo="sca:service/sca:binding.ws"
>>
> <tuscany:wsConfigParam>
> <parameter name="InflowSecurity">
> <action>
> <items>UsernameToken</items>
>
> <passwordCallbackClass>calculator.security.ServerPWCBHandler</
> passwordCallbackClass>
> </action>
> </parameter>
> </tuscany:wsConfigParam>
> </sca:policySet>
>
> <sca:policySet name="calc:wsClientAuthenticationPolicy"
> provides="sca:authentication"
> appliesTo="sca:reference/sca:binding.ws">
> <tuscany:wsConfigParam>
> <parameter name="OutflowSecurity">
> <action>
> <items>UsernameToken</items>
> <user>CalculatorUser</user>
>
> <passwordCallbackClass>calculator.security.ClientPWCBHandler</
> passwordCallbackClass>"
> +
> <passwordType>PasswordText</passwordType>
> </action>
> </parameter>
> </tuscany:wsConfigParam>
> </sca:policySet>
> </component>
>
> These policy sets configure Axis2 to call out to the callback classes
> specified in order to get the username and password to be included
> in the
> soap envelope. There is another, non-webapp, example of this in
> samples/helloworld-ws-reference-secure and
> samples/helloworld-ws-service-secure
>
> Hope that helps
>
> Simon
Re: Need help again on binding to external web service with login authentication within Tuscany
Posted by Marina Deslaugiers <ma...@orange-ftgroup.com>.
Hi,
Thanks very much for you quick answer. Well, the information I get
about that is the following:
- the authentication process on remote web service side is use of
"HTTP Basic Authentication scheme"
"The account information, and more exactly the client application
identifier (i.e clientId) and the password, must be set
in the request HTTP header according to the HTTP Basic
authentication mechanism"
- thru Internet, use the HTTPS protocol is needed
"This HTTP Basic authentication mechanism is used in
conjunction with SSL secure system in order to
protect the data (HTTP Header/Body parts, SOAP message)
from eavesdropping or forgery, as the
user name and password are passed over the network as
cleartext (Base64 encoding in fact)"
Hope this helps.
Regards,
Marina.
Le 7 mai 08 à 14:54, Simon Laws a écrit :
> On Wed, May 7, 2008 at 1:49 PM, Marina Deslaugiers <
> marina.deslaugiers@orange-ftgroup.com> wrote:
>
>> Hi Simon,
>>
>> Thanks for the explanations. I will download and have a look to the
>> calculator example you mention.
>>
>> However, I already have seen the
>> sample/helloworld-ws-reference(service)-secure and I do not know
>> whether
>> and how I can use the policies they define ; indeed, as I said, I
>> use to
>> bind to a non-SCA web service - say the web service is not
>> encapsulated in a
>> SCA component.
>>
>> So, in this case, can I use the manner you indicate to me ? if
>> yes, what
>> are the changes to introduce in the policy description
>> (definitions.xml
>> and/or other files)?
>>
>>
>> Regards,
>> Marina.
>>
>> samples/helloworld-ws-reference-secure and
>>> samples/helloworld-ws-service-secure
>>>
>>>
>>
>>
>> Le 7 mai 08 à 12:13, Simon Laws a écrit :
>>
>>
>> On Mon, May 5, 2008 at 4:11 PM, Marina Deslaugiers <
>>> marina.deslaugiers@orange-ftgroup.com> wrote:
>>>
>>> Hi,
>>>> Hello,
>>>>
>>>> I am coming back to you as I now have to connect to an external web
>>>> service with user/password authentication and I do not know how
>>>> this
>>>> can be
>>>> done (using policies I guess) in tuscany.
>>>>
>>>> I use a coding analogue to the one in the simple HelloWorld Web
>>>> service
>>>> example provided (and corrected by you) in
>>>>
>>>> * [jira] Commented: (TUSCANY-2268) Exceptions errors on binding
>>>> toexternal web services*
>>>>
>>>> The WSDL of the web service seems to be in "document literal"
>>>> encoding.
>>>> However, the web service (accessible at the following URL ttp://
>>>> 161.105.181.118/xml/SMSEnabler/V2.0/SMSSenderSEI which is
>>>> different of
>>>> the
>>>> one mentioned in the WSDL file) is private to our company so it
>>>> is not
>>>> publicly available.
>>>>
>>>> Attached to this e-mail is the WSDL file.
>>>>
>>>> Can you help me again, please ?
>>>>
>>>> thanks.
>>>>
>>>> *Regards,*
>>>> **
>>>> *Marina.*
>>>> **
>>>>
>>>> **
>>>> *
>>>> *
>>>>
>>>>
>>>>
>>>> Hi Marina
>>>
>>> The sample samples/calculator-ws-secure-webapp shows some
>>> username and
>>> password based authentication. For example, you will note that
>>> some of
>>> the
>>> references/service require authentication..
>>>
>>>
>>> <component name="CalculatorServiceComponent">
>>> <implementation.java
>>> class="calculator.CalculatorServiceImpl"/>
>>> <reference name="addService" >
>>> <interface.java interface="calculator.AddService" />
>>> <binding.ws uri="
>>> http://localhost:8080/sample-calculator-ws-secure-webapp/
>>> AddServiceComponent
>>> "
>>> requires="authentication" />
>>> </reference>
>>>
>>> ....
>>>
>>> <component name="AddServiceComponent">
>>> <implementation.java class="calculator.AddServiceImpl"/>
>>> <service name="AddService">
>>> <interface.java interface="calculator.AddService" />
>>> <binding.ws requires="authentication"/>
>>> </service>
>>>
>>>
>>> In this case the definitions.xml file defines service and reference
>>> policy
>>> sets that implement this intent as follows
>>>
>>> <sca:policySet name="calc:wsAuthenticationPolicy"
>>> provides="sca:authentication"
>>> appliesTo="sca:service/sca:binding.ws"
>>>
>>>>
>>>> <tuscany:wsConfigParam>
>>> <parameter name="InflowSecurity">
>>> <action>
>>> <items>UsernameToken</items>
>>>
>>>
>>> <passwordCallbackClass>calculator.security.ServerPWCBHandler</
>>> passwordCallbackClass>
>>> </action>
>>> </parameter>
>>> </tuscany:wsConfigParam>
>>> </sca:policySet>
>>>
>>> <sca:policySet name="calc:wsClientAuthenticationPolicy"
>>> provides="sca:authentication"
>>> appliesTo="sca:reference/sca:binding.ws">
>>> <tuscany:wsConfigParam>
>>> <parameter name="OutflowSecurity">
>>> <action>
>>> <items>UsernameToken</items>
>>> <user>CalculatorUser</user>
>>>
>>>
>>> <passwordCallbackClass>calculator.security.ClientPWCBHandler</
>>> passwordCallbackClass>"
>>> +
>>> <passwordType>PasswordText</passwordType>
>>> </action>
>>> </parameter>
>>> </tuscany:wsConfigParam>
>>> </sca:policySet>
>>> </component>
>>>
>>> These policy sets configure Axis2 to call out to the callback
>>> classes
>>> specified in order to get the username and password to be
>>> included in
>>> the
>>> soap envelope. There is another, non-webapp, example of this in
>>> samples/helloworld-ws-reference-secure and
>>> samples/helloworld-ws-service-secure
>>>
>>> Hope that helps
>>>
>>> Simon
>>>
>>
> In theory you should be able to use the reference side policy to
> configure
> security in order to authenticate with the remove non-sca web service.
> However this depends a lot on how the remote service is expecting
> you to
> authenticate with it. Do you know the details in this case. I have
> to admit
> to not having tried this with an external service so we are both
> learning
> here:-)
>
> Simon
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Marina Deslaugiers <ma...@orange-ftgroup.com>.
Hi,
Yesterday, I put a message as well as two attachement files on the
JIRA issue I have created tuscany-2355 but I did not realize it was
not posted on the user-list. So below it is.
Thanks for your answer (even if I feel you are very busy)
Regards,
Marina.
> Hi,
>
> Following your indications, Simon, I change my composite file to
> take interface details from the WSDL file into account (adding the
> <interface.wsdl interface= ... />".
>
> We proceeded again testing with the person responsible of web
> service "Nursery" support to users.
>
> But, I still get the same error on the namespace:
> " the namespaces used in SOAP BODY are not in conformity with the
> WSDL. Indeed, one can find the value "http://translatewithsms" as
> the "pseudo" namespace _ns_. Replacing that value with the one
> defined in the WSDL say "http://com.osa.mdsp.enabler.sei/SMSEnabler/
> V2_0/SMSSenderSEI", the SOAP frame works"
>
> If any, what mistake have I done ? Can you give me a correction,
> please.
> I attach my modified Composite file and the WSDL file to this post.
>
> Thanks for your help
Le 2 juin 08 à 16:22, Marina Deslaugiers a écrit :
> Hi Simon,
>
> Thank you very much for your help. I will try to understand your
> explanations and to integrate the changes.
> Unfortunately at the moment I am very busy on other staff so I am
> not sure I will get the time required to do that before thursday
> evening.
> BUT I do want to keep in contact with you.
>
> Regarding the HTTP Basic authentication do you plan to add such a
> definition into Tuscany ?
> This type of authentication is MANDATORY for (and the only one
> handled by) the nursery web services we must consider in our
> evaluation.
>>> To do HTTP basic authentication we need a new a new policy
>>> definition. I don't think we have done this yet so I'll
>>> be interested to see if anyone posts here to contradict me.
>
>
>
> Regards,
> Marina.
>
>
> Le 2 juin 08 à 15:44, Simon Laws a écrit :
>
>> On Mon, Jun 2, 2008 at 1:15 PM, Simon Laws
>> <si...@googlemail.com>
>> wrote:
>>
>>> Hi Marina
>>>
>>> I've just been looking at this so some comments in line...
>>>
>>> Simon
>>>
>>>
>>>>
>>>>>> 1) the namespaces used in SOAP BODY are not in conformity
>>>>>> with the
>>>>>> WSDL. Indeed, one can find the value "http://
>>>>>> translatewithsms" as the
>>>>>> "pseudo" namespace _ns_. Replacing that value with the one
>>>>>> defined in
>>>>>> the
>>>>>> WSDL say "http://com.osa.mdsp.enabler.sei/SMSEnabler/V2_0/
>>>>>> SMSSenderSEI",
>>>>>> the SOAP frame works
>>>>>>
>>>>>> Note that I realized that "translatewithsms" is the package
>>>>>> name of my
>>>>>> Eclipse project (containing in particular java client,
>>>>>> interfaces etc.
