You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Stefan Schmidt <sc...@gmail.com> on 2005/08/26 11:12:41 UTC
Invocation arguments were modified
Hi there,
I am using Geronimo and have a JAXRPC Web service running. Now I am
trying to get it secured...
I am new to WSS4J and I am trying to get the WSSignEnvelope and
WSEncryptEnvelope running. I am following the API description and
through some googling I found out that one has to instantiate the
WSSecurityEngine and use the .setUserInfo() method on the above Objects
to get it going. It took quite a while until I got that far since this
was unfortunately not included in the code examples at
http://ws.apache.org/wss4j/api.html.
Now I am getting the following exception: "Invocation arguments were
modified".
What am I doing wrong here?
Any help would be greatly appreciated!
Thanks in advance.
Stefan
Here are the error and implementation details:
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.lang.RuntimeException: Invocation arguments were modified
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:java.lang.RuntimeException:
Invocation arguments were modified
at
org.apache.axis.handlers.HandlerChainImpl.postInvoke(HandlerChainImpl.java:203)
at
org.apache.axis.handlers.HandlerChainImpl.handleResponse(HandlerChainImpl.java:173)
at
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:466)
....
java.lang.RuntimeException: Invocation arguments were modified
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:479)
The code:
public class SecurityHandler extends GenericHandler {
QName qn[] = null;
static final WSSecurityEngine wsse = new
WSSecurityEngine().getInstance(WSSConfig.getDefaultWSConfig());
public void init(HandlerInfo info) {
qn = info.getHeaders();
}
public QName[] getHeaders() {
return qn;
}
public boolean handleResponse(MessageContext msgContext) {
try {
SOAPMessageContext smc = (SOAPMessageContext) msgContext;
SOAPMessage msg = smc.getMessage();
SOAPPart sp = msg.getSOAPPart();
// wsse.setPrecisionInMilliSeconds(true);
Document envelope = sp.getEnvelope().getOwnerDocument();
SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(envelope.getDocumentElement());
WSSignEnvelope signer = new WSSignEnvelope();
Crypto crypto = CryptoFactory.getInstance("crypto.properties");
//
//
signer.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e","security");
// Vector parts = new Vector();
// WSEncryptionPart part = new
// WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
// soapConstants.getEnvelopeURI(),
// "Content");
// parts.add(part);
// signer.setParts(parts); // this is optional since the body is
// signed by default
// envelope = signer.build(envelope, crypto);
//
WSEncryptBody encryptor = new WSEncryptBody();
encryptor.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
envelope = encryptor.build(envelope, crypto);
} catch (Exception e) {
e.printStackTrace();
}
return true;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Stefan Schmidt <sc...@gmail.com>.
Sorry guys,
I figured both questions out myself. The first one was my wrong
thinking, and the second one was just a metter of editing the right
client wsdd file :-).
Regards,
Stefan
Stefan Schmidt wrote:
> Werner, dims
> Thanks for your help. I got most of it running now. Anyway, I have got
> two more questions:
>
> I am using an Axis client with the following setup:
> <requestFlow >
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="UsernameToken"/>
> <parameter name="user" value="wss4j"/>
> <parameter name="passwordCallbackClass"
>
> value="com.ibm.dw.bookshop.j2seclient.handlers.PWCallbackHandler"/>
> <parameter name="passwordType" value="PasswordText"/>
> <parameter name="mustUnderstand" value="true"/>
> </handler>
> </requestFlow >
>
> Question 1: Why does the WSDoAllSender ignore the passwordType and
> sends it as PasswordDigest instead?
>
> Then I am trying to access the username/password in my server side
> callbackHandler:
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> if (callbacks[i] instanceof WSPasswordCallback) {
> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
>
> System.out.println("Username: "+pc.getIdentifer()
> +"\nPassword:
> "+pc.getPassword()+"\nPasswordType: "+pc.getPasswordType());
>
> Question 2: I am able to see the username at the server side but not
> the Password and PasswordType - both are null - why is that?
>
> Thanks.
>
> Regards,
>
> Stefan
>
> Werner Dittmann wrote:
>
>> Stefan,
>>
>> according to the action: pls have a look in the javadoc of
>> "WSHandlerConstants" ins the package "**/security/handler".
>>
>> The password call is ndependetn of Ais, it is used to a hook
>> to get the password.
>>
>> The dpeloyment tag (the deployment value) can be set the
>> same way as any other parameter. This is a specific
>> parameter of the JAXRPC handler because this handler contains
>> the receiver and the sender part. The "deployment" parameter
>> and the "flow" control how the handler works, if its a client
>> side handler etc.
>>
>> Pls have a look into the interop/unit tests TestJAXRPC* about
>> the usage.
>>
>> Regads,
>> Werner
>>
>> Stefan Schmidt wrote:
>>
>>
>>> dims,
>>>
>>> Thanks for this tip, this seems much easier. However, I am still having
>>> problems:
>>>
>>> 1. I assume that I include the WSS4JHandler directly in my handler
>>> chain:
>>> webservices.xml
>>> ...
>>> <handler>
>>> <handler-name>Security Handler</handler-name>
>>>
>>> <handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
>>>
>>> <!--
>>> <init-param>
>>> <param-name>passwordCallbackClass</param-name>
>>>
>>> <param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
>>>
>>> </init-param>
>>> -->
>>> </handler>
>>> ...
