You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Brian Baldwin <bo...@gmail.com> on 2007/07/25 21:37:05 UTC
[Axis2] accessing a policy-secured webservice using a WSDL2Java client
I've been using Axis1.x to access my webservice using WSDL2Java generated
stubs...works great...I use the Locator class.
I've modified my webservice to use WS-Policy directives (Sign and Auth).
The WSDL has changed as expected to include the <wsp:policy> elements for
Sign and Auth.
Do I need to use Axis2/Rampart to generate the client stubs and apply the
encryption now that my webservice is using WS-Policy directives?
Is there an example for using Axis/Axis2 to access a policy-enabled web
service?
My webservice is deployed to WLS 9.2 and I can use weblogic's
clientgen-generated stubs to encrypt and digitally-sign the
message. However, I would like my clients to be able to use Axis.
I've been trying to use Axis2/Rampart but can't get it working.
I've been getting an 'InvalidKeyException: Wrong key usage'.
Follow on question would be with WS-Policy Auth.xml does that mean I should
use the Encrypt item in the OutflowSecurity parameter for Rampart? Does
WS-Policy Sign.xml map to the Signature item in OutflowSecurity? What
WS-Policy would cause me to need to use the Timestamp item in
OutflowSecurity?
Thank you in advance
Brian
Re: [Axis2] WS-Policy
Posted by Jim Collins <ja...@blueyonder.co.uk>.
Hi Sanka,
I will send the WSDL tomorrow.
Thanks for your help.
Jim
----- Original Message -----
From: "Sanka Samaranayke" <ss...@gmail.com>
To: <ax...@ws.apache.org>
Cc: <pz...@gmail.com>
Sent: Wednesday, October 03, 2007 12:35 PM
Subject: Re: [Axis2] WS-Policy
>
> Hi Jim,
>
> I would be great if you can post the WSDL which you used to generate the
> stub so that we see whether we can reproduce the problem.
>
> Thanks,
> Sanka
>
>
> Jim Collins wrote:
>> Hi Paul/Sanka,
>>
>> Thanks for the reply and apologies for taking so long in getting back to
>> you.
>> I have looked at the Rampart examples and they have a separate policy.
>> The policy that I use is part of the WSDL.
>>
>> I can see in the generated stub that the policy is being set e.g.
>>
>> (__operation).getMessage(org.apache.axis2.wsdl.WSDLConstants.MESSAGE_LABEL_OUT_VALUE).getPolicyInclude().setPolicy(getPolicy("<wsp:Policy
>> xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">...</wsp:Policy>"));
>>
>> After generating the Stub I then installed Rampart and was then getting
>> errors when I tried to generate the stub again. I got a
>> CodeGenerationException
>>
>> java.lang.RuntimeException: can't serialize the policy ..
>>
>> I have used Axis1 in the past but I am new to Axis2 and not sure how I
>> use the rampart module for just the client and specify the policy if it
>> is part of an existing WSDL.
>>
>> Thanks
>>
>> Jim
>>
>>
>> ----- Original Message ----- From: "Paul Fremantle" <pz...@gmail.com>
>> To: <ax...@ws.apache.org>
>> Sent: Friday, September 28, 2007 8:00 AM
>> Subject: Re: [Axis2] WS-Policy
>>
>>
>>> Probably the best thing would be to look at some of the Rampart
>>> samples that are driven by policy. If you can give us some idea of the
>>> policy that is being used it might help.
>>>
>>> Basically, each public policy provided by the remote service requires
>>> some config locally. For example, if the policy says "encrypt" then
>>> you need to config the keystore. If the policy says
>>> "username/password" you need to let rampart have those.
>>>
>>> Now here's the freaky bit. Rampart also uses policy to *configure* the
>>> local items. So you need to give Rampart the local policy as well as
>>> the remote policy which is already burnt into your stub. Both will be
>>> merged to make a master policy which will make Rampart do the right
>>> thing.