>>>>>> files).
>>>>>
>>>>>
>>> A. How did you generate the Java interface that you are using to
>>> type the
>>> component reference that refers to this remote service?
>>> B. How do you define the interface of the reference that refers
>>> to the
>>> remote service. Do you use interface.wsdl?
>>>
>>> If you have generated your java interface into the package
>>> "translatewithsms" and you use this to describe the reference
>>> interface (or
>>> is defaults to this) then it will invent the message namespace
>>> based on the
>>> package name I believe.
>>>
>>>
>>>>
>>>>>>
>>>>>> 2) at HTTP level, the web service in the Nursery is
>>>>>> protected by
>>>>>> "Basic Authentication" ; but the "Authorization" header is not
>>>>>> sent by
>>>>>> Tuscany
>>>>>>
>>>>>> (NB: at the current state, we cannot know whether it is
>>>>>> actually a
>>>>>> problem EXCEPT if Tuscany uses pre-emptive authentication
>>>>>> mecanisms
>>>>>>
>>>>>
>>> Yes. You definitions.xml file turns on the WSSecurity
>>> authorization using
>>> the <tuscany:wsConfigParam> element. To do HTTP basic
>>> authentication we need
>>> a new a new policy definition. I don't think we have done this
>>> yet so I'll
>>> be interested to see if anyone posts here to contradict me.
>>>
>>>
>>>
>>>>>> 3) Note that Tuscany sends the authentication
>>>>>> credentials(user/password) using WS-Security that is not taken
>>>>>> into
>>>>>> account
>>>>>> by the Nursery platform. This is not a problem however,
>>>>>> credentials are
>>>>>> not
>>>>>> operate.
>>>>>>
>>>>>> NB: tcpdump files can be opened with WireShark http://
>>>>>> www.wireshark.org/download.html
>>>>>>
>>>>>>
>>> I see. This comes back to replacing wssecurity based
>>> authentication with
>>> HTTP basic authentication.
>>>
>>>
>>>>>>
>>>>>> I might be responsible for these problems as I have probably
>>>>>> made
>>>>>> mistakes
>>>>>> in coding (at least regarding the policy expression). Please
>>>>>> can you
>>>>>> help me
>>>>>> in correcting.
>>>>>>
>>>>>> Thanks you very much.
>>>>>>
>>>>>> Regards,
>>>>>> Marina.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>> Marina
>>
>> I tried a test to help clarrify what I'm talking about in terms of
>> getting
>> the namespace right. I changed a calculator sample I'm using for
>> some other
>> testing to take the namespace from a manually altered WSDL file.
>> This is how
>> I set up the composite.
>>
>> <component name="CalculatorServiceComponent">
>> <implementation.java
>> class="calculator.CalculatorServiceImpl"/>
>> <reference name="addService">
>> <interface.wsdl interface="
>> http://calculator2#wsdl.interface(AddService)"/>
>> <binding.ws uri="http://localhost:8085/AddService"
>> requires="authentication" />
>> </reference>
>> <reference name="subtractService"
>> target="SubtractServiceComponent"/>
>> <reference name="multiplyService"
>> target="MultiplyServiceComponent"/>
>> <reference name="divideService"
>> target="DivideServiceComponent"/>
>> </component>
>>
>> <component name="AddServiceComponent">
>> <implementation.java class="calculator.AddServiceImpl"/>
>> <service name="AddService">
>> <interface.wsdl interface="
>> http://calculator2#wsdl.interface(AddService)" />
>> <binding.ws uri="http://localhost:8085/AddService"
>> requires="authentication"/>
>> </service>
>> </component>
>>
>> The WSDL sits alongside the composite file in the contribution and is
>> automatically parsed by the runtime. Note that I'm telling the
>> reference to
>> take the interface details from the WSDL file with the line
>>
>> <interface.wsdl interface="http://calculator2#wsdl.interface
>> (AddService)"/>
>>
>> This won't fix your HTTP basic authentication problem but should
>> correct the
>> namespace issue.
>>
>> Regards
>>
>> Simon
>
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Marina Deslaugiers <ma...@orange-ftgroup.com>.
Hi Simon,
Thank you very much for your help. I will try to understand your
explanations and to integrate the changes.
Unfortunately at the moment I am very busy on other staff so I am not
sure I will get the time required to do that before thursday evening.
BUT I do want to keep in contact with you.
Regarding the HTTP Basic authentication do you plan to add such a
definition into Tuscany ?
This type of authentication is MANDATORY for (and the only one
handled by) the nursery web services we must consider in our evaluation.
>> To do HTTP basic authentication we need a new a new policy
>> definition. I don't think we have done this yet so I'll
>> be interested to see if anyone posts here to contradict me.
Regards,
Marina.
Le 2 juin 08 à 15:44, Simon Laws a écrit :
> On Mon, Jun 2, 2008 at 1:15 PM, Simon Laws <si...@googlemail.com>
> wrote:
>
>> Hi Marina
>>
>> I've just been looking at this so some comments in line...
>>
>> Simon
>>
>>
>>>
>>>>> 1) the namespaces used in SOAP BODY are not in conformity
>>>>> with the
>>>>> WSDL. Indeed, one can find the value "http://translatewithsms"
>>>>> as the
>>>>> "pseudo" namespace _ns_. Replacing that value with the one
>>>>> defined in
>>>>> the
>>>>> WSDL say "http://com.osa.mdsp.enabler.sei/SMSEnabler/V2_0/
>>>>> SMSSenderSEI",
>>>>> the SOAP frame works
>>>>>
>>>>> Note that I realized that "translatewithsms" is the package
>>>>> name of my
>>>>> Eclipse project (containing in particular java client,
>>>>> interfaces etc.
>>>>> files).
>>>>
>>>>
>> A. How did you generate the Java interface that you are using to
>> type the
>> component reference that refers to this remote service?
>> B. How do you define the interface of the reference that refers to
>> the
>> remote service. Do you use interface.wsdl?
>>
>> If you have generated your java interface into the package
>> "translatewithsms" and you use this to describe the reference
>> interface (or
>> is defaults to this) then it will invent the message namespace
>> based on the
>> package name I believe.
>>
>>
>>>
>>>>>
>>>>> 2) at HTTP level, the web service in the Nursery is
>>>>> protected by
>>>>> "Basic Authentication" ; but the "Authorization" header is not
>>>>> sent by
>>>>> Tuscany
>>>>>
>>>>> (NB: at the current state, we cannot know whether it is
>>>>> actually a
>>>>> problem EXCEPT if Tuscany uses pre-emptive authentication
>>>>> mecanisms
>>>>>
>>>>
>> Yes. You definitions.xml file turns on the WSSecurity
>> authorization using
>> the <tuscany:wsConfigParam> element. To do HTTP basic
>> authentication we need
>> a new a new policy definition. I don't think we have done this yet
>> so I'll
>> be interested to see if anyone posts here to contradict me.
>>
>>
>>
>>>>> 3) Note that Tuscany sends the authentication
>>>>> credentials(user/password) using WS-Security that is not taken
>>>>> into
>>>>> account
>>>>> by the Nursery platform. This is not a problem however,
>>>>> credentials are
>>>>> not
>>>>> operate.
>>>>>
>>>>> NB: tcpdump files can be opened with WireShark http://
>>>>> www.wireshark.org/download.html
>>>>>
>>>>>
>> I see. This comes back to replacing wssecurity based
>> authentication with
>> HTTP basic authentication.
>>
>>
>>>>>
>>>>> I might be responsible for these problems as I have probably made
>>>>> mistakes
>>>>> in coding (at least regarding the policy expression). Please
>>>>> can you
>>>>> help me
>>>>> in correcting.
>>>>>
>>>>> Thanks you very much.
>>>>>
>>>>> Regards,
>>>>> Marina.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
> Marina
>
> I tried a test to help clarrify what I'm talking about in terms of
> getting
> the namespace right. I changed a calculator sample I'm using for
> some other
> testing to take the namespace from a manually altered WSDL file.
> This is how
> I set up the composite.
>
> <component name="CalculatorServiceComponent">
> <implementation.java
> class="calculator.CalculatorServiceImpl"/>
> <reference name="addService">
> <interface.wsdl interface="
> http://calculator2#wsdl.interface(AddService)"/>
> <binding.ws uri="http://localhost:8085/AddService"
> requires="authentication" />
> </reference>
> <reference name="subtractService"
> target="SubtractServiceComponent"/>
> <reference name="multiplyService"
> target="MultiplyServiceComponent"/>
> <reference name="divideService"
> target="DivideServiceComponent"/>
> </component>
>
> <component name="AddServiceComponent">
> <implementation.java class="calculator.AddServiceImpl"/>
> <service name="AddService">
> <interface.wsdl interface="
> http://calculator2#wsdl.interface(AddService)" />
> <binding.ws uri="http://localhost:8085/AddService"
> requires="authentication"/>
> </service>
> </component>
>
> The WSDL sits alongside the composite file in the contribution and is
> automatically parsed by the runtime. Note that I'm telling the
> reference to
> take the interface details from the WSDL file with the line
>
> <interface.wsdl interface="http://calculator2#wsdl.interface
> (AddService)"/>
>
> This won't fix your HTTP basic authentication problem but should
> correct the
> namespace issue.
>
> Regards
>
> Simon
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Simon Laws <si...@googlemail.com>.
On Mon, Jun 2, 2008 at 1:15 PM, Simon Laws <si...@googlemail.com>
wrote:
> Hi Marina
>
> I've just been looking at this so some comments in line...
>
> Simon
>
>
>>
>>>> 1) the namespaces used in SOAP BODY are not in conformity with the
>>>> WSDL. Indeed, one can find the value "http://translatewithsms" as the
>>>> "pseudo" namespace _ns_. Replacing that value with the one defined in
>>>> the
>>>> WSDL say "http://com.osa.mdsp.enabler.sei/SMSEnabler/V2_0/
>>>> SMSSenderSEI",
>>>> the SOAP frame works
>>>>
>>>> Note that I realized that "translatewithsms" is the package name of my
>>>> Eclipse project (containing in particular java client, interfaces etc.
>>>> files).
>>>
>>>
> A. How did you generate the Java interface that you are using to type the
> component reference that refers to this remote service?
> B. How do you define the interface of the reference that refers to the
> remote service. Do you use interface.wsdl?
>
> If you have generated your java interface into the package
> "translatewithsms" and you use this to describe the reference interface (or
> is defaults to this) then it will invent the message namespace based on the
> package name I believe.
