You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@tuscany.apache.org by Abraham Washington <ab...@yahoo.com> on 2009/01/13 20:43:09 UTC
security module not executed on service
hi, i have a service hosted on jboss 4.2.3.ga using jdk 1.6, which requires authentication. my client references the service.
<!-- WS Security POLICY SETS --><sca:policySet name="soasecurity:wsClientAuthenticationPolicy"provides="authentication"appliesTo="sca:reference/sca:binding.ws"><tuscany:wsConfigParam><parameter name="OutflowSecurity"><action><items>UsernameToken</items><user>TuscanyWsUser</user><passwordCallbackClass>org.soa.services.security.ClientPWCBHandler</passwordCallbackClass><passwordType>PasswordText</passwordType></action></parameter></tuscany:wsConfigParam></sca:policySet> here's my client definitions.xml:
here's the service (my tuscany service) security. it's running in a separate vm (jboss 4.2.3).
<
sca:definitions xmlns="http://www.osoa.org/xmlns/sca/1.0"targetNamespace="http://www.osoa.org/xmlns/sca/1.0"xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"xmlns:soasecurity="http://org.soa.services">
<sca:policySet name="oasecurity:wsAuthenticationPolicy"provides="authentication"appliesTo="sca:binding.ws"><tuscany:wsConfigParam><parameter name="InflowSecurity"><action><items>UsernameToken</items><passwordCallbackClass>org.soa.services.security.server.ServerPWCBHandler</passwordCallbackClass></action></parameter></tuscany:wsConfigParam>
the service is never invoked. on the client side, an exception is thrown:
</sca:policySet>
10:56:01,694 INFO [STDOUT] message -> org.apache.tuscany.sca.interfacedef.util.FaultException: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
10:56:01,695 ERROR [STDERR] org.osoa.sca.ServiceRuntimeException: org.apache.tuscany.sca.interfacedef.util.FaultExceptio
n: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
10:56:01,697 ERROR [STDERR] at org.apache.tuscany.sca.core.databinding.wire.DataTransformationInterceptor.invoke(Dat
aTransformationInterceptor.java:136)
10:56:01,697 ERROR [STDERR] at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
er.java:287)
10:56:01,698 ERROR [STDERR] at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
er.java:154)
10:56:01,698 ERROR [STDERR] at $Proxy72.findOrganization(Unknown Source)
10:56:01,699 ERROR [STDERR] at org.soa.services.OrganizationServiceImpl.findOrganization(OrganizationServiceImp
l.java:21)
10:56:01,699 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
10:56:01,699 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
10:56:01,700 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
10:56:01,700 ERROR [STDERR] at java.lang.reflect.Method.invoke(Method.java:597)
10:56:01,701 ERROR [STDERR] at org.apache.tuscany.sca.implementation.java.invocation.JavaImplementationInvoker.invok
e(JavaImplementationInvoker.java:132)
10:56:01,701 ERROR [STDERR] at org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.invoke(PassByValu
eInterceptor.java:112)
10:56:01,702 ERROR [STDERR] at org.apache.tuscany.sca.binding.sca.impl.SCABindingInvoker.invoke(SCABindingInvoker.ja
va:61)
10:56:01,702 ERROR [STDERR] at org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.invoke(PassByValu
eInterceptor.java:112)
10:56:01,703 ERROR [STDERR] at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
er.java:287)
10:56:01,703 ERROR [STDERR] at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
er.java:154)
ideas, thx abe
Re: security module not executed on service
Posted by Abraham Washington <ab...@yahoo.com>.
after migrating to 1.4, the error msg on the server side is more verbose, hopefully someone has an idea. the client callback is being executed. but the service throws this exception:
07:16:41,853 INFO [Server] JBoss (MX MicroKernel) [4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)] Started in 24s:374ms
07:20:34,844 INFO [STDOUT] - Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-20040
1-wss-wssecurity-secext-1.0.xsd : Security
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:102)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:166)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.tuscany.sca.host.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:107)
at org.apache.tuscany.sca.host.webapp.TuscanyServletFilter.doFilter(TuscanyServletFilter.java:93)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
$
thx abe
________________________________
From: Simon Laws <si...@googlemail.com>
To: user@tuscany.apache.org
Sent: Thursday, January 15, 2009 4:06:39 AM
Subject: Re: security module not executed on service
On Tue, Jan 13, 2009 at 7:43 PM, Abraham Washington <ab...@yahoo.com> wrote:
hi, i have a service hosted on jboss 4.2.3.ga using jdk 1.6, which requires authentication. my client references the service.