>>>
>>> Paul
>>>
>>> On 9/28/07, Sanka Samaranayke <ss...@gmail.com> wrote:
>>>>
>>>> Hi Jim,
>>>>
>>>> 1) If you want to get WS-Security policy being supported in the stub,
>>>> you need to instantiate the stub by giving a ConfigurationContext obj
>>>> which points a repository which contains a rampart mar.
>>>>
>>>> 2) Then you need to attach rampart specific policies to the AxisService
>>>> obj which is used internally by the stub. You can do that as follows.
>>>>
>>>> ServiceClient _serviceClient = stub._getServiceClient();
>>>> AxisService service = _serviceClient.getAxisService();
>>>> service.getPolicyInclude().addPolicy(policy);
>>>>
>>>> Here the policy object should contain configuration policies of rampart
>>>> which are needed to provides security requirements specified by
>>>> policy expressions in the service wsdl document.
>>>>
>>>> For example, if the service requires username token then you need to
>>>> attach a policy expression with rampart assertions which specify
>>>> Password callback class.
>>>>
>>>>
>>>>
>>>> HTH,
>>>> Sanka
>>>>
>>>> 1) First you need to instantiate the stub giving a configuration
>>>> context
>>>>
>>>> Jim Collins wrote:
>>>> > Hi,
>>>> >
>>>> > I am trying to write a Web Service client that accesses a Service
>>>> that
>>>> > uses WS-Policy. The WSDL is correctly configured with the policy
>>>> and I
>>>> > was able to generate the client stub and I can see from the source
>>>> > that it is adding the policy.
>>>> >
>>>> > What I am not sure is what I need to do when calling methods on
>>>> the on
>>>> > the client stub to make sure that it carries out what is in the
>>>> policy
>>>> > e.g. sending a token.
>>>> >
>>>> > Any help would be appreciated.
>>>> >
>>>> > Thanks
>>>> >
>>>> > Jim
>>>>
>>>>
>>>> --
>>>> Sanka Samaranayake
>>>> WSO2 Inc.
>>>>
>>>> http://www.bloglines.com/blog/sanka
>>>> http://www.wso2.org/
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>>>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>>>
>>>>
>>>
>>>
>>> --
>>> Paul Fremantle
>>> Co-Founder and VP of Technical Sales, WSO2
>>> OASIS WS-RX TC Co-chair
>>>
>>> blog: http://pzf.fremantle.org
>>> paul@wso2.com
>>>
>>> "Oxygenating the Web Service Platform", www.wso2.com
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>>
>>>
>>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>
>>
>
>
> --
> Sanka Samaranayake
> WSO2 Inc.
>
> http://www.bloglines.com/blog/sanka
> http://www.wso2.org/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Axis2] WS-Policy
Posted by Sanka Samaranayke <ss...@gmail.com>.
Hi Jim,
I would be great if you can post the WSDL which you used to generate the stub
so that we see whether we can reproduce the problem.
Thanks,
Sanka
Jim Collins wrote:
> Hi Paul/Sanka,
>
> Thanks for the reply and apologies for taking so long in getting back
> to you.
>
> I have looked at the Rampart examples and they have a separate policy.
> The policy that I use is part of the WSDL.
>
> I can see in the generated stub that the policy is being set e.g.
>
> (__operation).getMessage(org.apache.axis2.wsdl.WSDLConstants.MESSAGE_LABEL_OUT_VALUE).getPolicyInclude().setPolicy(getPolicy("<wsp:Policy
> xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">...</wsp:Policy>"));
>
>
> After generating the Stub I then installed Rampart and was then
> getting errors when I tried to generate the stub again. I got a
> CodeGenerationException
>
> java.lang.RuntimeException: can't serialize the policy ..
>
> I have used Axis1 in the past but I am new to Axis2 and not sure how I
> use the rampart module for just the client and specify the policy if
> it is part of an existing WSDL.
>
> Thanks
>
> Jim
>
>
> ----- Original Message ----- From: "Paul Fremantle" <pz...@gmail.com>
> To: <ax...@ws.apache.org>
> Sent: Friday, September 28, 2007 8:00 AM
> Subject: Re: [Axis2] WS-Policy
>
>
>> Probably the best thing would be to look at some of the Rampart
>> samples that are driven by policy. If you can give us some idea of the
>> policy that is being used it might help.