>>> 2. I think I have to the define the required action eg: encrypt, sign,
>>> username, etc. Where do I find a compilation of the action attributes
>>> and their values so I know what exactly I should specify here.
>>>
>>> 3. I have tried to deploy the above posed handler and get the following
>>> exception:
>>> WSS4JHandler.processMessage: No deployment defined
>>> (WSS4JHandler line 141)
>>>
>>> Since I am not using Axis wsdd's there is no 'deployment' tag in my
>>> JAXRPC Web service. How do I supply this information to
>>> WSS4JHandler?
>>>
>>> 4. When I want to use username/password challenge I have to implement a
>>> CallbackHandler and specify it just like in the Axis example - right?
>>>
>>> Thanks!
>>>
>>> Regards,
>>> Stefan
>>>
>>>
>>
>> <SNIP> <SNAP>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Stefan Schmidt <sc...@gmail.com>.
Sorry guys,
I figured both questions out myself. The first one was my wrong
thinking, and the second one was just a metter of editing the right
client wsdd file :-).
Regards,
Stefan
Stefan Schmidt wrote:
> Werner, dims
> Thanks for your help. I got most of it running now. Anyway, I have got
> two more questions:
>
> I am using an Axis client with the following setup:
> <requestFlow >
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="UsernameToken"/>
> <parameter name="user" value="wss4j"/>
> <parameter name="passwordCallbackClass"
>
> value="com.ibm.dw.bookshop.j2seclient.handlers.PWCallbackHandler"/>
> <parameter name="passwordType" value="PasswordText"/>
> <parameter name="mustUnderstand" value="true"/>
> </handler>
> </requestFlow >
>
> Question 1: Why does the WSDoAllSender ignore the passwordType and
> sends it as PasswordDigest instead?
>
> Then I am trying to access the username/password in my server side
> callbackHandler:
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> if (callbacks[i] instanceof WSPasswordCallback) {
> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
>
> System.out.println("Username: "+pc.getIdentifer()
> +"\nPassword:
> "+pc.getPassword()+"\nPasswordType: "+pc.getPasswordType());
>
> Question 2: I am able to see the username at the server side but not
> the Password and PasswordType - both are null - why is that?
>
> Thanks.
>
> Regards,
>
> Stefan
>
> Werner Dittmann wrote:
>
>> Stefan,
>>
>> according to the action: pls have a look in the javadoc of
>> "WSHandlerConstants" ins the package "**/security/handler".
>>
>> The password call is ndependetn of Ais, it is used to a hook
>> to get the password.
>>
>> The dpeloyment tag (the deployment value) can be set the
>> same way as any other parameter. This is a specific
>> parameter of the JAXRPC handler because this handler contains
>> the receiver and the sender part. The "deployment" parameter
>> and the "flow" control how the handler works, if its a client
>> side handler etc.
>>
>> Pls have a look into the interop/unit tests TestJAXRPC* about
>> the usage.
>>
>> Regads,
>> Werner
>>
>> Stefan Schmidt wrote:
>>
>>
>>> dims,
>>>
>>> Thanks for this tip, this seems much easier. However, I am still having
>>> problems:
>>>
>>> 1. I assume that I include the WSS4JHandler directly in my handler
>>> chain:
>>> webservices.xml
>>> ...
>>> <handler>
>>> <handler-name>Security Handler</handler-name>
>>>
>>> <handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
>>>
>>> <!--
>>> <init-param>
>>> <param-name>passwordCallbackClass</param-name>
>>>
>>> <param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
>>>
>>> </init-param>
>>> -->
>>> </handler>
>>> ...
>>> 2. I think I have to the define the required action eg: encrypt, sign,
>>> username, etc. Where do I find a compilation of the action attributes
>>> and their values so I know what exactly I should specify here.
>>>
>>> 3. I have tried to deploy the above posed handler and get the following
>>> exception:
>>> WSS4JHandler.processMessage: No deployment defined
>>> (WSS4JHandler line 141)
>>>
>>> Since I am not using Axis wsdd's there is no 'deployment' tag in my
>>> JAXRPC Web service. How do I supply this information to
>>> WSS4JHandler?
>>>
>>> 4. When I want to use username/password challenge I have to implement a
>>> CallbackHandler and specify it just like in the Axis example - right?
>>>
>>> Thanks!
>>>
>>> Regards,
>>> Stefan
>>>
>>>
>>
>> <SNIP> <SNAP>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Stefan Schmidt <sc...@gmail.com>.
Werner, dims
Thanks for your help. I got most of it running now. Anyway, I have got
two more questions:
I am using an Axis client with the following setup:
<requestFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken"/>
<parameter name="user" value="wss4j"/>
<parameter name="passwordCallbackClass"
value="com.ibm.dw.bookshop.j2seclient.handlers.PWCallbackHandler"/>
<parameter name="passwordType" value="PasswordText"/>
<parameter name="mustUnderstand" value="true"/>
</handler>
</requestFlow >
Question 1: Why does the WSDoAllSender ignore the passwordType and sends
it as PasswordDigest instead?
Then I am trying to access the username/password in my server side
callbackHandler:
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
System.out.println("Username: "+pc.getIdentifer()
+"\nPassword:
"+pc.getPassword()+"\nPasswordType: "+pc.getPasswordType());
Question 2: I am able to see the username at the server side but not the
Password and PasswordType - both are null - why is that?