here's my client definitions.xml:
<!-- WS Security POLICY SETS --><sca:policySet name="soasecurity:wsClientAuthenticationPolicy" provides="authentication" appliesTo="sca:reference/sca:binding.ws"><tuscany:wsConfigParam><parameter name="OutflowSecurity"><action><items>UsernameToken</items><user>TuscanyWsUser</user><passwordCallbackClass>org.soa.services.security.ClientPWCBHandler</passwordCallbackClass><passwordType>PasswordText</passwordType></action></parameter></tuscany:wsConfigParam></sca:policySet>
here's the service (my tuscany service) security. it's running in a separate vm (jboss 4.2.3).
<sca:definitions xmlns="http://www.osoa.org/xmlns/sca/1.0" targetNamespace="http://www.osoa.org/xmlns/sca/1.0" xmlns:sca="http://www.osoa.org/xmlns/sca/1.0" xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0" xmlns:soasecurity="http://org.soa.services">
<sca:policySet name="oasecurity:wsAuthenticationPolicy" provides="authentication" appliesTo="sca:binding.ws" ><tuscany:wsConfigParam><parameter name="InflowSecurity"><action><items>UsernameToken</items><passwordCallbackClass>org.soa.services.security.server.ServerPWCBHandler</passwordCallbackClass></action></parameter></tuscany:wsConfigParam></sca:policySet>
the service is never invoked. on the client side, an exception is thrown:
10:56:01,694 INFO [STDOUT] message -> org.apache.tuscany.sca.interfacedef.util.FaultException: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
10:56:01,695 ERROR [STDERR] org.osoa.sca.ServiceRuntimeException: org.apache.tuscany.sca.interfacedef.util.FaultExceptio
n: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
10:56:01,697 ERROR [STDERR] at org.apache.tuscany.sca.core.databinding.wire.DataTransformationInterceptor.invoke(Dat
aTransformationInterceptor.java:136)
10:56:01,697 ERROR [STDERR] at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
er.java:287)
10:56:01,698 ERROR [STDERR] at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
er.java:154)
10:56:01,698 ERROR [STDERR] at $Proxy72.findOrganization(Unknown Source)
10:56:01,699 ERROR [STDERR] at org.soa.services.OrganizationServiceImpl.findOrganization(OrganizationServiceImp
l.java:21)
10:56:01,699 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
10:56:01,699 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
10:56:01,700 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
10:56:01,700 ERROR [STDERR] at java.lang.reflect.Method.invoke(Method.java:597)
10:56:01,701 ERROR [STDERR] at org.apache.tuscany.sca.implementation.java.invocation.JavaImplementationInvoker.invok
e(JavaImplementationInvoker.java:132)
10:56:01,701 ERROR [STDERR] at org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.invoke(PassByValu
eInterceptor.java:112)
10:56:01,702 ERROR [STDERR] at org.apache.tuscany.sca.binding.sca.impl.SCABindingInvoker.invoke(SCABindingInvoker.ja
va:61)
10:56:01,702 ERROR [STDERR] at org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.invoke(PassByValu
eInterceptor.java:112)
10:56:01,703 ERROR [STDERR] at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
er.java:287)
10:56:01,703 ERROR [STDERR] at org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
er.java:154)
ideas, thx abe
Hi Abe
Sorry for this slightly tardy reply. Do you see any Rampart errors reported in the output. What seems to be happening is that the ws-security header is being flowed but the server end doesn't have the appropriate modules loaded to process it. Hence it is complaining about being unable to process and element that is marked as "mustUnderstand".
I'll try and run the security sample here and see what happens.
Regards
Simon
Re: security module not executed on service
Posted by Simon Laws <si...@googlemail.com>.
On Tue, Jan 13, 2009 at 7:43 PM, Abraham Washington <ab...@yahoo.com>wrote:
> hi, i have a service hosted on jboss 4.2.3.ga using jdk 1.6, which
> requires authentication. my client references the service.