>>
>> Basically, each public policy provided by the remote service requires
>> some config locally. For example, if the policy says "encrypt" then
>> you need to config the keystore. If the policy says
>> "username/password" you need to let rampart have those.
>>
>> Now here's the freaky bit. Rampart also uses policy to *configure* the
>> local items. So you need to give Rampart the local policy as well as
>> the remote policy which is already burnt into your stub. Both will be
>> merged to make a master policy which will make Rampart do the right
>> thing.
>>
>> Paul
>>
>> On 9/28/07, Sanka Samaranayke <ss...@gmail.com> wrote:
>>>
>>> Hi Jim,
>>>
>>> 1) If you want to get WS-Security policy being supported in the
>>> stub, you need to instantiate the stub by giving a
>>> ConfigurationContext obj
>>> which points a repository which contains a rampart mar.
>>>
>>> 2) Then you need to attach rampart specific policies to the
>>> AxisService obj which is used internally by the stub. You can do
>>> that as follows.
>>>
>>> ServiceClient _serviceClient = stub._getServiceClient();
>>> AxisService service = _serviceClient.getAxisService();
>>> service.getPolicyInclude().addPolicy(policy);
>>>
>>> Here the policy object should contain configuration policies of
>>> rampart which are needed to provides security requirements specified by
>>> policy expressions in the service wsdl document.
>>>
>>> For example, if the service requires username token then you need to
>>> attach a policy expression with rampart assertions which specify
>>> Password callback class.
>>>
>>>
>>>
>>> HTH,
>>> Sanka
>>>
>>> 1) First you need to instantiate the stub giving a configuration
>>> context
>>>
>>> Jim Collins wrote:
>>> > Hi,
>>> >
>>> > I am trying to write a Web Service client that accesses a Service
>>> that
>>> > uses WS-Policy. The WSDL is correctly configured with the policy
>>> and I
>>> > was able to generate the client stub and I can see from the source
>>> > that it is adding the policy.
>>> >
>>> > What I am not sure is what I need to do when calling methods on
>>> the on
>>> > the client stub to make sure that it carries out what is in the
>>> policy
>>> > e.g. sending a token.
>>> >
>>> > Any help would be appreciated.
>>> >
>>> > Thanks
>>> >
>>> > Jim
>>>
>>>
>>> --
>>> Sanka Samaranayake
>>> WSO2 Inc.
>>>
>>> http://www.bloglines.com/blog/sanka
>>> http://www.wso2.org/
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>>
>>>
>>
>>
>> --
>> Paul Fremantle
>> Co-Founder and VP of Technical Sales, WSO2
>> OASIS WS-RX TC Co-chair
>>
>> blog: http://pzf.fremantle.org
>> paul@wso2.com
>>
>> "Oxygenating the Web Service Platform", www.wso2.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>
>>
>>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
Sanka Samaranayake
WSO2 Inc.
http://www.bloglines.com/blog/sanka
http://www.wso2.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Axis2] WS-Policy
Posted by Jim Collins <ja...@blueyonder.co.uk>.
Hi Paul/Sanka,
Thanks for the reply and apologies for taking so long in getting back to
you.
I have looked at the Rampart examples and they have a separate policy. The
policy that I use is part of the WSDL.
I can see in the generated stub that the policy is being set e.g.
(__operation).getMessage(org.apache.axis2.wsdl.WSDLConstants.MESSAGE_LABEL_OUT_VALUE).getPolicyInclude().setPolicy(getPolicy("<wsp:Policy
xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">...</wsp:Policy>"));
After generating the Stub I then installed Rampart and was then getting
errors when I tried to generate the stub again. I got a
CodeGenerationException
java.lang.RuntimeException: can't serialize the policy ..
I have used Axis1 in the past but I am new to Axis2 and not sure how I use
the rampart module for just the client and specify the policy if it is part
of an existing WSDL.