Thanks.
Regards,
Stefan
Werner Dittmann wrote:
>Stefan,
>
>according to the action: pls have a look in the javadoc of
>"WSHandlerConstants" ins the package "**/security/handler".
>
>The password call is ndependetn of Ais, it is used to a hook
>to get the password.
>
>The dpeloyment tag (the deployment value) can be set the
>same way as any other parameter. This is a specific
>parameter of the JAXRPC handler because this handler contains
>the receiver and the sender part. The "deployment" parameter
>and the "flow" control how the handler works, if its a client
>side handler etc.
>
>Pls have a look into the interop/unit tests TestJAXRPC* about
>the usage.
>
>Regads,
>Werner
>
>Stefan Schmidt wrote:
>
>
>>dims,
>>
>>Thanks for this tip, this seems much easier. However, I am still having
>>problems:
>>
>>1. I assume that I include the WSS4JHandler directly in my handler chain:
>> webservices.xml
>> ...
>> <handler>
>> <handler-name>Security Handler</handler-name>
>>
>><handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
>> <!--
>> <init-param>
>> <param-name>passwordCallbackClass</param-name>
>>
>><param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
>> </init-param>
>> -->
>> </handler>
>> ...
>>2. I think I have to the define the required action eg: encrypt, sign,
>>username, etc. Where do I find a compilation of the action attributes
>>and their values so I know what exactly I should specify here.
>>
>>3. I have tried to deploy the above posed handler and get the following
>>exception:
>> WSS4JHandler.processMessage: No deployment defined
>> (WSS4JHandler line 141)
>>
>> Since I am not using Axis wsdd's there is no 'deployment' tag in my
>>JAXRPC Web service. How do I supply this information to
>>WSS4JHandler?
>>
>>4. When I want to use username/password challenge I have to implement a
>>CallbackHandler and specify it just like in the Axis example - right?
>>
>>Thanks!
>>
>>Regards,
>>Stefan
>>
>>
>>
><SNIP> <SNAP>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Stefan Schmidt <sc...@gmail.com>.
Werner, dims
Thanks for your help. I got most of it running now. Anyway, I have got
two more questions:
I am using an Axis client with the following setup:
<requestFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken"/>
<parameter name="user" value="wss4j"/>
<parameter name="passwordCallbackClass"
value="com.ibm.dw.bookshop.j2seclient.handlers.PWCallbackHandler"/>
<parameter name="passwordType" value="PasswordText"/>
<parameter name="mustUnderstand" value="true"/>
</handler>
</requestFlow >
Question 1: Why does the WSDoAllSender ignore the passwordType and sends
it as PasswordDigest instead?
Then I am trying to access the username/password in my server side
callbackHandler:
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
System.out.println("Username: "+pc.getIdentifer()
+"\nPassword:
"+pc.getPassword()+"\nPasswordType: "+pc.getPasswordType());
Question 2: I am able to see the username at the server side but not the
Password and PasswordType - both are null - why is that?
Thanks.
Regards,
Stefan
Werner Dittmann wrote:
>Stefan,
>
>according to the action: pls have a look in the javadoc of
>"WSHandlerConstants" ins the package "**/security/handler".
>
>The password call is ndependetn of Ais, it is used to a hook
>to get the password.
>
>The dpeloyment tag (the deployment value) can be set the
>same way as any other parameter. This is a specific
>parameter of the JAXRPC handler because this handler contains
>the receiver and the sender part. The "deployment" parameter
>and the "flow" control how the handler works, if its a client
>side handler etc.
>
>Pls have a look into the interop/unit tests TestJAXRPC* about
>the usage.
>
>Regads,
>Werner
>
>Stefan Schmidt wrote:
>
>
>>dims,
>>
>>Thanks for this tip, this seems much easier. However, I am still having
>>problems:
>>
>>1. I assume that I include the WSS4JHandler directly in my handler chain:
>> webservices.xml
>> ...
>> <handler>
>> <handler-name>Security Handler</handler-name>
>>
>><handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
>> <!--
>> <init-param>
>> <param-name>passwordCallbackClass</param-name>
>>
>><param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
>> </init-param>
>> -->
>> </handler>
>> ...
>>2. I think I have to the define the required action eg: encrypt, sign,
>>username, etc. Where do I find a compilation of the action attributes
>>and their values so I know what exactly I should specify here.
>>
>>3. I have tried to deploy the above posed handler and get the following
>>exception:
>> WSS4JHandler.processMessage: No deployment defined
>> (WSS4JHandler line 141)
>>
>> Since I am not using Axis wsdd's there is no 'deployment' tag in my
>>JAXRPC Web service. How do I supply this information to
>>WSS4JHandler?
>>
>>4. When I want to use username/password challenge I have to implement a
>>CallbackHandler and specify it just like in the Axis example - right?
>>
>>Thanks!
>>
>>Regards,
>>Stefan
>>
>>
>>
><SNIP> <SNAP>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Werner Dittmann <We...@t-online.de>.
Stefan,
according to the action: pls have a look in the javadoc of
"WSHandlerConstants" ins the package "**/security/handler".
The password call is ndependetn of Ais, it is used to a hook
to get the password.
The dpeloyment tag (the deployment value) can be set the
same way as any other parameter. This is a specific
parameter of the JAXRPC handler because this handler contains
the receiver and the sender part. The "deployment" parameter
and the "flow" control how the handler works, if its a client
side handler etc.
