You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Erdem ALPAY <er...@srdc.com.tr> on 2009/07/02 14:49:04 UTC
basic sample 05 encryption problem - WSDoAllReceiver: security processing
failed
I have a problem about the 5th example of rampart. When I try to invoke
service from client, service responds the
"WSDoAllReceiver: security processing failed"
fault. I searched it from the internet and tried every solution that I
find. But I couldn't resolve problem. I think problem is in the service
side, since client sends encrypted data to service successfully. (I
checked it with Tcpmon) It may be also due to java key stores, since the
original keystores in the example didn't work, I replaced them with new
ones I generated.
Quick responses will be highly appreciated..
Here's my files:
PWCBHandler.java:
package org.apache.rampart.samples.sample05;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
String id = pwcb.getIdentifer();
if("client".equals(id)) {
pwcb.setPassword("apache");
} else if("service".equals(id)) {
pwcb.setPassword("apache");
}
}
}
}
SimpleService.java :
public class SimpleService {
public String echo(String arg) {
return arg;
}
}
service.xml :
<service name="SimpleService" >
<Description>
Please Type your service description here
</Description>
<messageReceivers>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver" />
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</messageReceivers>
<parameter name="ServiceClass"
locked="false">org.apache.rampart.samples.sample05.SimpleService</parameter>
<module ref="rampart" />
<parameter name="InflowSecurity">
<action>
<items>Encrypt</items>
<passwordCallbackClass>org.apache.rampart.samples.sample05.PWCBHandler</passwordCallbackClass>
<decryptionPropFile>service.properties</decryptionPropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Encrypt</items>
<encryptionUser>client</encryptionUser>
<encryptionPropFile>service.properties</encryptionPropFile>
</action>
</parameter>
</service>
______________________
As I said I don't think the problem is in client side but I send my
client's request just in case(I can send client side files also but like
the service files they are rampart's example and can be reached easily)
Here's the request of client :
POST /service05/services/SimpleService HTTP/1.1
Content-Type: text/xml; charset=UTF-8
SOAPAction: "urn:echo"
User-Agent: Axis2
Host: 127.0.0.1:7071
Transfer-Encoding: chunked
92c
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
<xenc:EncryptedKey
Id="EncKeyId-urn:uuid:48535FF564B27B0F6E12465368715192">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=q,OU=w,O=e,L=r,ST=t,C=y</ds:X509IssuerName>
<ds:X509SerialNumber>1246533967</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>A77KNfyOpakIqEE7kCJhQpp1gPJ9qVns/wPxpckS6VdkTAclo1KnsLRWuxUw18SXaf18sLP4oM33Z8M2OnSoYCFsgTfVveLej1Fqw/YOg2G3Rs7CCRRaAOkBNfzojkqx/S6FxJUZwc3eIookFv4LzMqNuZq7bfVcjvgsm65CRV0=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-30216319" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
<wsa:To>http://localhost:7071/service05/services/SimpleService</wsa:To>
<wsa:MessageID>urn:uuid:A4E6827986272D14C81246536869238</wsa:MessageID>
<wsa:Action>urn:echo</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<xenc:EncryptedData Id="EncDataId-30216319"
Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference
URI="#EncKeyId-urn:uuid:48535FF564B27B0F6E12465368715192" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>qeqUR+BabpbNLn9eI4yDDsqKYAdsPRvVTi0/mBC2leuV1JFyBriU4B4LT/MmqCZHvXIhMogjm8SCmePhdAdSqBahN9NnQntINPNy3ZXrAclfpYWoL0bmkxhTB+HOfCcx0ptXAHVLaR71QiTS0zx79y2Vu2sDUxTQyHv4iQ7Waup/4D/sokPRV6/mr1LE8RL+4Ri/myGnPJR//x42zLIbMj4KFFhr3QcfqcvDpCfQLf8cIS4RDelqkGnWbVFxFuW1yNoqdBfzkxvGjATOk9T5cPI/P5MobQ/wTcZyBPZ3fDTgCyNdq23bs3L+FL4DTtYx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
______________________________
Re: basic sample 05 encryption problem - WSDoAllReceiver: security
processing failed
Posted by prabath <pr...@wso2.com>.
Hi Erdem;
Please try with the samples\policy\sample03
Thanks & regards.
-Prabath
Erdem ALPAY wrote:
> I have a problem about the 5th example of rampart. When I try to
> invoke service from client, service responds the
> "WSDoAllReceiver: security processing failed"
> fault. I searched it from the internet and tried every solution that I
> find. But I couldn't resolve problem. I think problem is in the
> service side, since client sends encrypted data to service
> successfully. (I checked it with Tcpmon) It may be also due to java
> key stores, since the original keystores in the example didn't work, I
> replaced them with new ones I generated.
