You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Martin Gainty <mg...@hotmail.com> on 2012/08/17 02:33:21 UTC
RE: Need advice how to run Axis2/Rampart client from Websphere
place the *.mar into axis2\WEB-INF\module
make sure the name of the module is inserted into modules.list
HTH
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
From: aaron.stromas@rsa.com
To: java-user@axis.apache.org
Date: Thu, 16 Aug 2012 19:15:16 -0400
Subject: RE: Need advice how to run Axis2/Rampart client from Webshere
Really thank you for taking time to explain this. I now understand the rational, but I still need to resolve the practical business of engaging these modules from an EE application without resorting to filepaths. What is the significance of .mar extension? Is it just a notation that has a special meaning to Axis? I noticed the method ConfigurationContextFactory.createBasicConfiguration(String resource) method. Is the “resource” parameter an “axis2.xml” file (that also lists the rampart and rahas modules)? Also, should those modules be placed on the classpath in order to be engaged? Thank you, -a From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Thursday, 16 August, 2012 17:48
To: java-user@axis.apache.org
Subject: RE: Need advice how to run Axis2/Rampart client from Webshere MG>your focus seems to be implementing WS-Security which is implemented by wss4j
MG> the wss4j specific 'Context' used by wss4j is implemented by class org\apache\ws\security\message\WSSecSecurityContextToken.java
MG>WSS4J testcase to test the capability of WSSecSecurityContextToken is called test\java\org\apache\ws\security\message\SecurityContextTokenTest.java
MG>adding external functions to Axis2 such as logging, addressing and security are implemented as *engagable modules* ( which can be built as mars and then later 'engaged')
MG>to your Axis2 webapp
MG>Axis Rampart module covers 3 technologies
MG>WS-Security, WS-Trust and WS-SecureConversation
MG>As WSS4J is a DOM based technology (vs SAX) and Axis is a AXIOM based technology a 'bridge technology' was created called DOOM to incorporate DOM->Axiom
MG>Axiom->DOM conversions here is background
Rampart uses WSS4J for securing SOAP messages.
WSS4J is an Apache project which implements the WS-Security specification.
SOAP messages are
signed according to the <a href="http://www.w3.org/TR/xmlenc-core/">XML Encryption</a> and <a href="http://www.w3.org/TR/xmldsig-core/">XML Digital Signature</a> specifications,
encrypted according to the <a href="http://www.w3.org/TR/xmlenc-core/">XML Encryption</a> and
<a href="http://www.w3.org/TR/xmldsig-core/">XML Digital Signature</a> specifications,
but the WS-Security specification introduces an additional set of rules.
Therefore WSS4J ensures that SOAP messages are signed according to all the rules defined in the (above) specifications.
WSS4J uses Apache's <a href="http://santuario.apache.org/Java/index.html">xmlsec libraries</a> for XML Encryption and XML Digital Signature.</p>
Rather than re-inventing the wheel, it was decided to use WSS4J for SOAP message security in Rampart but there was a fundamental problem.
WSS4J and all the incorporating XML security libraries use "DOM" for parsing and generating XML,
while Axis2 uses "AXIOM" as the object model.
This was resolved by using a new object model named "DOOM". DOOM is both AXIOM and DOM implementations.
Therefore you can manipulate/access a DOOM object structure through DOM interfaces and AXIOM interfaces.</p>
When Rampart is engaged and configured, the incoming SOAP messages are converted to the bridge technology called DOOM.
Since DOOM *implements the DOM interface* it is possible for WSS4J to process messages.
After performing the security validations, before flushing the message down the message inflow, the DOOM SOAP message is converted back to OM.