Pls have a look into the interop/unit tests TestJAXRPC* about
the usage.
Regads,
Werner
Stefan Schmidt wrote:
> dims,
>
> Thanks for this tip, this seems much easier. However, I am still having
> problems:
>
> 1. I assume that I include the WSS4JHandler directly in my handler chain:
> webservices.xml
> ...
> <handler>
> <handler-name>Security Handler</handler-name>
>
> <handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
> <!--
> <init-param>
> <param-name>passwordCallbackClass</param-name>
>
> <param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
> </init-param>
> -->
> </handler>
> ...
> 2. I think I have to the define the required action eg: encrypt, sign,
> username, etc. Where do I find a compilation of the action attributes
> and their values so I know what exactly I should specify here.
>
> 3. I have tried to deploy the above posed handler and get the following
> exception:
> WSS4JHandler.processMessage: No deployment defined
> (WSS4JHandler line 141)
>
> Since I am not using Axis wsdd's there is no 'deployment' tag in my
> JAXRPC Web service. How do I supply this information to
> WSS4JHandler?
>
> 4. When I want to use username/password challenge I have to implement a
> CallbackHandler and specify it just like in the Axis example - right?
>
> Thanks!
>
> Regards,
> Stefan
>
<SNIP> <SNAP>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Werner Dittmann <We...@t-online.de>.
Stefan,
according to the action: pls have a look in the javadoc of
"WSHandlerConstants" ins the package "**/security/handler".
The password call is ndependetn of Ais, it is used to a hook
to get the password.
The dpeloyment tag (the deployment value) can be set the
same way as any other parameter. This is a specific
parameter of the JAXRPC handler because this handler contains
the receiver and the sender part. The "deployment" parameter
and the "flow" control how the handler works, if its a client
side handler etc.
Pls have a look into the interop/unit tests TestJAXRPC* about
the usage.
Regads,
Werner
Stefan Schmidt wrote:
> dims,
>
> Thanks for this tip, this seems much easier. However, I am still having
> problems:
>
> 1. I assume that I include the WSS4JHandler directly in my handler chain:
> webservices.xml
> ...
> <handler>
> <handler-name>Security Handler</handler-name>
>
> <handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
> <!--
> <init-param>
> <param-name>passwordCallbackClass</param-name>
>
> <param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
> </init-param>
> -->
> </handler>
> ...
> 2. I think I have to the define the required action eg: encrypt, sign,
> username, etc. Where do I find a compilation of the action attributes
> and their values so I know what exactly I should specify here.
>
> 3. I have tried to deploy the above posed handler and get the following
> exception:
> WSS4JHandler.processMessage: No deployment defined
> (WSS4JHandler line 141)
>
> Since I am not using Axis wsdd's there is no 'deployment' tag in my
> JAXRPC Web service. How do I supply this information to
> WSS4JHandler?
>
> 4. When I want to use username/password challenge I have to implement a
> CallbackHandler and specify it just like in the Axis example - right?
>
> Thanks!
>
> Regards,
> Stefan
>
<SNIP> <SNAP>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Stefan Schmidt <sc...@gmail.com>.
dims,
Thanks for this tip, this seems much easier. However, I am still having
problems:
1. I assume that I include the WSS4JHandler directly in my handler chain:
webservices.xml
...
<handler>
<handler-name>Security Handler</handler-name>
<handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
<!--
<init-param>
<param-name>passwordCallbackClass</param-name>
<param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
</init-param>
-->
</handler>
...
2. I think I have to the define the required action eg: encrypt, sign,
username, etc. Where do I find a compilation of the action attributes
and their values so I know what exactly I should specify here.
3. I have tried to deploy the above posed handler and get the following
exception:
WSS4JHandler.processMessage: No deployment defined
(WSS4JHandler line 141)
Since I am not using Axis wsdd's there is no 'deployment' tag in my
JAXRPC Web service. How do I supply this information to
WSS4JHandler?
4. When I want to use username/password challenge I have to implement a
CallbackHandler and specify it just like in the Axis example - right?
Thanks!
Regards,
Stefan
Davanum Srinivas wrote:
>Stefan,
>
>Please reuse the WSS4JHandler - It is a JAXRPC Handler. if you don't
>like it, feel free to make changes and help us make it better.
>
>thanks,
>dims
>
>On 8/26/05, Stefan Schmidt <sc...@gmail.com> wrote:
>
>
>>Hi there,
>>
>>
>>I am using Geronimo and have a JAXRPC Web service running. Now I am
>>trying to get it secured...
>>
>>I am new to WSS4J and I am trying to get the WSSignEnvelope and
>>WSEncryptEnvelope running. I am following the API description and
>>through some googling I found out that one has to instantiate the
>>WSSecurityEngine and use the .setUserInfo() method on the above Objects
>>to get it going. It took quite a while until I got that far since this
>>was unfortunately not included in the code examples at
>>http://ws.apache.org/wss4j/api.html.
>>
>>Now I am getting the following exception: "Invocation arguments were
>>modified".
>>
>>What am I doing wrong here?
>>
>>Any help would be greatly appreciated!
>>
>>Thanks in advance.