Thanks
Jim
----- Original Message -----
From: "Paul Fremantle" <pz...@gmail.com>
To: <ax...@ws.apache.org>
Sent: Friday, September 28, 2007 8:00 AM
Subject: Re: [Axis2] WS-Policy
> Probably the best thing would be to look at some of the Rampart
> samples that are driven by policy. If you can give us some idea of the
> policy that is being used it might help.
>
> Basically, each public policy provided by the remote service requires
> some config locally. For example, if the policy says "encrypt" then
> you need to config the keystore. If the policy says
> "username/password" you need to let rampart have those.
>
> Now here's the freaky bit. Rampart also uses policy to *configure* the
> local items. So you need to give Rampart the local policy as well as
> the remote policy which is already burnt into your stub. Both will be
> merged to make a master policy which will make Rampart do the right
> thing.
>
> Paul
>
> On 9/28/07, Sanka Samaranayke <ss...@gmail.com> wrote:
>>
>> Hi Jim,
>>
>> 1) If you want to get WS-Security policy being supported in the stub, you
>> need to instantiate the stub by giving a ConfigurationContext obj
>> which points a repository which contains a rampart mar.
>>
>> 2) Then you need to attach rampart specific policies to the AxisService
>> obj which is used internally by the stub. You can do that as follows.
>>
>> ServiceClient _serviceClient = stub._getServiceClient();
>> AxisService service = _serviceClient.getAxisService();
>> service.getPolicyInclude().addPolicy(policy);
>>
>> Here the policy object should contain configuration policies of rampart
>> which are needed to provides security requirements specified by
>> policy expressions in the service wsdl document.
>>
>> For example, if the service requires username token then you need to
>> attach a policy expression with rampart assertions which specify
>> Password callback class.
>>
>>
>>
>> HTH,
>> Sanka
>>
>> 1) First you need to instantiate the stub giving a configuration context
>>
>> Jim Collins wrote:
>> > Hi,
>> >
>> > I am trying to write a Web Service client that accesses a Service that
>> > uses WS-Policy. The WSDL is correctly configured with the policy and I
>> > was able to generate the client stub and I can see from the source
>> > that it is adding the policy.
>> >
>> > What I am not sure is what I need to do when calling methods on the on
>> > the client stub to make sure that it carries out what is in the policy
>> > e.g. sending a token.
>> >
>> > Any help would be appreciated.
>> >
>> > Thanks
>> >
>> > Jim
>>
>>
>> --
>> Sanka Samaranayake
>> WSO2 Inc.
>>
>> http://www.bloglines.com/blog/sanka
>> http://www.wso2.org/
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>
>>
>
>
> --
> Paul Fremantle
> Co-Founder and VP of Technical Sales, WSO2
> OASIS WS-RX TC Co-chair
>
> blog: http://pzf.fremantle.org
> paul@wso2.com
>
> "Oxygenating the Web Service Platform", www.wso2.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Axis2] WS-Policy
Posted by Paul Fremantle <pz...@gmail.com>.
Probably the best thing would be to look at some of the Rampart
samples that are driven by policy. If you can give us some idea of the
policy that is being used it might help.
Basically, each public policy provided by the remote service requires
some config locally. For example, if the policy says "encrypt" then
you need to config the keystore. If the policy says
"username/password" you need to let rampart have those.
Now here's the freaky bit. Rampart also uses policy to *configure* the
local items. So you need to give Rampart the local policy as well as
the remote policy which is already burnt into your stub. Both will be
merged to make a master policy which will make Rampart do the right
thing.
Paul
On 9/28/07, Sanka Samaranayke <ss...@gmail.com> wrote:
>
> Hi Jim,
>
> 1) If you want to get WS-Security policy being supported in the stub, you need to instantiate the stub by giving a ConfigurationContext obj
> which points a repository which contains a rampart mar.
>
> 2) Then you need to attach rampart specific policies to the AxisService obj which is used internally by the stub. You can do that as follows.
>
> ServiceClient _serviceClient = stub._getServiceClient();
> AxisService service = _serviceClient.getAxisService();
> service.getPolicyInclude().addPolicy(policy);
>
> Here the policy object should contain configuration policies of rampart which are needed to provides security requirements specified by
> policy expressions in the service wsdl document.
