You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Sanjay Vivek <Sa...@newcastle.ac.uk> on 2008/02/13 10:33:08 UTC
Timestamp validation error when invoking a Rampart service with a .NET client.
Hi everyone,
I'm attempting to consume a policy based Rampart service with a .NET
client. However, I'm getting the following error:
"System.Web.Services.Protocols.SoapException: The timestamp could not be
validated"
I don't get this error when I consume a similiar parameter based Rampart
service. Is the formatting for the timestamp in a policy based service
different to a parameter based service? The tcpmon logs are given below.
Any pointers on how I should proceed would be very helpful. Cheers.
The SOAP request:
<?xml version="1.0" encoding="utf-8"?>
<log>
<outputMessage utc="11/02/2008 14:36:53"
messageId="urn:uuid:65be6012-0969-4ff4-80dd-8bafedee04e2">
<processingStep description="Unprocessed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<getGroupMembers
xmlns="http://webservicesSecurity.grouper.middleware.internet2.edu/xsd">
<groupName>ncl:services:students</groupName>
</getGroupMembers>
</soap:Body>
</soap:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.UsernameOverTransportAssertion+ClientOutp
utFilter" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Design.UsernameOverTransportAssertion+ClientOutp
utFilter" />
<processingStep description="Processed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>urn:getGroupMembers</wsa:Action>
<wsa:MessageID>urn:uuid:65be6012-0969-4ff4-80dd-8bafedee04e2</wsa:Messag
eID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anony
mous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://pod.ncl.ac.uk:8083/sanjaygrouper/services/SecureGrouperSe
rvice</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-82f65036-c550-4ce8-a2be-d9907049e6be">
<wsu:Created>2008-02-11T14:36:53Z</wsu:Created>
<wsu:Expires>2008-02-11T14:41:53Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
wsu:Id="SecurityToken-ddb6e418-ba28-4735-9cc3-1c2d16ec68d6">
<wsse:Username>mariah.carey@hotmail.com</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-t
oken-profile-1.0#PasswordText">wspwd</wsse:Password>
<wsse:Nonce>hn8l+0Qibhcl+99lBeiN4g==</wsse:Nonce>
<wsu:Created>2008-02-11T14:36:53Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<getGroupMembers
xmlns="http://webservicesSecurity.grouper.middleware.internet2.edu/xsd">
<groupName>ncl:services:students</groupName>
</getGroupMembers>
</soap:Body>
</soap:Envelope>
</processingStep>
</outputMessage>
</log>
And the SOAP response:
<?xml version="1.0" encoding="utf-8"?>
<log>
<inputMessage utc="11/02/2008 14:36:53"
messageId="urn:uuid:FAE2878FEC187ECEFE1202740115631">
<processingStep description="Unprocessed message">
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<soapenv:Header>
<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous<
/wsa:To>
<wsa:MessageID>urn:uuid:FAE2878FEC187ECEFE1202740115631</wsa:MessageID>
<wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:
Action>
<wsa:RelatesTo>urn:uuid:65be6012-0969-4ff4-80dd-8bafedee04e2</wsa:Relate
sTo>
</soapenv:Header>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>The timestamp could not be validated</faultstring>
<detail />
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.UsernameOverTransportAssertion+ClientInpu
tFilter" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Design.UsernameOverTransportAssertion+ClientInpu
tFilter" />
<processingStep description="Processed message">
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<soapenv:Header />
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>The timestamp could not be validated</faultstring>
<detail />
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
</processingStep>
</inputMessage>
</log>
Regards
--------------
Sanjay Vivek
Web Analyst
Middleware Team
ISS
University of Newcastle Upon Tyne
Re: Timestamp validation error when invoking a Rampart service with a .NET client.
Posted by "Joana M. F. Trindade" <jm...@gmail.com>.
Hi Sanjay,
I am using the rampart-SNAPSHOT.mar, but I am able to engage the modules.
The problem I have is another one [1].
> The funny thing is everything works perfectly well with the
rampart-1.3.mar file.
Same thing here hehehe =)
Cheers,
Joana
[1] -
http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200802.mbox/%3cfb19e1d50802220515n3e23ab21k81bf69b38496ae29@mail.gmail.com%3e
On Mon, Feb 25, 2008 at 2:10 PM, Sanjay Vivek <Sa...@newcastle.ac.uk>
wrote:
> Hi Joanna,
>
> Yes, I do have the axis2-codegen-1.3.jar file. Are you using the
> rampart-SNAPSHOT.mar file as well? The funny thing is everything works
> perfectly well with the rampart-1.3.mar file. Cheers.
>
> Regards
> Sanjay
>
> >-----Original Message-----
> >From: Joana M. F. Trindade [mailto:jmftrindade@gmail.com]
> >Sent: 25 February 2008 12:59
> >To: rampart-dev@ws.apache.org
> >Subject: Re: Timestamp validation error when invoking a
> >Rampart service with a .NET client.