>>
>>Stefan
>>
>>Here are the error and implementation details:
>>
>>AxisFault
>> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
>> faultSubcode:
>> faultString: java.lang.RuntimeException: Invocation arguments were modified
>> faultActor:
>> faultNode:
>> faultDetail:
>> {http://xml.apache.org/axis/}stackTrace:java.lang.RuntimeException:
>>Invocation arguments were modified
>> at
>>org.apache.axis.handlers.HandlerChainImpl.postInvoke(HandlerChainImpl.java:203)
>> at
>>org.apache.axis.handlers.HandlerChainImpl.handleResponse(HandlerChainImpl.java:173)
>> at
>>org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:466)
>>....
>>java.lang.RuntimeException: Invocation arguments were modified
>> at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
>> at
>>org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:479)
>>
>>
>>The code:
>>
>>public class SecurityHandler extends GenericHandler {
>>
>> QName qn[] = null;
>>
>> static final WSSecurityEngine wsse = new
>>WSSecurityEngine().getInstance(WSSConfig.getDefaultWSConfig());
>>
>> public void init(HandlerInfo info) {
>> qn = info.getHeaders();
>> }
>>
>> public QName[] getHeaders() {
>> return qn;
>> }
>>
>> public boolean handleResponse(MessageContext msgContext) {
>> try {
>>
>> SOAPMessageContext smc = (SOAPMessageContext) msgContext;
>> SOAPMessage msg = smc.getMessage();
>> SOAPPart sp = msg.getSOAPPart();
>> // wsse.setPrecisionInMilliSeconds(true);
>>
>> Document envelope = sp.getEnvelope().getOwnerDocument();
>>
>> SOAPConstants soapConstants =
>>WSSecurityUtil.getSOAPConstants(envelope.getDocumentElement());
>>
>> WSSignEnvelope signer = new WSSignEnvelope();
>> Crypto crypto = CryptoFactory.getInstance("crypto.properties");
>> //
>> //
>>signer.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e","security");
>> // Vector parts = new Vector();
>> // WSEncryptionPart part = new
>> // WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
>> // soapConstants.getEnvelopeURI(),
>> // "Content");
>> // parts.add(part);
>> // signer.setParts(parts); // this is optional since the body is
>> // signed by default
>> // envelope = signer.build(envelope, crypto);
>> //
>> WSEncryptBody encryptor = new WSEncryptBody();
>>
>> encryptor.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
>> envelope = encryptor.build(envelope, crypto);
>>
>> } catch (Exception e) {
>> e.printStackTrace();
>> }
>> return true;
>> }
>>}
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Stefan Schmidt <sc...@gmail.com>.
dims,
Thanks for this tip, this seems much easier. However, I am still having
problems:
1. I assume that I include the WSS4JHandler directly in my handler chain:
webservices.xml
...
<handler>
<handler-name>Security Handler</handler-name>
<handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class>
<!--
<init-param>
<param-name>passwordCallbackClass</param-name>
<param-value>com.ibm.dw.bookshop.handlers.PWCallbackHandler</param-value>
</init-param>
-->
</handler>
...
2. I think I have to the define the required action eg: encrypt, sign,
username, etc. Where do I find a compilation of the action attributes
and their values so I know what exactly I should specify here.
3. I have tried to deploy the above posed handler and get the following
exception:
WSS4JHandler.processMessage: No deployment defined
(WSS4JHandler line 141)
Since I am not using Axis wsdd's there is no 'deployment' tag in my
JAXRPC Web service. How do I supply this information to
WSS4JHandler?
4. When I want to use username/password challenge I have to implement a
CallbackHandler and specify it just like in the Axis example - right?
Thanks!
Regards,
Stefan
Davanum Srinivas wrote:
>Stefan,
>
>Please reuse the WSS4JHandler - It is a JAXRPC Handler. if you don't
>like it, feel free to make changes and help us make it better.
>
>thanks,
>dims
>
>On 8/26/05, Stefan Schmidt <sc...@gmail.com> wrote:
>
>
>>Hi there,
>>
>>
>>I am using Geronimo and have a JAXRPC Web service running. Now I am
>>trying to get it secured...
>>
>>I am new to WSS4J and I am trying to get the WSSignEnvelope and
>>WSEncryptEnvelope running. I am following the API description and
>>through some googling I found out that one has to instantiate the
>>WSSecurityEngine and use the .setUserInfo() method on the above Objects
>>to get it going. It took quite a while until I got that far since this
>>was unfortunately not included in the code examples at
>>http://ws.apache.org/wss4j/api.html.
>>
>>Now I am getting the following exception: "Invocation arguments were
>>modified".
>>
>>What am I doing wrong here?
>>
>>Any help would be greatly appreciated!
>>
>>Thanks in advance.
>>
>>Stefan
>>
>>Here are the error and implementation details:
>>
>>AxisFault
>> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
>> faultSubcode:
>> faultString: java.lang.RuntimeException: Invocation arguments were modified
>> faultActor:
>> faultNode:
>> faultDetail:
>> {http://xml.apache.org/axis/}stackTrace:java.lang.RuntimeException:
>>Invocation arguments were modified
>> at
>>org.apache.axis.handlers.HandlerChainImpl.postInvoke(HandlerChainImpl.java:203)
>> at
>>org.apache.axis.handlers.HandlerChainImpl.handleResponse(HandlerChainImpl.java:173)
>> at
>>org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:466)
>>....