At the outgoing flow, the message is converted back into DOOM and then the security functions are performed using WSS4J.</p>
MG>Sorry, I don’t see how it answers my question. MG>I take it you're new to SOAP 1.2 Specification and Axis2 implementations perhaps you want to take a look at some tutorialsMG>but beforehand It would be helpful to have a firm grasp on Axis2 fundamentals MG>http://axis.apache.org/axis2/java/core/docs/installationguide.html Thanks, MG>Youre welcome-a From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Thursday, 16 August, 2012 14:27
To: java-user@axis.apache.org
Subject: RE: Need advice how to run Axis2/Rampart client from Webshere I would use Fernando's Test Code for WSS4J
contents of wss40.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=wss40
org.apache.ws.security.crypto.merlin.keystore.file=keys/wss40.jks
package org.apache.ws.security.message;
public class SecurityContextTokenTest {
public org.apache.ws.security.components.crypto.Crypto crypto = org.apache.ws.security.components.crypto.CryptoFactory.getInstance("wss40.properties");
try {
org.w3c.dom.Document doc = org.apache.ws.security.common.SOAPUtil.toSOAPPart(org.apache.ws.security.common.SOAPUtil.SAMPLE_SOAP_MSG);
org.apache.ws.security.message.WSSecHeader secHeader = new org.apache.ws.security.message.WSSecHeader();
secHeader.insertSecurityHeader(doc);
org.apache.ws.security.message.WSSecSecurityContextToken sctBuilder = new org.apache.ws.security.message.WSSecSecurityContextToken();
sctBuilder.prepare(doc, crypto);
sctBuilder.prependSCTElementToHeader(doc, secHeader);
String out = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
if (LOG.isDebugEnabled())
{
LOG.debug(out);
}
assertTrue(
"SecurityContextToken missing",
out.indexOf(org.apache.ws.security.conversation.ConversationConstants.SECURITY_CONTEXT_TOKEN_LN) > 0
);
assertTrue(
"wsc:Identifier missing",
out.indexOf(org.apache.ws.security.conversation.ConversationConstants.IDENTIFIER_LN) > 0
);
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
I would locate the code in the WAR and NOT in the ejb code but if you want to finesse the CL order goto
http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Fcrun_classload.html
Martin Gainty
______________________________________________
Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfal
tet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. From: aaron.stromas@rsa.com
To: java-user@axis.apache.org
Date: Thu, 16 Aug 2012 12:19:14 -0400
Subject: Need advice how to run Axis2/Rampart client from WebshereHello, I need to be able to make web service calls using WS-Security from the application that runs on Websphere. Are there any instructions how to do that?My prototype standalone client sets up the ConfigurationContext as follows ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("c:/stage/axis2-1.6.2/repository", null); How can it be done in the web application environment where the application is packaged in .ear file? TIA, -a
RE: Need advice how to run Axis2/Rampart client from Websphere
Posted by "Stromas, Aaron" <aa...@rsa.com>.
The reference to axis2\WEB-INF\module suggests to me that I need to install Axis2 as a separate application in Websphere? Did I understand you correctly?
However, I still don't understand how I would initialize the ConfigurationContext in my client: all the ConfigurationContextFactory methods that take parameters refer to objects either on the filesystem or classpath. Sorry for being so dense....
-a
From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Thursday, 16 August, 2012 20:33
To: java-user@axis.apache.org
Subject: RE: Need advice how to run Axis2/Rampart client from Websphere
place the *.mar into axis2\WEB-INF\module
make sure the name of the module is inserted into modules.list
HTH
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
________________________________
From: aaron.stromas@rsa.com
To: java-user@axis.apache.org
Date: Thu, 16 Aug 2012 19:15:16 -0400
Subject: RE: Need advice how to run Axis2/Rampart client from Webshere
Really thank you for taking time to explain this. I now understand the rational, but I still need to resolve the practical business of engaging these modules from an EE application without resorting to filepaths. What is the significance of .mar extension? Is it just a notation that has a special meaning to Axis?
I noticed the method ConfigurationContextFactory.createBasicConfiguration(String resource) method. Is the "resource" parameter an "axis2.xml" file (that also lists the rampart and rahas modules)? Also, should those modules be placed on the classpath in order to be engaged?
Thank you,
-a
From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Thursday, 16 August, 2012 17:48
To: java-user@axis.apache.org
Subject: RE: Need advice how to run Axis2/Rampart client from Webshere
MG>your focus seems to be implementing WS-Security which is implemented by wss4j
MG> the wss4j specific 'Context' used by wss4j is implemented by class org\apache\ws\security\message\WSSecSecurityContextToken.java
MG>WSS4J testcase to test the capability of WSSecSecurityContextToken is called test\java\org\apache\ws\security\message\SecurityContextTokenTest.java
MG>adding external functions to Axis2 such as logging, addressing and security are implemented as *engagable modules* ( which can be built as mars and then later 'engaged')
MG>to your Axis2 webapp
MG>Axis Rampart module covers 3 technologies
MG>WS-Security, WS-Trust and WS-SecureConversation
MG>As WSS4J is a DOM based technology (vs SAX) and Axis is a AXIOM based technology a 'bridge technology' was created called DOOM to incorporate DOM->Axiom
MG>Axiom->DOM conversions here is background
Rampart uses WSS4J for securing SOAP messages.