>
>
>>
>>>>
>>>> 2) at HTTP level, the web service in the Nursery is protected by
>>>> "Basic Authentication" ; but the "Authorization" header is not sent by
>>>> Tuscany
>>>>
>>>> (NB: at the current state, we cannot know whether it is actually a
>>>> problem EXCEPT if Tuscany uses pre-emptive authentication mecanisms
>>>>
>>>
> Yes. You definitions.xml file turns on the WSSecurity authorization using
> the <tuscany:wsConfigParam> element. To do HTTP basic authentication we need
> a new a new policy definition. I don't think we have done this yet so I'll
> be interested to see if anyone posts here to contradict me.
>
>
>
>>>> 3) Note that Tuscany sends the authentication
>>>> credentials(user/password) using WS-Security that is not taken into
>>>> account
>>>> by the Nursery platform. This is not a problem however, credentials are
>>>> not
>>>> operate.
>>>>
>>>> NB: tcpdump files can be opened with WireShark http://
>>>> www.wireshark.org/download.html
>>>>
>>>>
> I see. This comes back to replacing wssecurity based authentication with
> HTTP basic authentication.
>
>
>>>>
>>>> I might be responsible for these problems as I have probably made
>>>> mistakes
>>>> in coding (at least regarding the policy expression). Please can you
>>>> help me
>>>> in correcting.
>>>>
>>>> Thanks you very much.
>>>>
>>>> Regards,
>>>> Marina.
>>>>
>>>>
>>>>
>>>>
>>>>
Marina
I tried a test to help clarrify what I'm talking about in terms of getting
the namespace right. I changed a calculator sample I'm using for some other
testing to take the namespace from a manually altered WSDL file. This is how
I set up the composite.
<component name="CalculatorServiceComponent">
<implementation.java class="calculator.CalculatorServiceImpl"/>
<reference name="addService">
<interface.wsdl interface="
http://calculator2#wsdl.interface(AddService)"/>
<binding.ws uri="http://localhost:8085/AddService"
requires="authentication" />
</reference>
<reference name="subtractService"
target="SubtractServiceComponent"/>
<reference name="multiplyService"
target="MultiplyServiceComponent"/>
<reference name="divideService" target="DivideServiceComponent"/>
</component>
<component name="AddServiceComponent">
<implementation.java class="calculator.AddServiceImpl"/>
<service name="AddService">
<interface.wsdl interface="
http://calculator2#wsdl.interface(AddService)" />
<binding.ws uri="http://localhost:8085/AddService"
requires="authentication"/>
</service>
</component>
The WSDL sits alongside the composite file in the contribution and is
automatically parsed by the runtime. Note that I'm telling the reference to
take the interface details from the WSDL file with the line
<interface.wsdl interface="http://calculator2#wsdl.interface(AddService)"/>
This won't fix your HTTP basic authentication problem but should correct the
namespace issue.
Regards
Simon
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Simon Laws <si...@googlemail.com>.
Hi Marina
I've just been looking at this so some comments in line...
Simon
>
>>> 1) the namespaces used in SOAP BODY are not in conformity with the
>>> WSDL. Indeed, one can find the value "http://translatewithsms" as the
>>> "pseudo" namespace _ns_. Replacing that value with the one defined in
>>> the
>>> WSDL say "http://com.osa.mdsp.enabler.sei/SMSEnabler/V2_0/SMSSenderSEI",
>>> the SOAP frame works
>>>
>>> Note that I realized that "translatewithsms" is the package name of my
>>> Eclipse project (containing in particular java client, interfaces etc.
>>> files).
>>
>>
A. How did you generate the Java interface that you are using to type the
component reference that refers to this remote service?
B. How do you define the interface of the reference that refers to the
remote service. Do you use interface.wsdl?
If you have generated your java interface into the package
"translatewithsms" and you use this to describe the reference interface (or
is defaults to this) then it will invent the message namespace based on the
package name I believe.
>
>>>
>>> 2) at HTTP level, the web service in the Nursery is protected by
>>> "Basic Authentication" ; but the "Authorization" header is not sent by
>>> Tuscany
>>>
>>> (NB: at the current state, we cannot know whether it is actually a
>>> problem EXCEPT if Tuscany uses pre-emptive authentication mecanisms
>>>
>>
Yes. You definitions.xml file turns on the WSSecurity authorization using
the <tuscany:wsConfigParam> element. To do HTTP basic authentication we need
a new a new policy definition. I don't think we have done this yet so I'll
be interested to see if anyone posts here to contradict me.
>>> 3) Note that Tuscany sends the authentication
>>> credentials(user/password) using WS-Security that is not taken into
>>> account
>>> by the Nursery platform. This is not a problem however, credentials are
>>> not
>>> operate.
>>>
>>> NB: tcpdump files can be opened with WireShark http://
>>> www.wireshark.org/download.html
>>>
>>>
I see. This comes back to replacing wssecurity based authentication with
HTTP basic authentication.
>>>
>>> I might be responsible for these problems as I have probably made
>>> mistakes
>>> in coding (at least regarding the policy expression). Please can you help
>>> me
>>> in correcting.
>>>
>>> Thanks you very much.
>>>
>>> Regards,
>>> Marina.
>>>
>>>
>>>
>>>
>>>
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Marina Deslaugiers <ma...@orange-ftgroup.com>.
Hi Simon,
Thanks. I have just done the JIRA creation.
Regards,
Marina.
>> Hi Marina
>
> Thanks for doing this. The attachments didn't make it through the
> mail list
> unfortunately. Can you open a JIRA (
> http://issues.apache.org/jira/browse/TUSCANY) for this problem and
> attach
> them there. We will then have a more precise way of tracking any
> changes we
> need to make to fix the problems you are seeing. I'm setting up a
> local test
> here so I'll take a look at your definitions.xml file you sent
> previously in
> the mean time.
>
> Regards
>
> Simon
>
Le 30 mai 08 à 12:29, Simon Laws a écrit :
> On Fri, May 30, 2008 at 11:25 AM, Marina Deslaugiers <
> marina.deslaugiers@orange-ftgroup.com> wrote:
>
>> Hi,
>>
>> As planned this morning, we have made directly test with the person
>> responsible of web service "Nursery" support to users.
>>
>> We have detected various problems.
>>
>> I attach (I hope joined files will actually be sent otherwise
>> please let me
>> know) two "sniff" files at the TCP level on communication with the
>> web
>> server "Nursery":
>> - The first one (see Aspen.tcpdump) corresponds to TCP
>> frames sent
>> by Tuscany that does not work
>>
>> - The second one (see Support.tcpdump) corresponds to TCP
>> frames
>> sent by the Nursery support -after modification (correction) of
>> the Tuscany
>> frames- that does work
>>
>>
>>
>> Following are the differences and explanations reported by the person
>> responsible for the Nursery WS support:
>>
>> 1) the namespaces used in SOAP BODY are not in conformity
>> with the
>> WSDL. Indeed, one can find the value "http://translatewithsms" as
>> the
>> "pseudo" namespace _ns_. Replacing that value with the one
>> defined in the
>> WSDL say "http://com.osa.mdsp.enabler.sei/SMSEnabler/V2_0/
>> SMSSenderSEI",
>> the SOAP frame works
>>
>> Note that I realized that "translatewithsms" is the package name
>> of my
>> Eclipse project (containing in particular java client, interfaces
>> etc.
>> files).
>>
>> 2) at HTTP level, the web service in the Nursery is
>> protected by
>> "Basic Authentication" ; but the "Authorization" header is not
>> sent by
>> Tuscany
>>
>> (NB: at the current state, we cannot know whether it is
>> actually a
>> problem EXCEPT if Tuscany uses pre-emptive authentication mecanisms
>>
>> 3) Note that Tuscany sends the authentication
>> credentials(user/password) using WS-Security that is not taken
>> into account
>> by the Nursery platform. This is not a problem however,
>> credentials are not
>> operate.
>>
>> NB: tcpdump files can be opened with WireShark http://
>> www.wireshark.org/download.html
>>
>>
>>
>> I might be responsible for these problems as I have probably made
>> mistakes
>> in coding (at least regarding the policy expression). Please can
>> you help me
>> in correcting.
>>
>> Thanks you very much.
>>
>> Regards,
>> Marina.
>>
>>
>>
>>
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Simon Laws <si...@googlemail.com>.
On Fri, May 30, 2008 at 11:25 AM, Marina Deslaugiers <
marina.deslaugiers@orange-ftgroup.com> wrote:
> Hi,
>
> As planned this morning, we have made directly test with the person
> responsible of web service "Nursery" support to users.
>
> We have detected various problems.
>
> I attach (I hope joined files will actually be sent otherwise please let me
> know) two "sniff" files at the TCP level on communication with the web
> server "Nursery":
> - The first one (see Aspen.tcpdump) corresponds to TCP frames sent
> by Tuscany that does not work
>
> - The second one (see Support.tcpdump) corresponds to TCP frames
> sent by the Nursery support -after modification (correction) of the Tuscany
> frames- that does work
>
>
>
> Following are the differences and explanations reported by the person
> responsible for the Nursery WS support:
>
> 1) the namespaces used in SOAP BODY are not in conformity with the
> WSDL. Indeed, one can find the value "http://translatewithsms" as the
> "pseudo" namespace _ns_. Replacing that value with the one defined in the
> WSDL say "http://com.osa.mdsp.enabler.sei/SMSEnabler/V2_0/SMSSenderSEI",
> the SOAP frame works
>
> Note that I realized that "translatewithsms" is the package name of my
> Eclipse project (containing in particular java client, interfaces etc.
> files).
>
> 2) at HTTP level, the web service in the Nursery is protected by
> "Basic Authentication" ; but the "Authorization" header is not sent by
> Tuscany
>
> (NB: at the current state, we cannot know whether it is actually a
> problem EXCEPT if Tuscany uses pre-emptive authentication mecanisms
>
> 3) Note that Tuscany sends the authentication
> credentials(user/password) using WS-Security that is not taken into account
> by the Nursery platform. This is not a problem however, credentials are not
> operate.
>
> NB: tcpdump files can be opened with WireShark http://
> www.wireshark.org/download.html
>
>
>
> I might be responsible for these problems as I have probably made mistakes
> in coding (at least regarding the policy expression). Please can you help me
> in correcting.
>
> Thanks you very much.
>
> Regards,
> Marina.
>
>
>
>
>
>
>
>
>
> Le 29 mai 08 à 18:30, Marina Deslaugiers a écrit :
>
>
>> Hi,
>>
>> Thanks for the answer.