>>java.lang.RuntimeException: Invocation arguments were modified
>> at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
>> at
>>org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:479)
>>
>>
>>The code:
>>
>>public class SecurityHandler extends GenericHandler {
>>
>> QName qn[] = null;
>>
>> static final WSSecurityEngine wsse = new
>>WSSecurityEngine().getInstance(WSSConfig.getDefaultWSConfig());
>>
>> public void init(HandlerInfo info) {
>> qn = info.getHeaders();
>> }
>>
>> public QName[] getHeaders() {
>> return qn;
>> }
>>
>> public boolean handleResponse(MessageContext msgContext) {
>> try {
>>
>> SOAPMessageContext smc = (SOAPMessageContext) msgContext;
>> SOAPMessage msg = smc.getMessage();
>> SOAPPart sp = msg.getSOAPPart();
>> // wsse.setPrecisionInMilliSeconds(true);
>>
>> Document envelope = sp.getEnvelope().getOwnerDocument();
>>
>> SOAPConstants soapConstants =
>>WSSecurityUtil.getSOAPConstants(envelope.getDocumentElement());
>>
>> WSSignEnvelope signer = new WSSignEnvelope();
>> Crypto crypto = CryptoFactory.getInstance("crypto.properties");
>> //
>> //
>>signer.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e","security");
>> // Vector parts = new Vector();
>> // WSEncryptionPart part = new
>> // WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
>> // soapConstants.getEnvelopeURI(),
>> // "Content");
>> // parts.add(part);
>> // signer.setParts(parts); // this is optional since the body is
>> // signed by default
>> // envelope = signer.build(envelope, crypto);
>> //
>> WSEncryptBody encryptor = new WSEncryptBody();
>>
>> encryptor.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
>> envelope = encryptor.build(envelope, crypto);
>>
>> } catch (Exception e) {
>> e.printStackTrace();
>> }
>> return true;
>> }
>>}
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>
>>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Davanum Srinivas <da...@gmail.com>.
AND please use latest CVS as there have been tons of changes to
simplify the handlers
thanks,
dims
On 8/26/05, Davanum Srinivas <da...@gmail.com> wrote:
> Stefan,
>
> Please reuse the WSS4JHandler - It is a JAXRPC Handler. if you don't
> like it, feel free to make changes and help us make it better.
>
> thanks,
> dims
>
> On 8/26/05, Stefan Schmidt <sc...@gmail.com> wrote:
> > Hi there,
> >
> >
> > I am using Geronimo and have a JAXRPC Web service running. Now I am
> > trying to get it secured...
> >
> > I am new to WSS4J and I am trying to get the WSSignEnvelope and
> > WSEncryptEnvelope running. I am following the API description and
> > through some googling I found out that one has to instantiate the
> > WSSecurityEngine and use the .setUserInfo() method on the above Objects
> > to get it going. It took quite a while until I got that far since this
> > was unfortunately not included in the code examples at
> > http://ws.apache.org/wss4j/api.html.
> >
> > Now I am getting the following exception: "Invocation arguments were
> > modified".
> >
> > What am I doing wrong here?
> >
> > Any help would be greatly appreciated!
> >
> > Thanks in advance.
> >
> > Stefan
> >
> > Here are the error and implementation details:
> >
> > AxisFault
> > faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> > faultSubcode:
> > faultString: java.lang.RuntimeException: Invocation arguments were modified
> > faultActor:
> > faultNode:
> > faultDetail:
> > {http://xml.apache.org/axis/}stackTrace:java.lang.RuntimeException:
> > Invocation arguments were modified
> > at
> > org.apache.axis.handlers.HandlerChainImpl.postInvoke(HandlerChainImpl.java:203)
> > at
> > org.apache.axis.handlers.HandlerChainImpl.handleResponse(HandlerChainImpl.java:173)
> > at
> > org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:466)
> > ....
> > java.lang.RuntimeException: Invocation arguments were modified
> > at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
> > at
> > org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:479)
> >
> >
> > The code:
> >
> > public class SecurityHandler extends GenericHandler {
> >
> > QName qn[] = null;
> >
> > static final WSSecurityEngine wsse = new
> > WSSecurityEngine().getInstance(WSSConfig.getDefaultWSConfig());
> >
> > public void init(HandlerInfo info) {
> > qn = info.getHeaders();
> > }
> >
> > public QName[] getHeaders() {
> > return qn;
> > }
> >
> > public boolean handleResponse(MessageContext msgContext) {
> > try {
> >
> > SOAPMessageContext smc = (SOAPMessageContext) msgContext;
> > SOAPMessage msg = smc.getMessage();
> > SOAPPart sp = msg.getSOAPPart();
> > // wsse.setPrecisionInMilliSeconds(true);
> >
> > Document envelope = sp.getEnvelope().getOwnerDocument();
> >
> > SOAPConstants soapConstants =
> > WSSecurityUtil.getSOAPConstants(envelope.getDocumentElement());
> >
> > WSSignEnvelope signer = new WSSignEnvelope();
> > Crypto crypto = CryptoFactory.getInstance("crypto.properties");
> > //
> > //
> > signer.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e","security");
> > // Vector parts = new Vector();
> > // WSEncryptionPart part = new
> > // WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
> > // soapConstants.getEnvelopeURI(),
> > // "Content");
> > // parts.add(part);
> > // signer.setParts(parts); // this is optional since the body is
> > // signed by default
> > // envelope = signer.build(envelope, crypto);
> > //
> > WSEncryptBody encryptor = new WSEncryptBody();
> >
> > encryptor.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
> > envelope = encryptor.build(envelope, crypto);
> >
> > } catch (Exception e) {
> > e.printStackTrace();
> > }
> > return true;
> > }
> > }
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> --
> Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform
>
--
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Davanum Srinivas <da...@gmail.com>.