WSS4J is an Apache project which implements the WS-Security specification.
SOAP messages are
signed according to the <a href="http://www.w3.org/TR/xmlenc-core/">XML Encryption</a> and <a href="http://www.w3.org/TR/xmldsig-core/">XML Digital Signature</a> specifications,
encrypted according to the <a href="http://www.w3.org/TR/xmlenc-core/">XML Encryption</a> and
<a href="http://www.w3.org/TR/xmldsig-core/">XML Digital Signature</a> specifications,
but the WS-Security specification introduces an additional set of rules.
Therefore WSS4J ensures that SOAP messages are signed according to all the rules defined in the (above) specifications.
WSS4J uses Apache's <a href="http://santuario.apache.org/Java/index.html">xmlsec libraries</a> for XML Encryption and XML Digital Signature.</p>
Rather than re-inventing the wheel, it was decided to use WSS4J for SOAP message security in Rampart but there was a fundamental problem.
WSS4J and all the incorporating XML security libraries use "DOM" for parsing and generating XML,
while Axis2 uses "AXIOM" as the object model.
This was resolved by using a new object model named "DOOM". DOOM is both AXIOM and DOM implementations.
Therefore you can manipulate/access a DOOM object structure through DOM interfaces and AXIOM interfaces.</p>
When Rampart is engaged and configured, the incoming SOAP messages are converted to the bridge technology called DOOM.
Since DOOM *implements the DOM interface* it is possible for WSS4J to process messages.
After performing the security validations, before flushing the message down the message inflow, the DOOM SOAP message is converted back to OM.
At the outgoing flow, the message is converted back into DOOM and then the security functions are performed using WSS4J.</p>
MG>
Sorry, I don't see how it answers my question.
MG>I take it you're new to SOAP 1.2 Specification and Axis2 implementations perhaps you want to take a look at some tutorials
MG>but beforehand It would be helpful to have a firm grasp on Axis2 fundamentals
MG>http://axis.apache.org/axis2/java/core/docs/installationguide.html
Thanks,
MG>Youre welcome
-a
From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Thursday, 16 August, 2012 14:27
To: java-user@axis.apache.org
Subject: RE: Need advice how to run Axis2/Rampart client from Webshere
I would use Fernando's Test Code for WSS4J
contents of wss40.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=wss40
org.apache.ws.security.crypto.merlin.keystore.file=keys/wss40.jks
package org.apache.ws.security.message;
public class SecurityContextTokenTest {
public org.apache.ws.security.components.crypto.Crypto crypto = org.apache.ws.security.components.crypto.CryptoFactory.getInstance("wss40.properties");
try {
org.w3c.dom.Document doc = org.apache.ws.security.common.SOAPUtil.toSOAPPart(org.apache.ws.security.common.SOAPUtil.SAMPLE_SOAP_MSG);
org.apache.ws.security.message.WSSecHeader secHeader = new org.apache.ws.security.message.WSSecHeader();
secHeader.insertSecurityHeader(doc);
org.apache.ws.security.message.WSSecSecurityContextToken sctBuilder = new org.apache.ws.security.message.WSSecSecurityContextToken();
sctBuilder.prepare(doc, crypto);
sctBuilder.prependSCTElementToHeader(doc, secHeader);
String out = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
if (LOG.isDebugEnabled())
{
LOG.debug(out);
}
assertTrue(
"SecurityContextToken missing",
out.indexOf(org.apache.ws.security.conversation.ConversationConstants.SECURITY_CONTEXT_TOKEN_LN) > 0
);
assertTrue(
"wsc:Identifier missing",
out.indexOf(org.apache.ws.security.conversation.ConversationConstants.IDENTIFIER_LN) > 0
);
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
I would locate the code in the WAR and NOT in the ejb code but if you want to finesse the CL order goto
http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Fcrun_classload.html<http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/crun_classload.html>
Martin Gainty
______________________________________________
Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfal
tet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
________________________________
From: aaron.stromas@rsa.com
To: java-user@axis.apache.org
Date: Thu, 16 Aug 2012 12:19:14 -0400
Subject: Need advice how to run Axis2/Rampart client from Webshere
Hello,
I need to be able to make web service calls using WS-Security from the application that runs on Websphere. Are there any instructions how to do that?
My prototype standalone client sets up the ConfigurationContext as follows
ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("c:/stage/axis2-1.6.2/repository", null);
How can it be done in the web application environment where the application is packaged in .ear file?
TIA,
-a