You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Wang, Hailong (NIH/CIT) [C]" <wa...@mail.nih.gov> on 2007/06/08 15:17:15 UTC
No password sent out by client
Hi,
When I try to use UsenameToken, Sign and Encrypt at my policy file,
everything works fine except that no password sent out for
UsernameToken. It is very urgent. Can someone help me on this? Thanks in
advance.
<!-- This file was auto-generated from WSDL -->
<!-- by the Apache Axis2 version: #axisVersion# #today# -->
<serviceGroup>
<service name="GuidService" scope="application">
<parameter locked="false" name="ServiceClass">
gov.nih.ndar.ws.guid.server.GuidService
</parameter>
<parameter locked="false"
name="lowerTForHashCode1">0</parameter>
<parameter locked="false"
name="upperTForHashCode1">1</parameter>
<parameter locked="false"
name="lowerTForHashCode2">1</parameter>
<parameter locked="false"
name="upperTForHashCode2">2</parameter>
<parameter locked="false"
name="lowerTForHashCode3">1</parameter>
<parameter locked="false"
name="upperTForHashCode3">3</parameter>
<parameter locked="false"
name="lowerTForHashCode4">1</parameter>
<parameter locked="false"
name="upperTForHashCode4">3</parameter>
<parameter locked="false"
name="lowerTForHashCode5">1</parameter>
<parameter locked="false"
name="upperTForHashCode5">3</parameter>
<parameter locked="false"
name="thresholdForPerfectMatch">1</parameter>
<parameter locked="false"
name="thresholdForGoodMatch">2</parameter>
<parameter locked="false"
name="thresholdForMixedMatch">2</parameter>
<parameter locked="false" name="prefix">NDAR</parameter>
<parameter locked="false" name="pattern">aannnaa</parameter>
<operation name="get">
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
</operation>
<operation name="update">
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
</operation>
<operation name="register">
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver" />
</operation>
<module ref="rampart" />
<module ref="addressing" />
<wsp:Policy wsu:Id="SigEncrUT"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15
/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial
/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>service</ramp:user>
<ramp:encryptionUser>
client
</ramp:encryptionUser>
<ramp:passwordCallbackClass>
gov.nih.ndar.ws.guid.server.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:prop
erty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:prope
rty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ra
mp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:prop
erty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:proper
ty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ra
mp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
</serviceGroup>
Hailong Wang
National Database for Autism Research(NDAR)
NIH/CIT/DECA (MOM CONTRACTOR)
9000 Rockville Pike, Bld 12A/Room 2027
Bethesda, MD 20892
Phone: 301-402-3045
Fax: 301-480-0028
Email: wangh3@mail.nih.gov
URL: http://ndar.nih.gov
keystore instance in rampart 1.2
Posted by George Stanchev <Gs...@serena.com>.
Hi,
I remember reading on that list awhile ago that someone submitted a
patch
against rampart (or may be it was wss4j, cant remember) that allows to
set
a keystore instance on the options instead of supplying a location, type
and
password. Did this make it into the new release?
Also, on a more general note, is there any release doc that lists the
bugfixes
and the new features that went into the release and how to use them?
Thanks!
George
**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
**********************************************************************
RE: No password sent out by client
Posted by "Wang, Hailong (NIH/CIT) [C]" <wa...@mail.nih.gov>.
Here is the exception:
org.apache.axis2.AxisFault: General security error (WSSecurityEngine:
Callback supplied no password for: client)
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java
:434)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOper
ation.java:373)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisO
peration.java:294)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:520
)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:500
)
at
gov.nih.ndar.ws.guid.client.AbstractGuidClient.get(AbstractGuidClient.ja
va:148)
at
gov.nih.ndar.ws.guid.client.SimpleGuidClient.main(SimpleGuidClient.java:
58)
Hailong
-----Original Message-----
From: Wang, Hailong (NIH/CIT) [C]
Sent: Friday, June 08, 2007 9:17 AM
To: rampart-dev@ws.apache.org
Subject: No password sent out by client
Hi,
When I try to use UsenameToken, Sign and Encrypt at my policy file,
everything works fine except that no password sent out for
UsernameToken. It is very urgent. Can someone help me on this? Thanks in
advance.
<!-- This file was auto-generated from WSDL -->
<!-- by the Apache Axis2 version: #axisVersion# #today# -->
<serviceGroup>
<service name="GuidService" scope="application">
<parameter locked="false" name="ServiceClass">
gov.nih.ndar.ws.guid.server.GuidService
</parameter>
<parameter locked="false"
name="lowerTForHashCode1">0</parameter>
<parameter locked="false"
name="upperTForHashCode1">1</parameter>
<parameter locked="false"
name="lowerTForHashCode2">1</parameter>
<parameter locked="false"
name="upperTForHashCode2">2</parameter>
<parameter locked="false"
name="lowerTForHashCode3">1</parameter>
<parameter locked="false"
name="upperTForHashCode3">3</parameter>
<parameter locked="false"
name="lowerTForHashCode4">1</parameter>
<parameter locked="false"
name="upperTForHashCode4">3</parameter>
<parameter locked="false"
name="lowerTForHashCode5">1</parameter>
<parameter locked="false"
name="upperTForHashCode5">3</parameter>
<parameter locked="false"
name="thresholdForPerfectMatch">1</parameter>
<parameter locked="false"
name="thresholdForGoodMatch">2</parameter>
<parameter locked="false"
name="thresholdForMixedMatch">2</parameter>
<parameter locked="false" name="prefix">NDAR</parameter>
<parameter locked="false" name="pattern">aannnaa</parameter>
<operation name="get">
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
</operation>
<operation name="update">
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
</operation>
<operation name="register">
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver" />
</operation>
<module ref="rampart" />
<module ref="addressing" />
<wsp:Policy wsu:Id="SigEncrUT"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15
/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial
/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>service</ramp:user>
<ramp:encryptionUser>
client
</ramp:encryptionUser>
<ramp:passwordCallbackClass>
gov.nih.ndar.ws.guid.server.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:prop
erty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:prope
rty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ra
mp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:prop
erty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:proper
ty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ra
mp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
</serviceGroup>
Hailong Wang
National Database for Autism Research(NDAR)
NIH/CIT/DECA (MOM CONTRACTOR)
9000 Rockville Pike, Bld 12A/Room 2027
Bethesda, MD 20892
Phone: 301-402-3045
Fax: 301-480-0028
Email: wangh3@mail.nih.gov
URL: http://ndar.nih.gov