>>
>> Hi Marina
>>>
>>> ... We need to collect a bit more information before deciding what to
>>> do. ... So
>>> firstly do you know what the response SOAP message looks like on the
>>> wire.
>>>
>>
>>
>> Well, at the moment, I do not know anything about that. So I have managed
>> to directly test - tomorrow morning - with the person responsible of web
>> service support to users (who uses sniffers). I hope we would be able to get
>> and provide you with the information on the response SOAP message.
>>
>>
>> In the meantime, below are the policy "definitions.xml" file and the
>> ClientPWCBHandler.java file.
>>
>> Also can you show me what you security policy looks like (obviously be
>>> careful not to disclose any confidential information such as real
>>> usernames
>>> or passwords on the mail list)?
>>>
>>>
>>
>>
>> ==========================================
>> definitions.xml file
>>
>> <?xml version="1.0" encoding="ASCII"?>
>> <!--
>> * Licensed to the Apache Software Foundation (ASF) under one
>> * ....
>> * under the License.
>> -->
>> <sca:definitions xmlns="http://www.osoa.org/xmlns/sca/1.0"
>> targetNamespace="http://www.osoa.org/xmlns/sca/1.0
>> "
>> xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"
>> xmlns:tuscany="
>> http://tuscany.apache.org/xmlns/sca/1.0"
>> xmlns:sms="http://sample">
>>
>>
>> <!-- WS Security POLICY SETS -->
>> <sca:policySet name="sms:wsClientAuthenticationPolicy"
>> provides="sca:authentication"
>> appliesTo="sca:reference/sca:binding.ws">
>> <tuscany:wsConfigParam>
>> <parameter name="OutflowSecurity">
>> <action>
>> <items>UsernameToken</items>
>> <user>myUsername</user>
>>
>> <passwordCallbackClass>translatewithsms.ClientPWCBHandler</passwordCallbackClass>"
>> +
>> <passwordType>PasswordText</passwordType>
>> </action>
>> </parameter>
>> </tuscany:wsConfigParam>
>> </sca:policySet>
>>
>> </sca:definitions>
>> ==========================================
>>
>>
>> ==========================================
>> ClientPWCBHandler.java file
>>
>> /*
>> * Licensed to the Apache Software Foundation (ASF) under one
>> * ...
>> * under the License.
>> */
>> package translatewithsms;
>>
>> import java.io.IOException;
>>
>> import javax.security.auth.callback.Callback;
>> import javax.security.auth.callback.CallbackHandler;
>> import javax.security.auth.callback.UnsupportedCallbackException;
>>
>> import org.apache.ws.security.WSPasswordCallback;
>>
>> /**
>> * Sample userid passwd generation class
>> */
>> public class ClientPWCBHandler implements CallbackHandler {
>>
>> public void handle(Callback[] callbacks) throws IOException,
>> UnsupportedCallbackException {
>> System.out.println("*** PASSAGE DANS HANDLE de ClientPWCBHandler");
>> for (int i = 0; i < callbacks.length; i++) {
>> System.out.println("*** Calling Client UserId/Password Handler ....
>> ");
>> WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
>> pwcb.getIdentifer();
>> pwcb.setPassword(""myPassword");
>> }
>> }
>>
>> }
>> ==========================================
>>
>> Regards,
>> Marina.
>>
>>
>> Le 29 mai 08 à 14:42, Simon Laws a écrit :
>>
>> On Thu, May 29, 2008 at 1:19 PM, Marina Deslaugiers <
>>> marina.deslaugiers@orange-ftgroup.com> wrote:
>>>
>>> Hi,
>>>>
>>>> Please can someone URGENTLY help me on my coding (at least provide me
>>>> with
>>>> an analogous example) ?
>>>>
>>>> I provide you with the WSDL file I forgot to send
>>>>
>>>> Thanks
>>>> *Regards,*
>>>> **
>>>> *Marina.*
>>>> *
>>>> *
>>>> **
>>>>
>>>> **
>>>> *
>>>> *
>>>> *
>>>> *
>>>>
>>>> Le 26 mai 08 à 17:15, Marina Deslaugiers a écrit :
>>>>
>>>> Hi,
>>>>
>>>> I am currently trying to connect to the external web service with
>>>> user/password authentication (without HTTPS) I mentioned in my previous
>>>> e-mails.
>>>>
>>>> But I cannot succeed. Can you help me, please. I join composite and
>>>> definitions.xml files.
>>>>
>>>> Following is the error message I get:
>>>>
>>>> ==============================================================
>>>> Warning: Running an XSLT 1.0 stylesheet with an XSLT 2.0 processor
>>>>
>>>> ** Entrez le mode de traduction : fr_en, fr_es, fr_it...
>>>> ** Entrez le texte a traduire
>>>> bonjour Monsieur
>>>> lang= text= bonjour Monsieur
>>>> lang=
>>>> langue non indiquee par console
>>>> positionnement langue par Property Tuscany= fr_en
>>>> le texte= bonjour Monsieur
>>>> texte traduit= traduction impossible probleme serveur Web
>>>> messagingWS injecte
>>>> CONTENU DU SMSETO CREE = traduction impossible probleme serveur Web
>>>> WS messaging appele
>>>> *** PASSAGE DANS HANDLE de ClientPWCBHandler
>>>> *** Calling Client UserId/Password Handler ....
>>>> org.apache.axis2.AxisFault: Policy Falsified
>>>> at
>>>>
>>>> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
>>>> at
>>>>
>>>> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
>>>> at
>>>>
>>>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
>>>> at
>>>>
>>>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
>>>> at
>>>>
>>>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invokeTarget(Axis2BindingInvoker.java:101)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invoke(Axis2BindingInvoker.java:76)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.core.databinding.wire.DataTransformationInterceptor.invoke(DataTransformationInterceptor.java:74)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:249)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:146)
>>>> at $Proxy11.sendSMS(Unknown Source)
>>>> at translatewithsms.MessagingImpl.sendSMS(MessagingImpl.java:45)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>>>> at java.lang.reflect.Method.invoke(Unknown Source)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementationInvoker.invoke(JavaImplementationInvoker.java:105)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:249)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:146)
>>>> at $Proxy9.sendSMS(Unknown Source)
>>>> at
>>>>
>>>> translatewithsms.TranslatorwithsmsImpl.translateAndSendSMS(TranslatorwithsmsImpl.java:39)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>>>> at java.lang.reflect.Method.invoke(Unknown Source)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementationInvoker.invoke(JavaImplementationInvoker.java:105)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:249)
>>>> at
>>>>
>>>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:146)
>>>> at $Proxy7.translateAndSendSMS(Unknown Source)
>>>> at
>>>>
>>>> translatewithsms.TranslatorwithsmsClient.main(TranslatorwithsmsClient.java:28)
>>>> Retour d'envoi du SMS : null
>>>> ==============================================================
>>>>
>>>> Regards,
>>>> Marina.
>>>>
>>>> <WSmediawebtranslatorwebsms.composite>
>>>>
>>>> <definitions.xml>
>>>>
>>>>
>>>>
>>>> Le 7 mai 08 à 14:54, Simon Laws a écrit :
>>>>
>>>> On Wed, May 7, 2008 at 1:49 PM, Marina Deslaugiers <
>>>> marina.deslaugiers@orange-ftgroup.com> wrote:
>>>>
>>>> Hi Simon,
>>>>
>>>> Thanks for the explanations. I will download and have a look to the
>>>> calculator example you mention.
>>>>
>>>> However, I already have seen the
>>>> sample/helloworld-ws-reference(service)-secure and I do not know
>>>> whether
>>>> and how I can use the policies they define ; indeed, as I said, I use to
>>>> bind to a non-SCA web service - say the web service is not encapsulated
>>>> in
>>>> a
>>>> SCA component.
>>>>
>>>> So, in this case, can I use the manner you indicate to me ? if yes, what
>>>> are the changes to introduce in the policy description (definitions.xml
>>>> and/or other files)?
>>>>
>>>>
>>>> Regards,
>>>> Marina.
>>>>
>>>> samples/helloworld-ws-reference-secure and
>>>>
>>>> samples/helloworld-ws-service-secure
>>>>
>>>>
>>>>
>>>>
>>>> Le 7 mai 08 à 12:13, Simon Laws a écrit :
>>>>
>>>>
>>>> On Mon, May 5, 2008 at 4:11 PM, Marina Deslaugiers <
>>>>
>>>> marina.deslaugiers@orange-ftgroup.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>> Hello,
>>>>
>>>> I am coming back to you as I now have to connect to an external web
>>>> service with user/password authentication and I do not know how this
>>>> can be
>>>> done (using policies I guess) in tuscany.
>>>>
>>>> I use a coding analogue to the one in the simple HelloWorld Web
>>>> service
>>>> example provided (and corrected by you) in
>>>>
>>>> * [jira] Commented: (TUSCANY-2268) Exceptions errors on binding
>>>> toexternal web services*
>>>>
>>>> The WSDL of the web service seems to be in "document literal"
>>>> encoding.
>>>> However, the web service (accessible at the following URL ttp://
>>>> 161.105.181.118/xml/SMSEnabler/V2.0/SMSSenderSEI which is different of
>>>> the
>>>> one mentioned in the WSDL file) is private to our company so it is not
>>>> publicly available.
>>>>
>>>> Attached to this e-mail is the WSDL file.
>>>>
>>>> Can you help me again, please ?
>>>>
>>>> thanks.
>>>>
>>>> *Regards,*
>>>> **
>>>> *Marina.*
>>>> **
>>>>
>>>> **
>>>> *
>>>> *
>>>>
>>>>
>>>>
>>>> Hi Marina
>>>>
>>>>
>>>> The sample samples/calculator-ws-secure-webapp shows some username and
>>>> password based authentication. For example, you will note that some of
>>>> the
>>>> references/service require authentication..
>>>>
>>>>
>>>> <component name="CalculatorServiceComponent">
>>>> <implementation.java class="calculator.CalculatorServiceImpl"/>
>>>> <reference name="addService" >
>>>> <interface.java interface="calculator.AddService" />
>>>> <binding.ws uri="
>>>> http://localhost:8080/sample-calculator-ws-secure-webapp/
>>>> AddServiceComponent
>>>> "
>>>> requires="authentication" />
>>>> </reference>
>>>>
>>>> ....