>
>
>
> here's my client definitions.xml:
>
>
>
> <!-- WS Security POLICY SETS -->
>
> <
> sca:policySet name="soasecurity:wsClientAuthenticationPolicy"
>
> provides="authentication"
>
> appliesTo="sca:reference/sca:binding.ws">
>
> <tuscany:wsConfigParam>
>
> <parameter name="OutflowSecurity">
>
> <action>
>
> <items>UsernameToken</items>
>
> <user>TuscanyWsUser</user>
>
> <passwordCallbackClass>org.soa.services.security.ClientPWCBHandler</
> passwordCallbackClass>
>
> <passwordType>PasswordText</passwordType>
>
> </action>
>
> </parameter>
>
> </tuscany:wsConfigParam>
>
> </sca:policySet>
>
>
>
> here's the service (my tuscany service) security. it's running in a
> separate vm (jboss 4.2.3).
>
>
> <
> sca:definitions xmlns="http://www.osoa.org/xmlns/sca/1.0"
>
> targetNamespace="http://www.osoa.org/xmlns/sca/1.0"
>
> xmlns:sca="http://www.osoa.org/xmlns/sca/1.0"
>
> xmlns:tuscany="http://tuscany.apache.org/xmlns/sca/1.0"
>
> xmlns:soasecurity="http://org.soa.services">
>
>
>
> <sca:policySet name="oasecurity:wsAuthenticationPolicy"
>
> provides="authentication"
>
> appliesTo="sca:binding.ws"
>
> >
>
> <tuscany:wsConfigParam>
>
> <parameter name="InflowSecurity">
>
> <action>
>
> <items>UsernameToken</items>
>
> <passwordCallbackClass>org.soa.services.security.server.ServerPWCBHandler
> </passwordCallbackClass>
>
> </action>
>
> </parameter>
>
> </tuscany:wsConfigParam>
>
> </sca:policySet>
>
>
>
> the service is never invoked. on the client side, an exception is thrown:
>
>
>
>
> 10:56:01,694 INFO [STDOUT] message ->
> org.apache.tuscany.sca.interfacedef.util.FaultException: Must Understand
> check failed for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd: Security
> 10:56:01,695 ERROR [STDERR] org.osoa.sca.ServiceRuntimeException:
> org.apache.tuscany.sca.interfacedef.util.FaultExceptio
> n: Must Understand check failed for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd: Security
> 10:56:01,697 ERROR [STDERR] at
> org.apache.tuscany.sca.core.databinding.wire.DataTransformationInterceptor.invoke(Dat
> aTransformationInterceptor.java:136)
> 10:56:01,697 ERROR [STDERR] at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
> er.java:287)
> 10:56:01,698 ERROR [STDERR] at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
> er.java:154)
> 10:56:01,698 ERROR [STDERR] at $Proxy72.findOrganization(Unknown
> Source)
> 10:56:01,699 ERROR [STDERR] at
> org.soa.services.OrganizationServiceImpl.findOrganization(OrganizationServiceImp
> l.java:21)
> 10:56:01,699 ERROR [STDERR] at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 10:56:01,699 ERROR [STDERR] at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 10:56:01,700 ERROR [STDERR] at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 10:56:01,700 ERROR [STDERR] at
> java.lang.reflect.Method.invoke(Method.java:597)
> 10:56:01,701 ERROR [STDERR] at
> org.apache.tuscany.sca.implementation.java.invocation.JavaImplementationInvoker.invok
> e(JavaImplementationInvoker.java:132)
> 10:56:01,701 ERROR [STDERR] at
> org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.invoke(PassByValu
> eInterceptor.java:112)
> 10:56:01,702 ERROR [STDERR] at
> org.apache.tuscany.sca.binding.sca.impl.SCABindingInvoker.invoke(SCABindingInvoker.ja
> va:61)
> 10:56:01,702 ERROR [STDERR] at
> org.apache.tuscany.sca.core.databinding.wire.PassByValueInterceptor.invoke(PassByValu
> eInterceptor.java:112)
> 10:56:01,703 ERROR [STDERR] at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
> er.java:287)
> 10:56:01,703 ERROR [STDERR] at
> org.apache.tuscany.sca.core.invocation.JDKInvocationHandler.invoke(JDKInvocationHandl
> er.java:154)
>
> ideas, thx abe
>
>
>
Hi Abe
Sorry for this slightly tardy reply. Do you see any Rampart errors reported
in the output. What seems to be happening is that the ws-security header is
being flowed but the server end doesn't have the appropriate modules loaded
to process it. Hence it is complaining about being unable to process and
element that is marked as "mustUnderstand".
I'll try and run the security sample here and see what happens.
Regards
Simon