> >
> >Hi Sanjay,
> >
> >OK.. You say the error is unable to engage rampart module.
> >Probably is not this, but did you check if your WEB-INF\lib
> >for Axis2 contains axis2-codegen.jar? There is a known error
> >related to that [1].
> >
> >Cheers,
> >Joana
> >
> >[1] - http://www.mail-archive.com/axis-user@ws.apache.org/msg32944.html
> >
>
--
Student Intern
SAP Research - Security & Trust
SAP Labs France
805 Avenue du Dr. Maurice Donat
06250 Mougins
T +33/492286319
F +33/492286201
Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
RE: Timestamp validation error when invoking a Rampart service with a .NET client.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi Joanna,
Yes, I do have the axis2-codegen-1.3.jar file. Are you using the
rampart-SNAPSHOT.mar file as well? The funny thing is everything works
perfectly well with the rampart-1.3.mar file. Cheers.
Regards
Sanjay
>-----Original Message-----
>From: Joana M. F. Trindade [mailto:jmftrindade@gmail.com]
>Sent: 25 February 2008 12:59
>To: rampart-dev@ws.apache.org
>Subject: Re: Timestamp validation error when invoking a
>Rampart service with a .NET client.
>
>Hi Sanjay,
>
>OK.. You say the error is unable to engage rampart module.
>Probably is not this, but did you check if your WEB-INF\lib
>for Axis2 contains axis2-codegen.jar? There is a known error
>related to that [1].
>
>Cheers,
>Joana
>
>[1] - http://www.mail-archive.com/axis-user@ws.apache.org/msg32944.html
>
Re: Timestamp validation error when invoking a Rampart service with a .NET client.
Posted by "Joana M. F. Trindade" <jm...@gmail.com>.
Hi Sanjay,
OK.. You say the error is unable to engage rampart module. Probably is not
this, but did you check if your WEB-INF\lib for Axis2 contains
axis2-codegen.jar? There is a known error related to that [1].
Cheers,
Joana
[1] - http://www.mail-archive.com/axis-user@ws.apache.org/msg32944.html
On Mon, Feb 25, 2008 at 1:44 PM, Sanjay Vivek <Sa...@newcastle.ac.uk>
wrote:
> Hi Joanna,
>
> I tried what you suggested but still no luck. Basically I created a
> ConfigurationContext object in the following manner:
>
> private static String confPath = "C:\\rampart\\policy";
> private static String axisPath = "C:\\axis2-1.3\\conf\\axis2.xml";
>
> ConfigurationContext ctx =
> ConfigurationContextFactory.
> createConfigurationContextFromFileSystem(confPath,
> axisPath);
>
> I'm still getting the "Unable to engage module : rampart" error. Thanks
> again for your help.
>
> Cheers
> Sanjay
>
>
>
> >-----Original Message-----
> >From: Joana M. F. Trindade [mailto:jmftrindade@gmail.com]
> >Sent: 25 February 2008 12:04
> >To: rampart-dev@ws.apache.org
> >Subject: Re: Timestamp validation error when invoking a
> >Rampart service with a .NET client.
> >
> >Hi Sanjay,
> >
> >I remember that because you also have to inform the full path
> >of your axis2.xml file to the ConfigurationContext object, as
> >explained in [1].
> >
> >So it would look like this:
> >
> >ConfigurationContext ctx =
> > ConfigurationContextFactory.
> >
> >createConfigurationContextFromFileSystem(confPath,"C:\something
> >\axis2.xml");
> >
> >Cheers,
> >Joana
> >
> >[1] -
> >http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200802.
> >mbox/%3c9e2fff830802210213k53e2d394u9611f1ac5737829e@mail.gmail.com%3e
> >
>
--
Student Intern
SAP Research - Security & Trust
SAP Labs France
805 Avenue du Dr. Maurice Donat
06250 Mougins
T +33/492286319
F +33/492286201
Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
RE: Timestamp validation error when invoking a Rampart service with a .NET client.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi Joanna,
I tried what you suggested but still no luck. Basically I created a
ConfigurationContext object in the following manner:
private static String confPath = "C:\\rampart\\policy";
private static String axisPath = "C:\\axis2-1.3\\conf\\axis2.xml";
ConfigurationContext ctx =
ConfigurationContextFactory.
createConfigurationContextFromFileSystem(confPath,
axisPath);
I'm still getting the "Unable to engage module : rampart" error. Thanks
again for your help.
Cheers
Sanjay
>-----Original Message-----
>From: Joana M. F. Trindade [mailto:jmftrindade@gmail.com]
>Sent: 25 February 2008 12:04
>To: rampart-dev@ws.apache.org
>Subject: Re: Timestamp validation error when invoking a
>Rampart service with a .NET client.