>>>>
>>>> <component name="AddServiceComponent">
>>>> <implementation.java class="calculator.AddServiceImpl"/>
>>>> <service name="AddService">
>>>> <interface.java interface="calculator.AddService" />
>>>> <binding.ws requires="authentication"/>
>>>> </service>
>>>>
>>>>
>>>> In this case the definitions.xml file defines service and reference
>>>> policy
>>>> sets that implement this intent as follows
>>>>
>>>> <sca:policySet name="calc:wsAuthenticationPolicy"
>>>> provides="sca:authentication"
>>>> appliesTo="sca:service/sca:binding.ws"
>>>>
>>>>
>>>> <tuscany:wsConfigParam>
>>>>
>>>> <parameter name="InflowSecurity">
>>>> <action>
>>>> <items>UsernameToken</items>
>>>>
>>>>
>>>>
>>>>
>>>> <passwordCallbackClass>calculator.security.ServerPWCBHandler</passwordCallbackClass>
>>>> </action>
>>>> </parameter>
>>>> </tuscany:wsConfigParam>
>>>> </sca:policySet>
>>>>
>>>> <sca:policySet name="calc:wsClientAuthenticationPolicy"
>>>> provides="sca:authentication"
>>>> appliesTo="sca:reference/sca:binding.ws">
>>>> <tuscany:wsConfigParam>
>>>> <parameter name="OutflowSecurity">
>>>> <action>
>>>> <items>UsernameToken</items>
>>>> <user>CalculatorUser</user>
>>>>
>>>>
>>>>
>>>>
>>>> <passwordCallbackClass>calculator.security.ClientPWCBHandler</passwordCallbackClass>"
>>>> +
>>>> <passwordType>PasswordText</passwordType>
>>>> </action>
>>>> </parameter>
>>>> </tuscany:wsConfigParam>
>>>> </sca:policySet>
>>>> </component>
>>>>
>>>> These policy sets configure Axis2 to call out to the callback classes
>>>> specified in order to get the username and password to be included in
>>>> the
>>>> soap envelope. There is another, non-webapp, example of this in
>>>> samples/helloworld-ws-reference-secure and
>>>> samples/helloworld-ws-service-secure
>>>>
>>>> Hope that helps
>>>>
>>>> Simon
>>>>
>>>>
>>>> In theory you should be able to use the reference side policy to
>>>> configure
>>>> security in order to authenticate with the remove non-sca web service.
>>>> However this depends a lot on how the remote service is expecting you
>>>> to
>>>> authenticate with it. Do you know the details in this case. I have to
>>>> admit
>>>> to not having tried this with an external service so we are both
>>>> learning
>>>> here:-)
>>>>
>>>> Simon
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Hi Marina
>>>
>>> The error is reporting that a fault is coming back in the response SOAP
>>> message. We need to collect a bit more information before deciding what
>>> to
>>> do. I'm not sure if this is actually the "org.apache.axis2.AxisFault:
>>> Policy
>>> Falsified" error or not as I don't recognize this particular error. So
>>> firstly do you know what the response SOAP message looks like on the
>>> wire.
>>> Also can you show me what you security policy looks like (obviously be
>>> careful not to disclose any confidential information such as real
>>> usernames
>>> or passwords on the mail list)?
>>>
>>> Regards
>>>
>>> Simon
>>>
>>
>>
>
> Hi Marina
Thanks for doing this. The attachments didn't make it through the mail list
unfortunately. Can you open a JIRA (
http://issues.apache.org/jira/browse/TUSCANY) for this problem and attach
them there. We will then have a more precise way of tracking any changes we
need to make to fix the problems you are seeing. I'm setting up a local test
here so I'll take a look at your definitions.xml file you sent previously in
the mean time.
Regards
Simon
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Marina Deslaugiers <ma...@orange-ftgroup.com>.
Hi,
As planned this morning, we have made directly test with the person
responsible of web service "Nursery" support to users.
We have detected various problems.
I attach (I hope joined files will actually be sent otherwise please
let me know) two "sniff" files at the TCP level on communication with
the web server "Nursery":
- The first one (see Aspen.tcpdump) corresponds to TCP
frames sent by Tuscany that does not work
- The second one (see Support.tcpdump) corresponds to TCP
frames sent by the Nursery support -after modification (correction)
of the Tuscany frames- that does work
Following are the differences and explanations reported by the person
responsible for the Nursery WS support:
1) the namespaces used in SOAP BODY are not in conformity
with the WSDL. Indeed, one can find the value "http://
translatewithsms" as the "pseudo" namespace _ns_. Replacing that
value with the one defined in the WSDL say "http://
com.osa.mdsp.enabler.sei/SMSEnabler/V2_0/SMSSenderSEI", the SOAP
frame works
Note that I realized that "translatewithsms" is the package name of
my Eclipse project (containing in particular java client, interfaces
etc. files).
2) at HTTP level, the web service in the Nursery is protected
by "Basic Authentication" ; but the "Authorization" header is not
sent by Tuscany
(NB: at the current state, we cannot know whether it is
actually a problem EXCEPT if Tuscany uses pre-emptive authentication
mecanisms
3) Note that Tuscany sends the authentication credentials
(user/password) using WS-Security that is not taken into account by
the Nursery platform. This is not a problem however, credentials are
not operate.
NB: tcpdump files can be opened with WireShark http://
www.wireshark.org/download.html
I might be responsible for these problems as I have probably made
mistakes in coding (at least regarding the policy expression). Please
can you help me in correcting.
Thanks you very much.
Regards,
Marina.
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Marina Deslaugiers <ma...@orange-ftgroup.com>.
Hi,
Thanks for the answer.
> Hi Marina
>
> ... We need to collect a bit more information before deciding what to
> do. ... So
> firstly do you know what the response SOAP message looks like on
> the wire.
Well, at the moment, I do not know anything about that. So I have
managed to directly test - tomorrow morning - with the person
responsible of web service support to users (who uses sniffers). I
hope we would be able to get and provide you with the information on
the response SOAP message.
In the meantime, below are the policy "definitions.xml" file and the
ClientPWCBHandler.java file.
> Also can you show me what you security policy looks like (obviously be
> careful not to disclose any confidential information such as real
> usernames
> or passwords on the mail list)?
>
==========================================
definitions.xml file
<?xml version="1.0" encoding="ASCII"?>
<!--
* Licensed to the Apache Software Foundation (ASF) under one
* ....
* under the License.
-->
<sca:definitions xmlns="http://www.osoa.org/xmlns/sca/1.0"
targetNamespace="http://www.osoa.org/xmlns/sca/1.0"
xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"
xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"
xmlns:sms="http://sample">
<!-- WS Security POLICY SETS -->
<sca:policySet name="sms:wsClientAuthenticationPolicy"
provides="sca:authentication"
appliesTo="sca:reference/sca:binding.ws">
<tuscany:wsConfigParam>
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken</items>
<user>myUsername</user>
<passwordCallbackClass>translatewithsms.ClientPWCBHandler</
passwordCallbackClass>" +
<passwordType>PasswordText</passwordType>
</action>
</parameter>
</tuscany:wsConfigParam>
</sca:policySet>
</sca:definitions>
==========================================
==========================================
ClientPWCBHandler.java file
/*
* Licensed to the Apache Software Foundation (ASF) under one
* ...
* under the License.
*/
package translatewithsms;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
/**
* Sample userid passwd generation class
*/
public class ClientPWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
System.out.println("*** PASSAGE DANS HANDLE de
ClientPWCBHandler");
for (int i = 0; i < callbacks.length; i++) {
System.out.println("*** Calling Client UserId/Password
Handler .... ");
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
pwcb.getIdentifer();
pwcb.setPassword(""myPassword");
}
}
}
==========================================
Regards,
Marina.
Le 29 mai 08 à 14:42, Simon Laws a écrit :
> On Thu, May 29, 2008 at 1:19 PM, Marina Deslaugiers <
> marina.deslaugiers@orange-ftgroup.com> wrote:
>
>> Hi,
>>
>> Please can someone URGENTLY help me on my coding (at least
>> provide me with
>> an analogous example) ?
>>
>> I provide you with the WSDL file I forgot to send
>>
>> Thanks
>> *Regards,*
>> **
>> *Marina.*
>> *
>> *
>> **
>>
>> **
>> *
>> *
>> *
>> *
>>
>> Le 26 mai 08 à 17:15, Marina Deslaugiers a écrit :
>>
>> Hi,
>>
>> I am currently trying to connect to the external web service with
>> user/password authentication (without HTTPS) I mentioned in my
>> previous
>> e-mails.
>>
>> But I cannot succeed. Can you help me, please. I join composite and
>> definitions.xml files.
>>
>> Following is the error message I get:
>>
>> ==============================================================
>> Warning: Running an XSLT 1.0 stylesheet with an XSLT 2.0 processor
>>
>> ** Entrez le mode de traduction : fr_en, fr_es, fr_it...
>> ** Entrez le texte a traduire
>> bonjour Monsieur
>> lang= text= bonjour Monsieur
>> lang=
>> langue non indiquee par console
>> positionnement langue par Property Tuscany= fr_en
>> le texte= bonjour Monsieur
>> texte traduit= traduction impossible probleme serveur Web
>> messagingWS injecte
>> CONTENU DU SMSETO CREE = traduction impossible probleme serveur Web
>> WS messaging appele
>> *** PASSAGE DANS HANDLE de ClientPWCBHandler
>> *** Calling Client UserId/Password Handler ....
>> org.apache.axis2.AxisFault: Policy Falsified
>> at
>> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext
>> (Utils.java:486)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(
>> OutInAxisOperation.java:343)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.send
>> (OutInAxisOperation.java:389)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl
>> (OutInAxisOperation.java:211)
>> at
>> org.apache.axis2.client.OperationClient.execute
>> (OperationClient.java:163)
>> at
>> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invokeTar
>> get(Axis2BindingInvoker.java:101)
>> at
>> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invoke
>> (Axis2BindingInvoker.java:76)
>> at
>> org.apache.tuscany.sca.core.databinding.wire.DataTransformationInterc
>> eptor.invoke(DataTransformationInterceptor.java:74)
>> at
>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
>> (JDKInvocationHandler.java:249)
>> at
>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
>> (JDKInvocationHandler.java:146)
>> at $Proxy11.sendSMS(Unknown Source)
>> at translatewithsms.MessagingImpl.sendSMS(MessagingImpl.java:45)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>> at java.lang.reflect.Method.invoke(Unknown Source)
>> at
>> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementat
>> ionInvoker.invoke(JavaImplementationInvoker.java:105)
>> at
>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
>> (JDKInvocationHandler.java:249)
>> at
>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
>> (JDKInvocationHandler.java:146)
>> at $Proxy9.sendSMS(Unknown Source)
>> at
>> translatewithsms.TranslatorwithsmsImpl.translateAndSendSMS
>> (TranslatorwithsmsImpl.java:39)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>> at java.lang.reflect.Method.invoke(Unknown Source)
>> at
>> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementat
>> ionInvoker.invoke(JavaImplementationInvoker.java:105)
>> at
>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
>> (JDKInvocationHandler.java:249)
>> at
>> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
>> (JDKInvocationHandler.java:146)
>> at $Proxy7.translateAndSendSMS(Unknown Source)
>> at
>> translatewithsms.TranslatorwithsmsClient.main
>> (TranslatorwithsmsClient.java:28)
>> Retour d'envoi du SMS : null
>> ==============================================================
>>
>> Regards,
>> Marina.