>
> For example, if the service requires username token then you need to attach a policy expression with rampart assertions which specify
> Password callback class.
>
>
>
> HTH,
> Sanka
>
> 1) First you need to instantiate the stub giving a configuration context
>
> Jim Collins wrote:
> > Hi,
> >
> > I am trying to write a Web Service client that accesses a Service that
> > uses WS-Policy. The WSDL is correctly configured with the policy and I
> > was able to generate the client stub and I can see from the source
> > that it is adding the policy.
> >
> > What I am not sure is what I need to do when calling methods on the on
> > the client stub to make sure that it carries out what is in the policy
> > e.g. sending a token.
> >
> > Any help would be appreciated.
> >
> > Thanks
> >
> > Jim
>
>
> --
> Sanka Samaranayake
> WSO2 Inc.
>
> http://www.bloglines.com/blog/sanka
> http://www.wso2.org/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair
blog: http://pzf.fremantle.org
paul@wso2.com
"Oxygenating the Web Service Platform", www.wso2.com
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Axis2] WS-Policy
Posted by Sanka Samaranayke <ss...@gmail.com>.
Hi Jim,
1) If you want to get WS-Security policy being supported in the stub, you need to instantiate the stub by giving a ConfigurationContext obj
which points a repository which contains a rampart mar.
2) Then you need to attach rampart specific policies to the AxisService obj which is used internally by the stub. You can do that as follows.
ServiceClient _serviceClient = stub._getServiceClient();
AxisService service = _serviceClient.getAxisService();
service.getPolicyInclude().addPolicy(policy);
Here the policy object should contain configuration policies of rampart which are needed to provides security requirements specified by
policy expressions in the service wsdl document.
For example, if the service requires username token then you need to attach a policy expression with rampart assertions which specify
Password callback class.
HTH,
Sanka
1) First you need to instantiate the stub giving a configuration context
Jim Collins wrote:
> Hi,
>
> I am trying to write a Web Service client that accesses a Service that
> uses WS-Policy. The WSDL is correctly configured with the policy and I
> was able to generate the client stub and I can see from the source
> that it is adding the policy.
>
> What I am not sure is what I need to do when calling methods on the on
> the client stub to make sure that it carries out what is in the policy
> e.g. sending a token.
>
> Any help would be appreciated.
>
> Thanks
>
> Jim
--
Sanka Samaranayake
WSO2 Inc.
http://www.bloglines.com/blog/sanka
http://www.wso2.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
[Axis2] WS-Policy
Posted by Jim Collins <ja...@blueyonder.co.uk>.
Hi,
I am trying to write a Web Service client that accesses a Service that uses WS-Policy. The WSDL is correctly configured with the policy and I was able to generate the client stub and I can see from the source that it is adding the policy.
What I am not sure is what I need to do when calling methods on the on the client stub to make sure that it carries out what is in the policy e.g. sending a token.
Any help would be appreciated.
Thanks
Jim
Re: [Axis2] accessing a policy-secured webservice using a WSDL2Java client
Posted by Brian Baldwin <bo...@gmail.com>.
thank you for the reply, Amila.
The example you provided is basically what I'm using, however I'm now
getting the error "Could not validate signature using any of the supported
token types"
I compared the weblogic debug logs when I hit it with a clientgen client
(works) and with my Axis2 client (not working)...everything seems almost
exact. The encryption algorithms listed are exactly the same, so its not
like I'm trying to use a different signature algorithm with Axis2.
The weblogic logs show that both the clientgen client and Axis2 client send
a signed timestamp, signed body, and signed token. The weblogic log with
the clientgen client however shows that it continues on with a message about
'trying to validate identity assertion token ~ x509' and that all works and
the client is allowed to connect.
I went so far as to modify my webService to remove the Auth policy leaving
only the Sign policy. I then tried Axis2 again and got the same error about
'could not validate signature using any of the supported token types'.
I greatly appreciate your response to my earlier message and I hope you can
help me debug this problem.
Brian
On 7/26/07, Amila Suriarachchi <am...@gmail.com> wrote:
>
> this is what you can do with the Axis2 and rampart
>
> first geneate the code using wsdl2java tool use -u and -g options as well.