AND please use latest CVS as there have been tons of changes to
simplify the handlers
thanks,
dims
On 8/26/05, Davanum Srinivas <da...@gmail.com> wrote:
> Stefan,
>
> Please reuse the WSS4JHandler - It is a JAXRPC Handler. if you don't
> like it, feel free to make changes and help us make it better.
>
> thanks,
> dims
>
> On 8/26/05, Stefan Schmidt <sc...@gmail.com> wrote:
> > Hi there,
> >
> >
> > I am using Geronimo and have a JAXRPC Web service running. Now I am
> > trying to get it secured...
> >
> > I am new to WSS4J and I am trying to get the WSSignEnvelope and
> > WSEncryptEnvelope running. I am following the API description and
> > through some googling I found out that one has to instantiate the
> > WSSecurityEngine and use the .setUserInfo() method on the above Objects
> > to get it going. It took quite a while until I got that far since this
> > was unfortunately not included in the code examples at
> > http://ws.apache.org/wss4j/api.html.
> >
> > Now I am getting the following exception: "Invocation arguments were
> > modified".
> >
> > What am I doing wrong here?
> >
> > Any help would be greatly appreciated!
> >
> > Thanks in advance.
> >
> > Stefan
> >
> > Here are the error and implementation details:
> >
> > AxisFault
> > faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> > faultSubcode:
> > faultString: java.lang.RuntimeException: Invocation arguments were modified
> > faultActor:
> > faultNode:
> > faultDetail:
> > {http://xml.apache.org/axis/}stackTrace:java.lang.RuntimeException:
> > Invocation arguments were modified
> > at
> > org.apache.axis.handlers.HandlerChainImpl.postInvoke(HandlerChainImpl.java:203)
> > at
> > org.apache.axis.handlers.HandlerChainImpl.handleResponse(HandlerChainImpl.java:173)
> > at
> > org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:466)
> > ....
> > java.lang.RuntimeException: Invocation arguments were modified
> > at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
> > at
> > org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:479)
> >
> >
> > The code:
> >
> > public class SecurityHandler extends GenericHandler {
> >
> > QName qn[] = null;
> >
> > static final WSSecurityEngine wsse = new
> > WSSecurityEngine().getInstance(WSSConfig.getDefaultWSConfig());
> >
> > public void init(HandlerInfo info) {
> > qn = info.getHeaders();
> > }
> >
> > public QName[] getHeaders() {
> > return qn;
> > }
> >
> > public boolean handleResponse(MessageContext msgContext) {
> > try {
> >
> > SOAPMessageContext smc = (SOAPMessageContext) msgContext;
> > SOAPMessage msg = smc.getMessage();
> > SOAPPart sp = msg.getSOAPPart();
> > // wsse.setPrecisionInMilliSeconds(true);
> >
> > Document envelope = sp.getEnvelope().getOwnerDocument();
> >
> > SOAPConstants soapConstants =
> > WSSecurityUtil.getSOAPConstants(envelope.getDocumentElement());
> >
> > WSSignEnvelope signer = new WSSignEnvelope();
> > Crypto crypto = CryptoFactory.getInstance("crypto.properties");
> > //
> > //
> > signer.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e","security");
> > // Vector parts = new Vector();
> > // WSEncryptionPart part = new
> > // WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
> > // soapConstants.getEnvelopeURI(),
> > // "Content");
> > // parts.add(part);
> > // signer.setParts(parts); // this is optional since the body is
> > // signed by default
> > // envelope = signer.build(envelope, crypto);
> > //
> > WSEncryptBody encryptor = new WSEncryptBody();
> >
> > encryptor.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
> > envelope = encryptor.build(envelope, crypto);
> >
> > } catch (Exception e) {
> > e.printStackTrace();
> > }
> > return true;
> > }
> > }
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> --
> Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform
>
--
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Davanum Srinivas <da...@gmail.com>.
Stefan,
Please reuse the WSS4JHandler - It is a JAXRPC Handler. if you don't
like it, feel free to make changes and help us make it better.
thanks,
dims
On 8/26/05, Stefan Schmidt <sc...@gmail.com> wrote:
> Hi there,
>
>
> I am using Geronimo and have a JAXRPC Web service running. Now I am
> trying to get it secured...
>
> I am new to WSS4J and I am trying to get the WSSignEnvelope and
> WSEncryptEnvelope running. I am following the API description and
> through some googling I found out that one has to instantiate the
> WSSecurityEngine and use the .setUserInfo() method on the above Objects
> to get it going. It took quite a while until I got that far since this
> was unfortunately not included in the code examples at
> http://ws.apache.org/wss4j/api.html.
>
> Now I am getting the following exception: "Invocation arguments were
> modified".
>
> What am I doing wrong here?
>
> Any help would be greatly appreciated!
>
> Thanks in advance.