>>
>> <WSmediawebtranslatorwebsms.composite>
>>
>> <definitions.xml>
>>
>>
>>
>> Le 7 mai 08 à 14:54, Simon Laws a écrit :
>>
>> On Wed, May 7, 2008 at 1:49 PM, Marina Deslaugiers <
>> marina.deslaugiers@orange-ftgroup.com> wrote:
>>
>> Hi Simon,
>>
>> Thanks for the explanations. I will download and have a look to the
>> calculator example you mention.
>>
>> However, I already have seen the
>> sample/helloworld-ws-reference(service)-secure and I do not know
>> whether
>> and how I can use the policies they define ; indeed, as I said, I
>> use to
>> bind to a non-SCA web service - say the web service is not
>> encapsulated in
>> a
>> SCA component.
>>
>> So, in this case, can I use the manner you indicate to me ? if
>> yes, what
>> are the changes to introduce in the policy description
>> (definitions.xml
>> and/or other files)?
>>
>>
>> Regards,
>> Marina.
>>
>> samples/helloworld-ws-reference-secure and
>>
>> samples/helloworld-ws-service-secure
>>
>>
>>
>>
>> Le 7 mai 08 à 12:13, Simon Laws a écrit :
>>
>>
>> On Mon, May 5, 2008 at 4:11 PM, Marina Deslaugiers <
>>
>> marina.deslaugiers@orange-ftgroup.com> wrote:
>>
>> Hi,
>>
>> Hello,
>>
>> I am coming back to you as I now have to connect to an external web
>> service with user/password authentication and I do not know how this
>> can be
>> done (using policies I guess) in tuscany.
>>
>> I use a coding analogue to the one in the simple HelloWorld Web
>> service
>> example provided (and corrected by you) in
>>
>> * [jira] Commented: (TUSCANY-2268) Exceptions errors on binding
>> toexternal web services*
>>
>> The WSDL of the web service seems to be in "document literal"
>> encoding.
>> However, the web service (accessible at the following URL ttp://
>> 161.105.181.118/xml/SMSEnabler/V2.0/SMSSenderSEI which is
>> different of
>> the
>> one mentioned in the WSDL file) is private to our company so it is
>> not
>> publicly available.
>>
>> Attached to this e-mail is the WSDL file.
>>
>> Can you help me again, please ?
>>
>> thanks.
>>
>> *Regards,*
>> **
>> *Marina.*
>> **
>>
>> **
>> *
>> *
>>
>>
>>
>> Hi Marina
>>
>>
>> The sample samples/calculator-ws-secure-webapp shows some
>> username and
>> password based authentication. For example, you will note that
>> some of
>> the
>> references/service require authentication..
>>
>>
>> <component name="CalculatorServiceComponent">
>> <implementation.java
>> class="calculator.CalculatorServiceImpl"/>
>> <reference name="addService" >
>> <interface.java interface="calculator.AddService" />
>> <binding.ws uri="
>> http://localhost:8080/sample-calculator-ws-secure-webapp/
>> AddServiceComponent
>> "
>> requires="authentication" />
>> </reference>
>>
>> ....
>>
>> <component name="AddServiceComponent">
>> <implementation.java class="calculator.AddServiceImpl"/>
>> <service name="AddService">
>> <interface.java interface="calculator.AddService" />
>> <binding.ws requires="authentication"/>
>> </service>
>>
>>
>> In this case the definitions.xml file defines service and reference
>> policy
>> sets that implement this intent as follows
>>
>> <sca:policySet name="calc:wsAuthenticationPolicy"
>> provides="sca:authentication"
>> appliesTo="sca:service/sca:binding.ws"
>>
>>
>> <tuscany:wsConfigParam>
>>
>> <parameter name="InflowSecurity">
>> <action>
>> <items>UsernameToken</items>
>>
>>
>>
>> <passwordCallbackClass>calculator.security.ServerPWCBHandler</
>> passwordCallbackClass>
>> </action>
>> </parameter>
>> </tuscany:wsConfigParam>
>> </sca:policySet>
>>
>> <sca:policySet name="calc:wsClientAuthenticationPolicy"
>> provides="sca:authentication"
>> appliesTo="sca:reference/sca:binding.ws">
>> <tuscany:wsConfigParam>
>> <parameter name="OutflowSecurity">
>> <action>
>> <items>UsernameToken</items>
>> <user>CalculatorUser</user>
>>
>>
>>
>> <passwordCallbackClass>calculator.security.ClientPWCBHandler</
>> passwordCallbackClass>"
>> +
>> <passwordType>PasswordText</passwordType>
>> </action>
>> </parameter>
>> </tuscany:wsConfigParam>
>> </sca:policySet>
>> </component>
>>
>> These policy sets configure Axis2 to call out to the callback classes
>> specified in order to get the username and password to be included in
>> the
>> soap envelope. There is another, non-webapp, example of this in
>> samples/helloworld-ws-reference-secure and
>> samples/helloworld-ws-service-secure
>>
>> Hope that helps
>>
>> Simon
>>
>>
>> In theory you should be able to use the reference side policy to
>> configure
>> security in order to authenticate with the remove non-sca web
>> service.
>> However this depends a lot on how the remote service is expecting
>> you to
>> authenticate with it. Do you know the details in this case. I have
>> to admit
>> to not having tried this with an external service so we are both
>> learning
>> here:-)
>>
>> Simon
>>
>>
>>
>>
>>
> Hi Marina
>
> The error is reporting that a fault is coming back in the response
> SOAP
> message. We need to collect a bit more information before deciding
> what to
> do. I'm not sure if this is actually the
> "org.apache.axis2.AxisFault: Policy
> Falsified" error or not as I don't recognize this particular error. So
> firstly do you know what the response SOAP message looks like on
> the wire.
> Also can you show me what you security policy looks like (obviously be
> careful not to disclose any confidential information such as real
> usernames
> or passwords on the mail list)?
>
> Regards
>
> Simon
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Simon Laws <si...@googlemail.com>.
On Thu, May 29, 2008 at 1:19 PM, Marina Deslaugiers <
marina.deslaugiers@orange-ftgroup.com> wrote:
> Hi,
>
> Please can someone URGENTLY help me on my coding (at least provide me with
> an analogous example) ?
>
> I provide you with the WSDL file I forgot to send
>
> Thanks
> *Regards,*
> **
> *Marina.*
> *
> *
> **
>
> **
> *
> *
> *
> *
>
> Le 26 mai 08 à 17:15, Marina Deslaugiers a écrit :
>
> Hi,
>
> I am currently trying to connect to the external web service with
> user/password authentication (without HTTPS) I mentioned in my previous
> e-mails.
>
> But I cannot succeed. Can you help me, please. I join composite and
> definitions.xml files.
>
> Following is the error message I get:
>
> ==============================================================
> Warning: Running an XSLT 1.0 stylesheet with an XSLT 2.0 processor
>
> ** Entrez le mode de traduction : fr_en, fr_es, fr_it...
> ** Entrez le texte a traduire
> bonjour Monsieur
> lang= text= bonjour Monsieur
> lang=
> langue non indiquee par console
> positionnement langue par Property Tuscany= fr_en
> le texte= bonjour Monsieur
> texte traduit= traduction impossible probleme serveur Web
> messagingWS injecte
> CONTENU DU SMSETO CREE = traduction impossible probleme serveur Web
> WS messaging appele
> *** PASSAGE DANS HANDLE de ClientPWCBHandler
> *** Calling Client UserId/Password Handler ....
> org.apache.axis2.AxisFault: Policy Falsified
> at
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
> at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> at
> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invokeTarget(Axis2BindingInvoker.java:101)
> at
> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invoke(Axis2BindingInvoker.java:76)
> at
> org.apache.tuscany.sca.core.databinding.wire.DataTransformationInterceptor.invoke(DataTransformationInterceptor.java:74)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:249)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:146)
> at $Proxy11.sendSMS(Unknown Source)
> at translatewithsms.MessagingImpl.sendSMS(MessagingImpl.java:45)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at
> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementationInvoker.invoke(JavaImplementationInvoker.java:105)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:249)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:146)
> at $Proxy9.sendSMS(Unknown Source)
> at
> translatewithsms.TranslatorwithsmsImpl.translateAndSendSMS(TranslatorwithsmsImpl.java:39)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at
> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementationInvoker.invoke(JavaImplementationInvoker.java:105)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:249)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandler.java:146)
> at $Proxy7.translateAndSendSMS(Unknown Source)
> at
> translatewithsms.TranslatorwithsmsClient.main(TranslatorwithsmsClient.java:28)
> Retour d'envoi du SMS : null
> ==============================================================
>
> Regards,
> Marina.
>
> <WSmediawebtranslatorwebsms.composite>
>
> <definitions.xml>
>
>
>
> Le 7 mai 08 à 14:54, Simon Laws a écrit :
>
> On Wed, May 7, 2008 at 1:49 PM, Marina Deslaugiers <
> marina.deslaugiers@orange-ftgroup.com> wrote:
>
> Hi Simon,
>
> Thanks for the explanations. I will download and have a look to the
> calculator example you mention.
>
> However, I already have seen the
> sample/helloworld-ws-reference(service)-secure and I do not know whether
> and how I can use the policies they define ; indeed, as I said, I use to
> bind to a non-SCA web service - say the web service is not encapsulated in
> a
> SCA component.
>
> So, in this case, can I use the manner you indicate to me ? if yes, what
> are the changes to introduce in the policy description (definitions.xml
> and/or other files)?
>
>
> Regards,
> Marina.
>
> samples/helloworld-ws-reference-secure and
>
> samples/helloworld-ws-service-secure
>
>
>
>
> Le 7 mai 08 à 12:13, Simon Laws a écrit :
>
>
> On Mon, May 5, 2008 at 4:11 PM, Marina Deslaugiers <
>
> marina.deslaugiers@orange-ftgroup.com> wrote:
>
> Hi,
>
> Hello,
>
> I am coming back to you as I now have to connect to an external web
> service with user/password authentication and I do not know how this
> can be
> done (using policies I guess) in tuscany.