>
> then get a rampart distribution and put all requried libs to the class
> path (these comes with the rampart distributtion) and put the .mar files to
> the repository modules.
>
> Install full strength security jars (with out this some security
> assertions does not work)
>
> write the client code like this
>
> ConfigurationContext confContext =
>
> ConfigurationContextFactory.createConfigurationContextFromFileSystem(AXIS2_REPOSITORY, AXIS2_XML);
> stub = new
> PingService10MutualCertificate10SignEncrypt_IPingServiceStub(confContext);
> stub._getServiceClient().engageModule("rampart");
>
> // set the rampart config properties correctly
> CryptoConfig signcriptoInfo = new CryptoConfig();
> signcriptoInfo.setProvider(Merlin.class.getName());
> Properties properties = new Properties();
> properties.setProperty("
> org.apache.ws.security.crypto.merlin.keystore.type ", "JKS");
> properties.setProperty("org.apache.ws.security.crypto.merlin.file",
> "security_client_wcf/conf/sec.jks");
> properties.setProperty("
> org.apache.ws.security.crypto.merlin.keystore.password ", "password");
> signcriptoInfo.setProp(properties);
>
> CryptoConfig encriptcriptoInfo = new CryptoConfig();
> encriptcriptoInfo.setProp(properties);
> encriptcriptoInfo.setProvider (Merlin.class.getName());
>
> RampartConfig config = new RampartConfig();
> config.setUser("alice");
> config.setEncryptionUser("bob");
> config.setPwCbClass(" util.PasswordCallbackHandler");
> config.setSigCryptoConfig(signcriptoInfo);
> config.setEncrCryptoConfig(encriptcriptoInfo);
>
> ramapConfigPolicy = new Policy();
> ramapConfigPolicy.addAssertion (config);
>
> try {
>
> stub._getServiceClient().getAxisService().getPolicyInclude().addPolicyElement(
> PolicyInclude.ANON_POLICY, ramapConfigPolicy);
> String result = stub.echo ("Test String");
> System.out.println("Result ==> " + result);
> } catch (RemoteException e) {
> e.printStackTrace();
> }
>
>
> here stub refers to your generated stub.
> AXIS2_REPOSITORY refers to your axis2 repository. this should have the
> rampart mar files.
>
> here you have to set the key store, user names and passwords as given
> above.
>
> You may have a password callback class like this with the correct user
> names and passwords.
>
> public class PasswordCallbackHandler implements CallbackHandler {
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
> String id = pwcb.getIdentifer();
> if ("alice".equals(id)) {
> pwcb.setPassword ("ecila");
> } else if ("bob".equals(id)) {
> pwcb.setPassword("bob");
> }
> }
> }
> }
>
> thanks,
> Amila.
>
>
>
> On 7/26/07, Brian Baldwin <bo...@gmail.com> wrote:
> >
> > I've been using Axis1.x to access my webservice using WSDL2Java
> > generated
> > stubs...works great...I use the Locator class.
> >
> > I've modified my webservice to use WS-Policy directives (Sign and Auth).
> > The WSDL has changed as expected to include the <wsp:policy> elements
> > for
> > Sign and Auth.
> >
> > Do I need to use Axis2/Rampart to generate the client stubs and apply
> > the
> > encryption now that my webservice is using WS-Policy directives?
> > Is there an example for using Axis/Axis2 to access a policy-enabled web
> > service?
> >
> > My webservice is deployed to WLS 9.2 and I can use weblogic's
> > clientgen-generated stubs to encrypt and digitally-sign the
> > message. However, I would like my clients to be able to use Axis.
> > I've been trying to use Axis2/Rampart but can't get it working.
> > I've been getting an 'InvalidKeyException: Wrong key usage'.
> >
> > Follow on question would be with WS-Policy Auth.xml does that mean I
> > should
> > use the Encrypt item in the OutflowSecurity parameter for Rampart? Does
> > WS-Policy Sign.xml map to the Signature item in OutflowSecurity? What
> > WS-Policy would cause me to need to use the Timestamp item in
> > OutflowSecurity?