> Quick responses will be highly appreciated..
>
>
>
> Here's my files:
>
> PWCBHandler.java:
>
> package org.apache.rampart.samples.sample05;
>
> import org.apache.ws.security.WSPasswordCallback;
>
> import javax.security.auth.callback.Callback;
> import javax.security.auth.callback.CallbackHandler;
> import javax.security.auth.callback.UnsupportedCallbackException;
>
> import java.io.IOException;
>
> public class PWCBHandler implements CallbackHandler {
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
> String id = pwcb.getIdentifer();
> if("client".equals(id)) {
> pwcb.setPassword("apache");
> } else if("service".equals(id)) {
> pwcb.setPassword("apache");
> }
> }
> }
>
> }
>
> SimpleService.java :
>
> public class SimpleService { public String echo(String arg) {
> return arg;
> }
> }
>
> service.xml :
>
> <service name="SimpleService" >
> <Description>
> Please Type your service description here
> </Description>
> <messageReceivers>
> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
> class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver" />
> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
> </messageReceivers>
> <parameter name="ServiceClass"
> locked="false">org.apache.rampart.samples.sample05.SimpleService</parameter>
>
> <module ref="rampart" />
> <parameter name="InflowSecurity">
> <action>
> <items>Encrypt</items>
>
> <passwordCallbackClass>org.apache.rampart.samples.sample05.PWCBHandler</passwordCallbackClass>
>
> <decryptionPropFile>service.properties</decryptionPropFile>
> </action>
> </parameter>
> <parameter name="OutflowSecurity">
> <action>
> <items>Encrypt</items>
> <encryptionUser>client</encryptionUser>
> <encryptionPropFile>service.properties</encryptionPropFile>
> </action>
> </parameter>
> </service>
> ______________________
> As I said I don't think the problem is in client side but I send my
> client's request just in case(I can send client side files also but
> like the service files they are rampart's example and can be reached
> easily)
> Here's the request of client :
>
> POST /service05/services/SimpleService HTTP/1.1
> Content-Type: text/xml; charset=UTF-8
> SOAPAction: "urn:echo"
> User-Agent: Axis2
> Host: 127.0.0.1:7071
> Transfer-Encoding: chunked
>
> 92c
> <?xml version='1.0' encoding='UTF-8'?>
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> soapenv:mustUnderstand="1">
> <xenc:EncryptedKey
> Id="EncKeyId-urn:uuid:48535FF564B27B0F6E12465368715192">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <ds:X509Data>
> <ds:X509IssuerSerial>
>
> <ds:X509IssuerName>CN=q,OU=w,O=e,L=r,ST=t,C=y</ds:X509IssuerName>
>
> <ds:X509SerialNumber>1246533967</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
>
> <xenc:CipherValue>A77KNfyOpakIqEE7kCJhQpp1gPJ9qVns/wPxpckS6VdkTAclo1KnsLRWuxUw18SXaf18sLP4oM33Z8M2OnSoYCFsgTfVveLej1Fqw/YOg2G3Rs7CCRRaAOkBNfzojkqx/S6FxJUZwc3eIookFv4LzMqNuZq7bfVcjvgsm65CRV0=</xenc:CipherValue>
>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#EncDataId-30216319" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> </wsse:Security>
>
> <wsa:To>http://localhost:7071/service05/services/SimpleService</wsa:To>
>
> <wsa:MessageID>urn:uuid:A4E6827986272D14C81246536869238</wsa:MessageID>
> <wsa:Action>urn:echo</wsa:Action>
> </soapenv:Header>
> <soapenv:Body>
> <xenc:EncryptedData Id="EncDataId-30216319"
> Type="http://www.w3.org/2001/04/xmlenc#Content">
> <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>
> <wsse:Reference
> URI="#EncKeyId-urn:uuid:48535FF564B27B0F6E12465368715192" />
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
>
> <xenc:CipherValue>qeqUR+BabpbNLn9eI4yDDsqKYAdsPRvVTi0/mBC2leuV1JFyBriU4B4LT/MmqCZHvXIhMogjm8SCmePhdAdSqBahN9NnQntINPNy3ZXrAclfpYWoL0bmkxhTB+HOfCcx0ptXAHVLaR71QiTS0zx79y2Vu2sDUxTQyHv4iQ7Waup/4D/sokPRV6/mr1LE8RL+4Ri/myGnPJR//x42zLIbMj4KFFhr3QcfqcvDpCfQLf8cIS4RDelqkGnWbVFxFuW1yNoqdBfzkxvGjATOk9T5cPI/P5MobQ/wTcZyBPZ3fDTgCyNdq23bs3L+FL4DTtYx</xenc:CipherValue>
>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soapenv:Body>
> </soapenv:Envelope>
> ______________________________
>
>
>