>
> I use a coding analogue to the one in the simple HelloWorld Web
> service
> example provided (and corrected by you) in
>
> * [jira] Commented: (TUSCANY-2268) Exceptions errors on binding
> toexternal web services*
>
> The WSDL of the web service seems to be in "document literal"
> encoding.
> However, the web service (accessible at the following URL ttp://
> 161.105.181.118/xml/SMSEnabler/V2.0/SMSSenderSEI which is different of
> the
> one mentioned in the WSDL file) is private to our company so it is not
> publicly available.
>
> Attached to this e-mail is the WSDL file.
>
> Can you help me again, please ?
>
> thanks.
>
> *Regards,*
> **
> *Marina.*
> **
>
> **
> *
> *
>
>
>
> Hi Marina
>
>
> The sample samples/calculator-ws-secure-webapp shows some username and
> password based authentication. For example, you will note that some of
> the
> references/service require authentication..
>
>
> <component name="CalculatorServiceComponent">
> <implementation.java class="calculator.CalculatorServiceImpl"/>
> <reference name="addService" >
> <interface.java interface="calculator.AddService" />
> <binding.ws uri="
> http://localhost:8080/sample-calculator-ws-secure-webapp/
> AddServiceComponent
> "
> requires="authentication" />
> </reference>
>
> ....
>
> <component name="AddServiceComponent">
> <implementation.java class="calculator.AddServiceImpl"/>
> <service name="AddService">
> <interface.java interface="calculator.AddService" />
> <binding.ws requires="authentication"/>
> </service>
>
>
> In this case the definitions.xml file defines service and reference
> policy
> sets that implement this intent as follows
>
> <sca:policySet name="calc:wsAuthenticationPolicy"
> provides="sca:authentication"
> appliesTo="sca:service/sca:binding.ws"
>
>
> <tuscany:wsConfigParam>
>
> <parameter name="InflowSecurity">
> <action>
> <items>UsernameToken</items>
>
>
>
> <passwordCallbackClass>calculator.security.ServerPWCBHandler</passwordCallbackClass>
> </action>
> </parameter>
> </tuscany:wsConfigParam>
> </sca:policySet>
>
> <sca:policySet name="calc:wsClientAuthenticationPolicy"
> provides="sca:authentication"
> appliesTo="sca:reference/sca:binding.ws">
> <tuscany:wsConfigParam>
> <parameter name="OutflowSecurity">
> <action>
> <items>UsernameToken</items>
> <user>CalculatorUser</user>
>
>
>
> <passwordCallbackClass>calculator.security.ClientPWCBHandler</passwordCallbackClass>"
> +
> <passwordType>PasswordText</passwordType>
> </action>
> </parameter>
> </tuscany:wsConfigParam>
> </sca:policySet>
> </component>
>
> These policy sets configure Axis2 to call out to the callback classes
> specified in order to get the username and password to be included in
> the
> soap envelope. There is another, non-webapp, example of this in
> samples/helloworld-ws-reference-secure and
> samples/helloworld-ws-service-secure
>
> Hope that helps
>
> Simon
>
>
> In theory you should be able to use the reference side policy to configure
> security in order to authenticate with the remove non-sca web service.
> However this depends a lot on how the remote service is expecting you to
> authenticate with it. Do you know the details in this case. I have to admit
> to not having tried this with an external service so we are both learning
> here:-)
>
> Simon
>
>
>
>
>
Hi Marina
The error is reporting that a fault is coming back in the response SOAP
message. We need to collect a bit more information before deciding what to
do. I'm not sure if this is actually the "org.apache.axis2.AxisFault: Policy
Falsified" error or not as I don't recognize this particular error. So
firstly do you know what the response SOAP message looks like on the wire.
Also can you show me what you security policy looks like (obviously be
careful not to disclose any confidential information such as real usernames
or passwords on the mail list)?
Regards
Simon
Re: URGENT - CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Marina Deslaugiers <ma...@orange-ftgroup.com>.
Hi,
Please can someone URGENTLY help me on my coding (at least provide
me with an analogous example) ?
I provide you with the WSDL file I forgot to send
Thanks
Regards,
Marina.

Le 26 mai 08 à 17:15, Marina Deslaugiers a écrit :
> Hi,
>
> I am currently trying to connect to the external web service with
> user/password authentication (without HTTPS) I mentioned in my
> previous e-mails.
>
> But I cannot succeed. Can you help me, please. I join composite and
> definitions.xml files.
>
> Following is the error message I get:
>
> ==============================================================
> Warning: Running an XSLT 1.0 stylesheet with an XSLT 2.0 processor
>
> ** Entrez le mode de traduction : fr_en, fr_es, fr_it...
> ** Entrez le texte a traduire
> bonjour Monsieur
> lang= text= bonjour Monsieur
> lang=
> langue non indiquee par console
> positionnement langue par Property Tuscany= fr_en
> le texte= bonjour Monsieur
> texte traduit= traduction impossible probleme serveur Web
> messagingWS injecte
> CONTENU DU SMSETO CREE = traduction impossible probleme serveur Web
> WS messaging appele
> *** PASSAGE DANS HANDLE de ClientPWCBHandler
> *** Calling Client UserId/Password Handler ....
> org.apache.axis2.AxisFault: Policy Falsified
> at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext
> (Utils.java:486)
> at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse
> (OutInAxisOperation.java:343)
> at org.apache.axis2.description.OutInAxisOperationClient.send
> (OutInAxisOperation.java:389)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl
> (OutInAxisOperation.java:211)
> at org.apache.axis2.client.OperationClient.execute
> (OperationClient.java:163)
> at
> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invokeTarg
> et(Axis2BindingInvoker.java:101)
> at
> org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invoke
> (Axis2BindingInvoker.java:76)
> at
> org.apache.tuscany.sca.core.databinding.wire.DataTransformationInterce
> ptor.invoke(DataTransformationInterceptor.java:74)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
> (JDKInvocationHandler.java:249)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
> (JDKInvocationHandler.java:146)
> at $Proxy11.sendSMS(Unknown Source)
> at translatewithsms.MessagingImpl.sendSMS(MessagingImpl.java:45)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at
> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementati
> onInvoker.invoke(JavaImplementationInvoker.java:105)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
> (JDKInvocationHandler.java:249)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
> (JDKInvocationHandler.java:146)
> at $Proxy9.sendSMS(Unknown Source)
> at translatewithsms.TranslatorwithsmsImpl.translateAndSendSMS
> (TranslatorwithsmsImpl.java:39)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at
> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementati
> onInvoker.invoke(JavaImplementationInvoker.java:105)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
> (JDKInvocationHandler.java:249)
> at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
> (JDKInvocationHandler.java:146)
> at $Proxy7.translateAndSendSMS(Unknown Source)
> at translatewithsms.TranslatorwithsmsClient.main
> (TranslatorwithsmsClient.java:28)
> Retour d'envoi du SMS : null
> ==============================================================
>
> Regards,
> Marina.
>
> <WSmediawebtranslatorwebsms.composite>
>
> <definitions.xml>
>
>
>
> Le 7 mai 08 à 14:54, Simon Laws a écrit :
>
>> On Wed, May 7, 2008 at 1:49 PM, Marina Deslaugiers <
>> marina.deslaugiers@orange-ftgroup.com> wrote:
>>
>>> Hi Simon,
>>>
>>> Thanks for the explanations. I will download and have a look to the
>>> calculator example you mention.
>>>
>>> However, I already have seen the
>>> sample/helloworld-ws-reference(service)-secure and I do not know
>>> whether
>>> and how I can use the policies they define ; indeed, as I said, I
>>> use to
>>> bind to a non-SCA web service - say the web service is not
>>> encapsulated in a
>>> SCA component.
>>>
>>> So, in this case, can I use the manner you indicate to me ? if
>>> yes, what
>>> are the changes to introduce in the policy description
>>> (definitions.xml
>>> and/or other files)?
>>>
>>>
>>> Regards,
>>> Marina.
>>>
>>> samples/helloworld-ws-reference-secure and
>>>> samples/helloworld-ws-service-secure
>>>>
>>>>
>>>
>>>
>>> Le 7 mai 08 à 12:13, Simon Laws a écrit :
>>>
>>>
>>> On Mon, May 5, 2008 at 4:11 PM, Marina Deslaugiers <
>>>> marina.deslaugiers@orange-ftgroup.com> wrote:
>>>>
>>>> Hi,
>>>>> Hello,
>>>>>
>>>>> I am coming back to you as I now have to connect to an external
>>>>> web
>>>>> service with user/password authentication and I do not know how
>>>>> this
>>>>> can be
>>>>> done (using policies I guess) in tuscany.
>>>>>
>>>>> I use a coding analogue to the one in the simple HelloWorld Web
>>>>> service
>>>>> example provided (and corrected by you) in
>>>>>
>>>>> * [jira] Commented: (TUSCANY-2268) Exceptions errors on binding
>>>>> toexternal web services*
>>>>>
>>>>> The WSDL of the web service seems to be in "document literal"
>>>>> encoding.
>>>>> However, the web service (accessible at the following URL ttp://
>>>>> 161.105.181.118/xml/SMSEnabler/V2.0/SMSSenderSEI which is
>>>>> different of
>>>>> the
>>>>> one mentioned in the WSDL file) is private to our company so it
>>>>> is not
>>>>> publicly available.
>>>>>
>>>>> Attached to this e-mail is the WSDL file.
>>>>>
>>>>> Can you help me again, please ?
>>>>>
>>>>> thanks.
>>>>>
>>>>> *Regards,*
>>>>> **
>>>>> *Marina.*
>>>>> **
>>>>>
>>>>> **
>>>>> *
>>>>> *
>>>>>
>>>>>
>>>>>
>>>>> Hi Marina
>>>>
>>>> The sample samples/calculator-ws-secure-webapp shows some
>>>> username and
>>>> password based authentication. For example, you will note that
>>>> some of
>>>> the
>>>> references/service require authentication..
>>>>
>>>>
>>>> <component name="CalculatorServiceComponent">
>>>> <implementation.java
>>>> class="calculator.CalculatorServiceImpl"/>
>>>> <reference name="addService" >
>>>> <interface.java interface="calculator.AddService" />
>>>> <binding.ws uri="
>>>> http://localhost:8080/sample-calculator-ws-secure-webapp/
>>>> AddServiceComponent
>>>> "
>>>> requires="authentication" />
>>>> </reference>
>>>>
>>>> ....