> >
> > Thank you in advance
> > Brian
> >
>
>
>
> --
> Amila Suriarachchi,
> WSO2 Inc.
Re: [Axis2] accessing a policy-secured webservice using a WSDL2Java client
Posted by Amila Suriarachchi <am...@gmail.com>.
this is what you can do with the Axis2 and rampart
first geneate the code using wsdl2java tool use -u and -g options as well.
then get a rampart distribution and put all requried libs to the class path
(these comes with the rampart distributtion) and put the .mar files to the
repository modules.
Install full strength security jars (with out this some security assertions
does not work)
write the client code like this
ConfigurationContext confContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(AXIS2_REPOSITORY,
AXIS2_XML);
stub = new
PingService10MutualCertificate10SignEncrypt_IPingServiceStub(confContext);
stub._getServiceClient().engageModule("rampart");
// set the rampart config properties correctly
CryptoConfig signcriptoInfo = new CryptoConfig();
signcriptoInfo.setProvider(Merlin.class.getName());
Properties properties = new Properties();
properties.setProperty("
org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
properties.setProperty("org.apache.ws.security.crypto.merlin.file",
"security_client_wcf/conf/sec.jks");
properties.setProperty("
org.apache.ws.security.crypto.merlin.keystore.password", "password");
signcriptoInfo.setProp(properties);
CryptoConfig encriptcriptoInfo = new CryptoConfig();
encriptcriptoInfo.setProp(properties);
encriptcriptoInfo.setProvider(Merlin.class.getName());
RampartConfig config = new RampartConfig();
config.setUser("alice");
config.setEncryptionUser("bob");
config.setPwCbClass("util.PasswordCallbackHandler");
config.setSigCryptoConfig(signcriptoInfo);
config.setEncrCryptoConfig(encriptcriptoInfo);
ramapConfigPolicy = new Policy();
ramapConfigPolicy.addAssertion(config);
try {
stub._getServiceClient().getAxisService().getPolicyInclude().addPolicyElement(
PolicyInclude.ANON_POLICY, ramapConfigPolicy);
String result = stub.echo("Test String");
System.out.println("Result ==> " + result);
} catch (RemoteException e) {
e.printStackTrace();
}
here stub refers to your generated stub.
AXIS2_REPOSITORY refers to your axis2 repository. this should have the
rampart mar files.
here you have to set the key store, user names and passwords as given above.
You may have a password callback class like this with the correct user names
and passwords.
public class PasswordCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
String id = pwcb.getIdentifer();
if ("alice".equals(id)) {
pwcb.setPassword("ecila");
} else if ("bob".equals(id)) {
pwcb.setPassword("bob");
}
}
}
}
thanks,
Amila.
On 7/26/07, Brian Baldwin <bo...@gmail.com> wrote:
>
> I've been using Axis1.x to access my webservice using WSDL2Java generated
> stubs...works great...I use the Locator class.
>
> I've modified my webservice to use WS-Policy directives (Sign and Auth).
> The WSDL has changed as expected to include the <wsp:policy> elements for
> Sign and Auth.
>
> Do I need to use Axis2/Rampart to generate the client stubs and apply the
> encryption now that my webservice is using WS-Policy directives?
> Is there an example for using Axis/Axis2 to access a policy-enabled web
> service?
>
> My webservice is deployed to WLS 9.2 and I can use weblogic's
> clientgen-generated stubs to encrypt and digitally-sign the
> message. However, I would like my clients to be able to use Axis.
> I've been trying to use Axis2/Rampart but can't get it working.
> I've been getting an 'InvalidKeyException: Wrong key usage'.
>
> Follow on question would be with WS-Policy Auth.xml does that mean I
> should
> use the Encrypt item in the OutflowSecurity parameter for Rampart? Does
> WS-Policy Sign.xml map to the Signature item in OutflowSecurity? What
> WS-Policy would cause me to need to use the Timestamp item in
> OutflowSecurity?
>
> Thank you in advance
> Brian
>
--
Amila Suriarachchi,
WSO2 Inc.