>
>Hi Sanjay,
>
>I remember that because you also have to inform the full path
>of your axis2.xml file to the ConfigurationContext object, as
>explained in [1].
>
>So it would look like this:
>
>ConfigurationContext ctx =
> ConfigurationContextFactory.
>
>createConfigurationContextFromFileSystem(confPath,"C:\something
>\axis2.xml");
>
>Cheers,
>Joana
>
>[1] -
>http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200802.
>mbox/%3c9e2fff830802210213k53e2d394u9611f1ac5737829e@mail.gmail.com%3e
>
Re: Timestamp validation error when invoking a Rampart service with a .NET client.
Posted by "Joana M. F. Trindade" <jm...@gmail.com>.
Hi Sanjay,
I remember that because you also have to inform the full path of your
axis2.xml file to the ConfigurationContext object, as explained in [1].
So it would look like this:
ConfigurationContext ctx =
ConfigurationContextFactory.
createConfigurationContextFromFileSystem(confPath,"C:\something\axis2.xml");
Cheers,
Joana
[1] -
http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200802.mbox/%3c9e2fff830802210213k53e2d394u9611f1ac5737829e@mail.gmail.com%3e
On Mon, Feb 25, 2008 at 12:37 PM, Sanjay Vivek <Sa...@newcastle.ac.uk>
wrote:
> Hi Ruchith,
>
> I created the ServiceClient instance with a configuration context in the
> following manner:
>
> ConfigurationContext ctx =
> ConfigurationContextFactory.
> createConfigurationContextFromFileSystem(confPath,
> null);
>
> ServiceClient client = new ServiceClient(ctx, null);
>
> where confPath = C:\rampart\policy
>
> The contents of C:\rampart\policy is:
>
> +policy
> +conf
> -policy.xml
> +modules
> -addressing-1.3.mar
> -rampart-SNAPSHOT.mar
>
> What am I doing wrong? I didn't encounter any such problems with the
> rampart-1.3.mar from the offical Apache Rampart site. Thanks again.
>
> Regards
> Sanjay
>
> >-----Original Message-----
> >From: Ruchith Fernando [mailto:ruchithf@apache.org]
> >Sent: 25 February 2008 11:07
> >To: rampart-dev@ws.apache.org
> >Subject: Re: Timestamp validation error when invoking a
> >Rampart service with a .NET client.
> >
> >
> >
> >Sanjay Vivek wrote:
> >> I just realised I forgot to update rampart.mar files on the client
> >> side with the SNAPSHOT version. I updated the client side with the
> >> latest SNAPSHOT version. However, I get the following errors when I
> >> try to consume the service with the client shown below:
> >>
> >> Exception in thread "main" org.apache.axis2.AxisFault: Unable to
> >> engage module : rampart
> >> at
> >>
> >org.apache.axis2.client.ServiceClient.engageModule(ServiceClient.java:
> >> 33
> >> 9)
> >> at
> >>
> >org.apache.rampart.policy.CommandLineClient.main(CommandLineCli
> >ent.java:
> >> 59)
> >>
> >> Basically, I'm getting errors at
> >>
> >> client.engageModule("rampart");
> >>
> >> I've tried changing it to:
> >>
> >> client.engageModule("rampart-SNAPSHOT");
> >>
> >> But I get similiar errors. What should the right parameter
> >be for the
> >> above method? My client is given below. Cheers
> >
> >
> >It should be :
> >
> >client.engageModule("rampart");
> >
> >Did you create the ServiceClient instance with a configuration
> >context (created out of an axis2 repo where
> >rampart-SNAPSHOT.mar is available in the modules directory)?
> >
> >Thanks,
> >Ruchith
> >
>
--
Student Intern
SAP Research - Security & Trust
SAP Labs France
805 Avenue du Dr. Maurice Donat
06250 Mougins
T +33/492286319
F +33/492286201
Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade
RE: Timestamp validation error when invoking a Rampart service with a .NET client.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi Ruchith,
I created the ServiceClient instance with a configuration context in the
following manner:
ConfigurationContext ctx =
ConfigurationContextFactory.
createConfigurationContextFromFileSystem(confPath,
null);
ServiceClient client = new ServiceClient(ctx, null);
where confPath = C:\rampart\policy
The contents of C:\rampart\policy is:
+policy
+conf
-policy.xml
+modules
-addressing-1.3.mar
-rampart-SNAPSHOT.mar
What am I doing wrong? I didn't encounter any such problems with the
rampart-1.3.mar from the offical Apache Rampart site. Thanks again.
Regards
Sanjay
>-----Original Message-----
>From: Ruchith Fernando [mailto:ruchithf@apache.org]
>Sent: 25 February 2008 11:07
>To: rampart-dev@ws.apache.org
>Subject: Re: Timestamp validation error when invoking a
>Rampart service with a .NET client.