>>>>
>>>> <component name="AddServiceComponent">
>>>> <implementation.java class="calculator.AddServiceImpl"/>
>>>> <service name="AddService">
>>>> <interface.java interface="calculator.AddService" />
>>>> <binding.ws requires="authentication"/>
>>>> </service>
>>>>
>>>>
>>>> In this case the definitions.xml file defines service and reference
>>>> policy
>>>> sets that implement this intent as follows
>>>>
>>>> <sca:policySet name="calc:wsAuthenticationPolicy"
>>>> provides="sca:authentication"
>>>> appliesTo="sca:service/sca:binding.ws"
>>>>
>>>>>
>>>>> <tuscany:wsConfigParam>
>>>> <parameter name="InflowSecurity">
>>>> <action>
>>>> <items>UsernameToken</items>
>>>>
>>>>
>>>> <passwordCallbackClass>calculator.security.ServerPWCBHandler</
>>>> passwordCallbackClass>
>>>> </action>
>>>> </parameter>
>>>> </tuscany:wsConfigParam>
>>>> </sca:policySet>
>>>>
>>>> <sca:policySet name="calc:wsClientAuthenticationPolicy"
>>>> provides="sca:authentication"
>>>> appliesTo="sca:reference/sca:binding.ws">
>>>> <tuscany:wsConfigParam>
>>>> <parameter name="OutflowSecurity">
>>>> <action>
>>>> <items>UsernameToken</items>
>>>> <user>CalculatorUser</user>
>>>>
>>>>
>>>> <passwordCallbackClass>calculator.security.ClientPWCBHandler</
>>>> passwordCallbackClass>"
>>>> +
>>>> <passwordType>PasswordText</passwordType>
>>>> </action>
>>>> </parameter>
>>>> </tuscany:wsConfigParam>
>>>> </sca:policySet>
>>>> </component>
>>>>
>>>> These policy sets configure Axis2 to call out to the callback
>>>> classes
>>>> specified in order to get the username and password to be
>>>> included in
>>>> the
>>>> soap envelope. There is another, non-webapp, example of this in
>>>> samples/helloworld-ws-reference-secure and
>>>> samples/helloworld-ws-service-secure
>>>>
>>>> Hope that helps
>>>>
>>>> Simon
>>>>
>>>
>> In theory you should be able to use the reference side policy to
>> configure
>> security in order to authenticate with the remove non-sca web
>> service.
>> However this depends a lot on how the remote service is expecting
>> you to
>> authenticate with it. Do you know the details in this case. I have
>> to admit
>> to not having tried this with an external service so we are both
>> learning
>> here:-)
>>
>> Simon
>
Re: CONTINUED Need help again on binding to external web service with login authentication within Tuscany
Posted by Marina Deslaugiers <ma...@orange-ftgroup.com>.
Hi,
I am currently trying to connect to the external web service with
user/password authentication (without HTTPS) I mentioned in my
previous e-mails.
But I cannot succeed. Can you help me, please. I join composite and
definitions.xml files.
Following is the error message I get:
==============================================================
Warning: Running an XSLT 1.0 stylesheet with an XSLT 2.0 processor
** Entrez le mode de traduction : fr_en, fr_es, fr_it...
** Entrez le texte a traduire
bonjour Monsieur
lang= text= bonjour Monsieur
lang=
langue non indiquee par console
positionnement langue par Property Tuscany= fr_en
le texte= bonjour Monsieur
texte traduit= traduction impossible probleme serveur Web
messagingWS injecte
CONTENU DU SMSETO CREE = traduction impossible probleme serveur Web
WS messaging appele
*** PASSAGE DANS HANDLE de ClientPWCBHandler
*** Calling Client UserId/Password Handler ....
org.apache.axis2.AxisFault: Policy Falsified
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext
(Utils.java:486)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse
(OutInAxisOperation.java:343)
at org.apache.axis2.description.OutInAxisOperationClient.send
(OutInAxisOperation.java:389)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl
(OutInAxisOperation.java:211)
at org.apache.axis2.client.OperationClient.execute
(OperationClient.java:163)
at
org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invokeTarget
(Axis2BindingInvoker.java:101)
at org.apache.tuscany.sca.binding.ws.axis2.Axis2BindingInvoker.invoke
(Axis2BindingInvoker.java:76)
at
org.apache.tuscany.sca.core.databinding.wire.DataTransformationIntercept
or.invoke(DataTransformationInterceptor.java:74)
at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
(JDKInvocationHandler.java:249)
at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
(JDKInvocationHandler.java:146)
at $Proxy11.sendSMS(Unknown Source)
at translatewithsms.MessagingImpl.sendSMS(MessagingImpl.java:45)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.tuscany.sca.implementation.java.invocation.JavaImplementation
Invoker.invoke(JavaImplementationInvoker.java:105)
at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
(JDKInvocationHandler.java:249)
at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
(JDKInvocationHandler.java:146)
at $Proxy9.sendSMS(Unknown Source)
at translatewithsms.TranslatorwithsmsImpl.translateAndSendSMS
(TranslatorwithsmsImpl.java:39)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at
org.apache.tuscany.sca.implementation.java.invocation.JavaImplementation
Invoker.invoke(JavaImplementationInvoker.java:105)
at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
(JDKInvocationHandler.java:249)
at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke
(JDKInvocationHandler.java:146)
at $Proxy7.translateAndSendSMS(Unknown Source)
at translatewithsms.TranslatorwithsmsClient.main
(TranslatorwithsmsClient.java:28)
Retour d'envoi du SMS : null
==============================================================
Regards,
Marina.
Re: Need help again on binding to external web service with login authentication within Tuscany
Posted by Simon Laws <si...@googlemail.com>.
On Wed, May 7, 2008 at 1:49 PM, Marina Deslaugiers <
marina.deslaugiers@orange-ftgroup.com> wrote:
> Hi Simon,
>
> Thanks for the explanations. I will download and have a look to the
> calculator example you mention.
>
> However, I already have seen the
> sample/helloworld-ws-reference(service)-secure and I do not know whether
> and how I can use the policies they define ; indeed, as I said, I use to
> bind to a non-SCA web service - say the web service is not encapsulated in a
> SCA component.
>
> So, in this case, can I use the manner you indicate to me ? if yes, what
> are the changes to introduce in the policy description (definitions.xml
> and/or other files)?
>
>
> Regards,
> Marina.
>
> samples/helloworld-ws-reference-secure and
> > samples/helloworld-ws-service-secure
> >
> >
>
>
> Le 7 mai 08 à 12:13, Simon Laws a écrit :
>
>
> On Mon, May 5, 2008 at 4:11 PM, Marina Deslaugiers <
> > marina.deslaugiers@orange-ftgroup.com> wrote:
> >
> > Hi,
> > > Hello,
> > >
> > > I am coming back to you as I now have to connect to an external web
> > > service with user/password authentication and I do not know how this
> > > can be
> > > done (using policies I guess) in tuscany.
> > >
> > > I use a coding analogue to the one in the simple HelloWorld Web
> > > service
> > > example provided (and corrected by you) in
> > >
> > > * [jira] Commented: (TUSCANY-2268) Exceptions errors on binding
> > > toexternal web services*
> > >
> > > The WSDL of the web service seems to be in "document literal"
> > > encoding.
> > > However, the web service (accessible at the following URL ttp://
> > > 161.105.181.118/xml/SMSEnabler/V2.0/SMSSenderSEI which is different of
> > > the
> > > one mentioned in the WSDL file) is private to our company so it is not
> > > publicly available.
> > >
> > > Attached to this e-mail is the WSDL file.
> > >
> > > Can you help me again, please ?
> > >
> > > thanks.
> > >
> > > *Regards,*
> > > **
> > > *Marina.*
> > > **
> > >
> > > **
> > > *
> > > *
> > >
> > >
> > >
> > > Hi Marina
> >
> > The sample samples/calculator-ws-secure-webapp shows some username and
> > password based authentication. For example, you will note that some of
> > the
> > references/service require authentication..
> >
> >
> > <component name="CalculatorServiceComponent">
> > <implementation.java class="calculator.CalculatorServiceImpl"/>
> > <reference name="addService" >
> > <interface.java interface="calculator.AddService" />
> > <binding.ws uri="
> > http://localhost:8080/sample-calculator-ws-secure-webapp/
> > AddServiceComponent
> > "
> > requires="authentication" />
> > </reference>
> >
> > ....
> >
> > <component name="AddServiceComponent">
> > <implementation.java class="calculator.AddServiceImpl"/>
> > <service name="AddService">
> > <interface.java interface="calculator.AddService" />
> > <binding.ws requires="authentication"/>
> > </service>
> >
> >
> > In this case the definitions.xml file defines service and reference
> > policy
> > sets that implement this intent as follows
> >
> > <sca:policySet name="calc:wsAuthenticationPolicy"
> > provides="sca:authentication"
> > appliesTo="sca:service/sca:binding.ws"
> >
> > >
> > > <tuscany:wsConfigParam>
> > <parameter name="InflowSecurity">
> > <action>
> > <items>UsernameToken</items>
> >
> >
> > <passwordCallbackClass>calculator.security.ServerPWCBHandler</passwordCallbackClass>
> > </action>
> > </parameter>
> > </tuscany:wsConfigParam>
> > </sca:policySet>
> >
> > <sca:policySet name="calc:wsClientAuthenticationPolicy"
> > provides="sca:authentication"
> > appliesTo="sca:reference/sca:binding.ws">
> > <tuscany:wsConfigParam>
> > <parameter name="OutflowSecurity">
> > <action>
> > <items>UsernameToken</items>
> > <user>CalculatorUser</user>
> >
> >
> > <passwordCallbackClass>calculator.security.ClientPWCBHandler</passwordCallbackClass>"
> > +
> > <passwordType>PasswordText</passwordType>
> > </action>
> > </parameter>
> > </tuscany:wsConfigParam>
> > </sca:policySet>
> > </component>
> >
> > These policy sets configure Axis2 to call out to the callback classes
> > specified in order to get the username and password to be included in
> > the
> > soap envelope. There is another, non-webapp, example of this in
> > samples/helloworld-ws-reference-secure and
> > samples/helloworld-ws-service-secure
> >
> > Hope that helps
> >
> > Simon
> >
>
In theory you should be able to use the reference side policy to configure
security in order to authenticate with the remove non-sca web service.
However this depends a lot on how the remote service is expecting you to
authenticate with it. Do you know the details in this case. I have to admit
to not having tried this with an external service so we are both learning
here:-)
Simon