>
> Stefan
>
> Here are the error and implementation details:
>
> AxisFault
> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> faultSubcode:
> faultString: java.lang.RuntimeException: Invocation arguments were modified
> faultActor:
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:java.lang.RuntimeException:
> Invocation arguments were modified
> at
> org.apache.axis.handlers.HandlerChainImpl.postInvoke(HandlerChainImpl.java:203)
> at
> org.apache.axis.handlers.HandlerChainImpl.handleResponse(HandlerChainImpl.java:173)
> at
> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:466)
> ....
> java.lang.RuntimeException: Invocation arguments were modified
> at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
> at
> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:479)
>
>
> The code:
>
> public class SecurityHandler extends GenericHandler {
>
> QName qn[] = null;
>
> static final WSSecurityEngine wsse = new
> WSSecurityEngine().getInstance(WSSConfig.getDefaultWSConfig());
>
> public void init(HandlerInfo info) {
> qn = info.getHeaders();
> }
>
> public QName[] getHeaders() {
> return qn;
> }
>
> public boolean handleResponse(MessageContext msgContext) {
> try {
>
> SOAPMessageContext smc = (SOAPMessageContext) msgContext;
> SOAPMessage msg = smc.getMessage();
> SOAPPart sp = msg.getSOAPPart();
> // wsse.setPrecisionInMilliSeconds(true);
>
> Document envelope = sp.getEnvelope().getOwnerDocument();
>
> SOAPConstants soapConstants =
> WSSecurityUtil.getSOAPConstants(envelope.getDocumentElement());
>
> WSSignEnvelope signer = new WSSignEnvelope();
> Crypto crypto = CryptoFactory.getInstance("crypto.properties");
> //
> //
> signer.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e","security");
> // Vector parts = new Vector();
> // WSEncryptionPart part = new
> // WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
> // soapConstants.getEnvelopeURI(),
> // "Content");
> // parts.add(part);
> // signer.setParts(parts); // this is optional since the body is
> // signed by default
> // envelope = signer.build(envelope, crypto);
> //
> WSEncryptBody encryptor = new WSEncryptBody();
>
> encryptor.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
> envelope = encryptor.build(envelope, crypto);
>
> } catch (Exception e) {
> e.printStackTrace();
> }
> return true;
> }
> }
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Invocation arguments were modified
Posted by Davanum Srinivas <da...@gmail.com>.
Stefan,
Please reuse the WSS4JHandler - It is a JAXRPC Handler. if you don't
like it, feel free to make changes and help us make it better.
thanks,
dims
On 8/26/05, Stefan Schmidt <sc...@gmail.com> wrote:
> Hi there,
>
>
> I am using Geronimo and have a JAXRPC Web service running. Now I am
> trying to get it secured...
>
> I am new to WSS4J and I am trying to get the WSSignEnvelope and
> WSEncryptEnvelope running. I am following the API description and
> through some googling I found out that one has to instantiate the
> WSSecurityEngine and use the .setUserInfo() method on the above Objects
> to get it going. It took quite a while until I got that far since this
> was unfortunately not included in the code examples at
> http://ws.apache.org/wss4j/api.html.
>
> Now I am getting the following exception: "Invocation arguments were
> modified".
>
> What am I doing wrong here?
>
> Any help would be greatly appreciated!
>
> Thanks in advance.
>
> Stefan
>
> Here are the error and implementation details:
>
> AxisFault
> faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
> faultSubcode:
> faultString: java.lang.RuntimeException: Invocation arguments were modified
> faultActor:
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}stackTrace:java.lang.RuntimeException:
> Invocation arguments were modified
> at
> org.apache.axis.handlers.HandlerChainImpl.postInvoke(HandlerChainImpl.java:203)
> at
> org.apache.axis.handlers.HandlerChainImpl.handleResponse(HandlerChainImpl.java:173)
> at
> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:466)
> ....
> java.lang.RuntimeException: Invocation arguments were modified
> at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
> at
> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:479)
>
>
> The code:
>
> public class SecurityHandler extends GenericHandler {
>
> QName qn[] = null;
>
> static final WSSecurityEngine wsse = new
> WSSecurityEngine().getInstance(WSSConfig.getDefaultWSConfig());
>
> public void init(HandlerInfo info) {
> qn = info.getHeaders();
> }
>
> public QName[] getHeaders() {
> return qn;
> }
>
> public boolean handleResponse(MessageContext msgContext) {
> try {
>
> SOAPMessageContext smc = (SOAPMessageContext) msgContext;
> SOAPMessage msg = smc.getMessage();
> SOAPPart sp = msg.getSOAPPart();
> // wsse.setPrecisionInMilliSeconds(true);
>
> Document envelope = sp.getEnvelope().getOwnerDocument();
>
> SOAPConstants soapConstants =
> WSSecurityUtil.getSOAPConstants(envelope.getDocumentElement());
>
> WSSignEnvelope signer = new WSSignEnvelope();
> Crypto crypto = CryptoFactory.getInstance("crypto.properties");
> //
> //
> signer.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e","security");
> // Vector parts = new Vector();
> // WSEncryptionPart part = new
> // WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
> // soapConstants.getEnvelopeURI(),
> // "Content");
> // parts.add(part);
> // signer.setParts(parts); // this is optional since the body is
> // signed by default
> // envelope = signer.build(envelope, crypto);
> //
> WSEncryptBody encryptor = new WSEncryptBody();
>
> encryptor.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
> envelope = encryptor.build(envelope, crypto);
>
> } catch (Exception e) {
> e.printStackTrace();
> }
> return true;
> }
> }
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org