>
>
>
>Sanjay Vivek wrote:
>> I just realised I forgot to update rampart.mar files on the client
>> side with the SNAPSHOT version. I updated the client side with the
>> latest SNAPSHOT version. However, I get the following errors when I
>> try to consume the service with the client shown below:
>>
>> Exception in thread "main" org.apache.axis2.AxisFault: Unable to
>> engage module : rampart
>> at
>>
>org.apache.axis2.client.ServiceClient.engageModule(ServiceClient.java:
>> 33
>> 9)
>> at
>>
>org.apache.rampart.policy.CommandLineClient.main(CommandLineCli
>ent.java:
>> 59)
>>
>> Basically, I'm getting errors at
>>
>> client.engageModule("rampart");
>>
>> I've tried changing it to:
>>
>> client.engageModule("rampart-SNAPSHOT");
>>
>> But I get similiar errors. What should the right parameter
>be for the
>> above method? My client is given below. Cheers
>
>
>It should be :
>
>client.engageModule("rampart");
>
>Did you create the ServiceClient instance with a configuration
>context (created out of an axis2 repo where
>rampart-SNAPSHOT.mar is available in the modules directory)?
>
>Thanks,
>Ruchith
>
Re: Timestamp validation error when invoking a Rampart service with
a .NET client.
Posted by Ruchith Fernando <ru...@apache.org>.
Sanjay Vivek wrote:
> I just realised I forgot to update rampart.mar files on the client side
> with the SNAPSHOT version. I updated the client side with the latest
> SNAPSHOT version. However, I get the following errors when I try to
> consume the service with the client shown below:
>
> Exception in thread "main" org.apache.axis2.AxisFault: Unable to engage
> module : rampart
> at
> org.apache.axis2.client.ServiceClient.engageModule(ServiceClient.java:33
> 9)
> at
> org.apache.rampart.policy.CommandLineClient.main(CommandLineClient.java:
> 59)
>
> Basically, I'm getting errors at
>
> client.engageModule("rampart");
>
> I've tried changing it to:
>
> client.engageModule("rampart-SNAPSHOT");
>
> But I get similiar errors. What should the right parameter be for the
> above method? My client is given below. Cheers
It should be :
client.engageModule("rampart");
Did you create the ServiceClient instance with a configuration context
(created out of an axis2 repo where rampart-SNAPSHOT.mar is available in
the modules directory)?
Thanks,
Ruchith
>
> Regards
> Sanjay
>
>
> public class Client {
> private static EndpointReference targetEPR =
> new EndpointReference(
> "http://localhost:8083/axis2/services/PolicyEchoService");
>
> private static String confPath = "C:\\rampart\\policy";
> private static BufferedReader console = null;
>
>
> public static void main(String[] args) throws Exception {
>
> ConfigurationContext ctx =
> ConfigurationContextFactory.
> createConfigurationContextFromFileSystem(confPath,
> null);
>
> ServiceClient client = new ServiceClient(ctx, null);
> Options options = new Options();
> options.setAction("urn:echo");
> options.setTo(targetEPR);
> options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
> loadPolicy( confPath + "/conf/policy.xml"));
>
> //this username is authenticated against the PWHandlerClient
> class
> options.setUserName("sanjay");
> //options.setPassword("wspwd");
> client.setOptions(options);
>
> client.engageModule("addressing");
> client.engageModule("rampart");
>
> OMElement result = client.sendReceive(getPayload());
>
> String response = result.getFirstElement().getText();
> System.out.println(response);
> }
>
> private static Policy loadPolicy(String xmlPath) throws Exception {
> StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
> return PolicyEngine.getPolicy(builder.getDocumentElement());
> }
>
> private static OMElement getPayload() {
> OMFactory factory = OMAbstractFactory.getOMFactory();
> OMNamespace ns =
> factory.createOMNamespace("http://policy.rampart.apache.org","ns1");
> OMElement elem = factory.createOMElement("echo", ns);
>
> return elem;
> }
>
> }
>
>> -----Original Message-----
>> From: Sanjay Vivek [mailto:Sanjay.Vivek@newcastle.ac.uk]
>> Sent: 25 February 2008 10:15
>> To: rampart-dev@ws.apache.org
>> Subject: RE: Timestamp validation error when invoking a
>> Rampart service with a .NET client.
>>
>> Hi again,
>>
>> I've just updated my rampart.mar and all the relevant jar
>> files with the latest SNAPSHOT version. However, when I
>> consume a simple Policy based echo service, I get the errors
>> shown below. This service worked perfectly well before I
>> updated my rampart installation with the SNAPSHOT version.
>> I've also provided the TCPMON logs. I've also updated my
>> axis2.xml to include the Security phase as described in
>> http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200801.
> mbox/%3c9
>> e2fff830801131926k11da43a9v15879e4aa67203b@mail.gmail.com%3e
>>
>> Any pointers on how I should proceed or what I'm doing wrong
>> would be helpful. Cheers.
>>
>> Regards
>> Sanjay
>>
>> Exception in thread "main" org.apache.axis2.AxisFault:
>> java.lang.NoSuchFieldError: INVALID_SECURITY
>> at
>> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(U
>> tils.java
>> :486)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.handleRes
>> ponse(Out
>> InAxisOperation.java:343)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.send(OutI
>> nAxisOper
>> ation.java:389)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.executeIm
>> pl(OutInA
>> xisOperation.java:211)
>> at
>> org.apache.axis2.client.OperationClient.execute(OperationClient
>> .java:163
>> )
>> at
>> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient
>> .java:528
>> )
>> at
>> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient
>> .java:508
>> )
>> at
>> org.apache.rampart.policy.CommandLineClient.main(CommandLineCli
>> ent.java:
>> 61)
>>
>>
>> TCPMON Request:
>> <?xml version='1.0' encoding='UTF-8'?>
>> <soapenv:Envelope
>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>> <soapenv:Header>
>> <wsse:Security
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wsse
>> curity-secext-1.0.xsd" soapenv:mustUnderstand="1">
>> <wsse:UsernameToken
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
>> wss-wssec
>> urity-utility-1.0.xsd" wsu:Id="UsernameToken-12430225">
>> <wsse:Username>sanjay</wsse:Username>
>> <wsse:Password
>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-u
> sername-t
>> oken-profile-1.0#PasswordText">wspwd</wsse:Password>
>> </wsse:UsernameToken>
>> </wsse:Security>
>>
>> <wsa:To>http://localhost:8083/axis2/services/PolicyEchoService</wsa:To>
>>
>> <wsa:MessageID>urn:uuid:0781AB61A921057FFD1203933147477</wsa:MessageID>
>> <wsa:Action>urn:echo</wsa:Action>
>> </soapenv:Header>
>> <soapenv:Body>
>> <ns1:echo xmlns:ns1="http://policy.rampart.apache.org" />
>> </soapenv:Body>
>> </soapenv:Envelope>
>>
>> TCP Response:
>>
>> <?xml version='1.0' encoding='UTF-8'?>
>> <soapenv:Envelope
>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsa="http://www.w3.org/2005/08/addressing">
>> <soapenv:Header>
>>
>> <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</ws
> a:Action>
>> <wsa:RelatesTo>urn:uuid:0781AB61A921057FFD1203933147477</wsa:RelatesTo>
>> </soapenv:Header>
>> <soapenv:Body>
>> <soapenv:Fault>
>> <faultcode>soapenv:Server</faultcode>
>> <faultstring>java.lang.NoSuchFieldError:
>> INVALID_SECURITY</faultstring>
>> <detail />
>> </soapenv:Fault>
>> </soapenv:Body>
>> </soapenv:Envelope>
>>
>>
>>
>>> -----Original Message-----
>>> From: Ruchith Fernando [mailto:ruchithf@apache.org]
>>> Sent: 25 February 2008 07:07
>>> To: rampart-dev@ws.apache.org
>>> Subject: Re: Timestamp validation error when invoking a
>> Rampart service
>>> with a .NET client.
>>>
>>> Hi,
>>>
>>> Please get them from here :
>>>
>>> http://people.apache.org/~ruchithf/rampart/SNAPSHOT/
>>>
>>> Thanks,
>>> Ruchith
>>>
>
RE: Timestamp validation error when invoking a Rampart service with a .NET client.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
I just realised I forgot to update rampart.mar files on the client side
with the SNAPSHOT version. I updated the client side with the latest
SNAPSHOT version. However, I get the following errors when I try to
consume the service with the client shown below:
Exception in thread "main" org.apache.axis2.AxisFault: Unable to engage
module : rampart
at
org.apache.axis2.client.ServiceClient.engageModule(ServiceClient.java:33
9)
at
org.apache.rampart.policy.CommandLineClient.main(CommandLineClient.java:
59)
Basically, I'm getting errors at
client.engageModule("rampart");
I've tried changing it to:
client.engageModule("rampart-SNAPSHOT");
But I get similiar errors. What should the right parameter be for the
above method? My client is given below. Cheers
Regards
Sanjay
public class Client {
private static EndpointReference targetEPR =
new EndpointReference(
"http://localhost:8083/axis2/services/PolicyEchoService");
private static String confPath = "C:\\rampart\\policy";
private static BufferedReader console = null;
public static void main(String[] args) throws Exception {
ConfigurationContext ctx =
ConfigurationContextFactory.
createConfigurationContextFromFileSystem(confPath,
null);
ServiceClient client = new ServiceClient(ctx, null);
Options options = new Options();
options.setAction("urn:echo");
options.setTo(targetEPR);
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy( confPath + "/conf/policy.xml"));
//this username is authenticated against the PWHandlerClient
class
options.setUserName("sanjay");
//options.setPassword("wspwd");
client.setOptions(options);
client.engageModule("addressing");
client.engageModule("rampart");
OMElement result = client.sendReceive(getPayload());
String response = result.getFirstElement().getText();
System.out.println(response);
}
private static Policy loadPolicy(String xmlPath) throws Exception {
StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
private static OMElement getPayload() {
OMFactory factory = OMAbstractFactory.getOMFactory();
OMNamespace ns =
factory.createOMNamespace("http://policy.rampart.apache.org","ns1");
OMElement elem = factory.createOMElement("echo", ns);
return elem;
}
}
>-----Original Message-----
>From: Sanjay Vivek [mailto:Sanjay.Vivek@newcastle.ac.uk]
>Sent: 25 February 2008 10:15
>To: rampart-dev@ws.apache.org
>Subject: RE: Timestamp validation error when invoking a
>Rampart service with a .NET client.
>
>Hi again,
>
>I've just updated my rampart.mar and all the relevant jar
>files with the latest SNAPSHOT version. However, when I
>consume a simple Policy based echo service, I get the errors
>shown below. This service worked perfectly well before I
>updated my rampart installation with the SNAPSHOT version.
>I've also provided the TCPMON logs. I've also updated my
>axis2.xml to include the Security phase as described in
>http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200801.
mbox/%3c9
>e2fff830801131926k11da43a9v15879e4aa67203b@mail.gmail.com%3e
>
>Any pointers on how I should proceed or what I'm doing wrong
>would be helpful. Cheers.
>
>Regards
>Sanjay
>
>Exception in thread "main" org.apache.axis2.AxisFault:
>java.lang.NoSuchFieldError: INVALID_SECURITY
> at
>org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(U
>tils.java
>:486)
> at
>org.apache.axis2.description.OutInAxisOperationClient.handleRes
>ponse(Out
>InAxisOperation.java:343)
> at
>org.apache.axis2.description.OutInAxisOperationClient.send(OutI
>nAxisOper
>ation.java:389)
> at
>org.apache.axis2.description.OutInAxisOperationClient.executeIm
>pl(OutInA
>xisOperation.java:211)
> at
>org.apache.axis2.client.OperationClient.execute(OperationClient
>.java:163
>)
> at
>org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient
>.java:528
>)
> at
>org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient
>.java:508
>)
> at
>org.apache.rampart.policy.CommandLineClient.main(CommandLineCli
>ent.java:
>61)
>
>
>TCPMON Request:
><?xml version='1.0' encoding='UTF-8'?>
> <soapenv:Envelope
>xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>xmlns:wsa="http://www.w3.org/2005/08/addressing">
> <soapenv:Header>
> <wsse:Security
>xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401
-wss-wsse
>curity-secext-1.0.xsd" soapenv:mustUnderstand="1">
> <wsse:UsernameToken
>xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
>wss-wssec
>urity-utility-1.0.xsd" wsu:Id="UsernameToken-12430225">
> <wsse:Username>sanjay</wsse:Username>
> <wsse:Password
>Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-u
sername-t
>oken-profile-1.0#PasswordText">wspwd</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
>
><wsa:To>http://localhost:8083/axis2/services/PolicyEchoService</wsa:To>
>
><wsa:MessageID>urn:uuid:0781AB61A921057FFD1203933147477</wsa:MessageID>
> <wsa:Action>urn:echo</wsa:Action>
> </soapenv:Header>
> <soapenv:Body>
> <ns1:echo xmlns:ns1="http://policy.rampart.apache.org" />
> </soapenv:Body>
> </soapenv:Envelope>
>
>TCP Response:
>
><?xml version='1.0' encoding='UTF-8'?>
> <soapenv:Envelope
>xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>xmlns:wsa="http://www.w3.org/2005/08/addressing">
> <soapenv:Header>
>
><wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</ws
a:Action>
>
><wsa:RelatesTo>urn:uuid:0781AB61A921057FFD1203933147477</wsa:RelatesTo>
> </soapenv:Header>
> <soapenv:Body>
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring>java.lang.NoSuchFieldError:
>INVALID_SECURITY</faultstring>
> <detail />
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
>
>>-----Original Message-----
>>From: Ruchith Fernando [mailto:ruchithf@apache.org]
>>Sent: 25 February 2008 07:07
>>To: rampart-dev@ws.apache.org
>>Subject: Re: Timestamp validation error when invoking a
>Rampart service
>>with a .NET client.
>>
>>Hi,
>>
>>Please get them from here :
>>
>>http://people.apache.org/~ruchithf/rampart/SNAPSHOT/
>>
>>Thanks,
>>Ruchith
>>
>
RE: Timestamp validation error when invoking a Rampart service with a .NET client.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi again,
I've just updated my rampart.mar and all the relevant jar files with the
latest SNAPSHOT version. However, when I consume a simple Policy based
echo service, I get the errors shown below. This service worked
perfectly well before I updated my rampart installation with the
SNAPSHOT version. I've also provided the TCPMON logs. I've also updated
my axis2.xml to include the Security phase as described in
http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/200801.mbox/%3c9
e2fff830801131926k11da43a9v15879e4aa67203b@mail.gmail.com%3e
Any pointers on how I should proceed or what I'm doing wrong would be
helpful. Cheers.
Regards
Sanjay
Exception in thread "main" org.apache.axis2.AxisFault:
java.lang.NoSuchFieldError: INVALID_SECURITY
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java
:486)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(Out
InAxisOperation.java:343)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOper
ation.java:389)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInA
xisOperation.java:211)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163
)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528
)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:508
)
at
org.apache.rampart.policy.CommandLineClient.main(CommandLineClient.java:
61)
TCPMON Request:
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://www.w3.org/2005/08/addressing">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd" wsu:Id="UsernameToken-12430225">
<wsse:Username>sanjay</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-t
oken-profile-1.0#PasswordText">wspwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:To>http://localhost:8083/axis2/services/PolicyEchoService</wsa:To>
<wsa:MessageID>urn:uuid:0781AB61A921057FFD1203933147477</wsa:MessageID>
<wsa:Action>urn:echo</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<ns1:echo xmlns:ns1="http://policy.rampart.apache.org" />
</soapenv:Body>
</soapenv:Envelope>
TCP Response:
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://www.w3.org/2005/08/addressing">
<soapenv:Header>
<wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>
<wsa:RelatesTo>urn:uuid:0781AB61A921057FFD1203933147477</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>java.lang.NoSuchFieldError:
INVALID_SECURITY</faultstring>
<detail />
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
>-----Original Message-----
>From: Ruchith Fernando [mailto:ruchithf@apache.org]
>Sent: 25 February 2008 07:07
>To: rampart-dev@ws.apache.org
>Subject: Re: Timestamp validation error when invoking a
>Rampart service with a .NET client.
>
>Hi,
>
>Please get them from here :
>
>http://people.apache.org/~ruchithf/rampart/SNAPSHOT/
>
>Thanks,
>Ruchith
>
Re: Timestamp validation error when invoking a Rampart service with
a .NET client.
Posted by Ruchith Fernando <ru...@apache.org>.
Hi,
Please get them from here :
http://people.apache.org/~ruchithf/rampart/SNAPSHOT/
Thanks,
Ruchith
Sanjay Vivek wrote:
> Hi Ruchith,
>
> I'm using the latest version as found in
> http://ws.apache.org/axis2/download/1_3/download.cgi But I'm guessing
> this isn't the latest SNAPSHOT release. Where do I get the latest
> SNAPSHOT? Cheers.
>
> Regards
> Sanjay
>
>> -----Original Message-----
>> From: Ruchith Fernando [mailto:ruchithf@apache.org]
>> Sent: 15 February 2008 03:38
>> To: rampart-dev@ws.apache.org
>> Subject: Re: Timestamp validation error when invoking a
>> Rampart service with a .NET client.
>>
>> Which version of Rampart are you using? The current Rampart
>> trunk interops with MSFT WCF. Can you please try with the
>> latest SNAPSHOT.
>>
>> Thanks,
>> Ruchith
>>
>
RE: Timestamp validation error when invoking a Rampart service with a .NET client.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi Ruchith,
I'm using the latest version as found in
http://ws.apache.org/axis2/download/1_3/download.cgi But I'm guessing
this isn't the latest SNAPSHOT release. Where do I get the latest
SNAPSHOT? Cheers.
Regards
Sanjay
>-----Original Message-----
>From: Ruchith Fernando [mailto:ruchithf@apache.org]
>Sent: 15 February 2008 03:38
>To: rampart-dev@ws.apache.org
>Subject: Re: Timestamp validation error when invoking a
>Rampart service with a .NET client.
>
>Which version of Rampart are you using? The current Rampart
>trunk interops with MSFT WCF. Can you please try with the
>latest SNAPSHOT.
>
>Thanks,
>Ruchith
>
Re: Timestamp validation error when invoking a Rampart service with
a .NET client.
Posted by Ruchith Fernando <ru...@apache.org>.
Which version of Rampart are you using? The current Rampart trunk
interops with MSFT WCF. Can you please try with the latest SNAPSHOT.
Thanks,
Ruchith
Sanjay Vivek wrote:
> Hi everyone,
>
> I'm attempting to consume a policy based Rampart service with a .NET
> client. However, I'm getting the following error:
>
> "System.Web.Services.Protocols.SoapException: The timestamp could not be
> validated"
>
> I don't get this error when I consume a similiar parameter based Rampart
> service. Is the formatting for the timestamp in a policy based service
> different to a parameter based service? The tcpmon logs are given below.
> Any pointers on how I should proceed would be very helpful. Cheers.
>
> The SOAP request:
> <?xml version="1.0" encoding="utf-8"?>
> <log>
> <outputMessage utc="11/02/2008 14:36:53"
> messageId="urn:uuid:65be6012-0969-4ff4-80dd-8bafedee04e2">
> <processingStep description="Unprocessed message">
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema">
> <soap:Body>
> <getGroupMembers
> xmlns="http://webservicesSecurity.grouper.middleware.internet2.edu/xsd">
> <groupName>ncl:services:students</groupName>
> </getGroupMembers>
> </soap:Body>
> </soap:Envelope>
> </processingStep>
> <processingStep description="Entering SOAP filter
> Microsoft.Web.Services3.Design.UsernameOverTransportAssertion+ClientOutp
> utFilter" />
> <processingStep description="Exited SOAP filter
> Microsoft.Web.Services3.Design.UsernameOverTransportAssertion+ClientOutp
> utFilter" />
> <processingStep description="Processed message">
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
> curity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> urity-utility-1.0.xsd">
> <soap:Header>
> <wsa:Action>urn:getGroupMembers</wsa:Action>
> <wsa:MessageID>urn:uuid:65be6012-0969-4ff4-80dd-8bafedee04e2</wsa:Messag
> eID>
> <wsa:ReplyTo>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anony
> mous</wsa:Address>
> </wsa:ReplyTo>
> <wsa:To>http://pod.ncl.ac.uk:8083/sanjaygrouper/services/SecureGrouperSe
> rvice</wsa:To>
> <wsse:Security soap:mustUnderstand="1">
> <wsu:Timestamp wsu:Id="Timestamp-82f65036-c550-4ce8-a2be-d9907049e6be">
> <wsu:Created>2008-02-11T14:36:53Z</wsu:Created>
> <wsu:Expires>2008-02-11T14:41:53Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> urity-utility-1.0.xsd"
> wsu:Id="SecurityToken-ddb6e418-ba28-4735-9cc3-1c2d16ec68d6">
> <wsse:Username>mariah.carey@hotmail.com</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-t
> oken-profile-1.0#PasswordText">wspwd</wsse:Password>
> <wsse:Nonce>hn8l+0Qibhcl+99lBeiN4g==</wsse:Nonce>
> <wsu:Created>2008-02-11T14:36:53Z</wsu:Created>
> </wsse:UsernameToken>
> </wsse:Security>
> </soap:Header>
> <soap:Body>
> <getGroupMembers
> xmlns="http://webservicesSecurity.grouper.middleware.internet2.edu/xsd">
> <groupName>ncl:services:students</groupName>
> </getGroupMembers>
> </soap:Body>
> </soap:Envelope>
> </processingStep>
> </outputMessage>
> </log>
>
>
> And the SOAP response:
> <?xml version="1.0" encoding="utf-8"?>
> <log>
> <inputMessage utc="11/02/2008 14:36:53"
> messageId="urn:uuid:FAE2878FEC187ECEFE1202740115631">
> <processingStep description="Unprocessed message">
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
> <soapenv:Header>
> <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous<
> /wsa:To>
> <wsa:MessageID>urn:uuid:FAE2878FEC187ECEFE1202740115631</wsa:MessageID>
> <wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:
> Action>
> <wsa:RelatesTo>urn:uuid:65be6012-0969-4ff4-80dd-8bafedee04e2</wsa:Relate
> sTo>
> </soapenv:Header>
> <soapenv:Body>
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring>The timestamp could not be validated</faultstring>
> <detail />
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> </processingStep>
> <processingStep description="Entering SOAP filter
> Microsoft.Web.Services3.Design.UsernameOverTransportAssertion+ClientInpu
> tFilter" />
> <processingStep description="Exited SOAP filter
> Microsoft.Web.Services3.Design.UsernameOverTransportAssertion+ClientInpu
> tFilter" />
> <processingStep description="Processed message">
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
> <soapenv:Header />
> <soapenv:Body>
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring>The timestamp could not be validated</faultstring>
> <detail />
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> </processingStep>
> </inputMessage>
> </log>
>
>
> Regards
> --------------
> Sanjay Vivek
> Web Analyst
> Middleware Team
> ISS
> University of Newcastle Upon Tyne
>