You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Jay Sullivan <no...@gmail.com> on 2011/07/22 17:33:46 UTC
Trouble interfacing with WCF
Hi,
I have a few WCF Web Services set up, and I've been trying to connect to
them with Java web service clients. So far, I've only been able to get it
to work with basic HTTP (basicHttpBinding, in WCF terminology). I can't
convince any clients to connect using HTTPS (wsHttpBinding with transport
security), or Window Authentication (wsHttpBinding with windows security)
In these past few months I've been attempting to securely connect to a WCF
web service. For now I'm focusing on getting the HTTPS to work, as I assume
Windows Security is less supported by Java. I've slowly tried to claw my way
into getting something to work, but have been consistently disappointed. I
tried using NetBeans, IntelliJ IDEA, Eclipse, and command line Axis2 tools.
Eclipse (and the Axis2 Code Generator plugin) runs into obscure errors and I
can't get it to work (see
http://stackoverflow.com/questions/6782782/how-to-create-an-axis2-web-service-client-in-eclipse).
NetBeans, IntelliJ IDEA, and command line Axis2 all run into a
"MustUnderstand headers not understood" error (something about http://
www.w3.org/2005/08/addressing not being understood: see
http://stackoverflow.com/questions/6685164/wcf-web-service-java-web-client-mustunderstand-headers-not-understood).
Has anyone been in a similar situation and found success? I need to get this
done for my job but I'm starting to feel that it's hopeless since I can't
make any progress. Any information or ideas would be greatly appreciated.
--
Jay Sullivan
Re: Trouble interfacing with WCF
Posted by Jay Sullivan <no...@gmail.com>.
I'm trying to get an Axis2/Rampart client web services application to work.
My server is using a self-signed certificate, as this is just a test. I'm
running into the error:
Exception in thread "main" org.apache.axis2.AxisFault: Connection has been
> shutdown: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
> at
> org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:83)
> at
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84)
> at
> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
> at
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
> ...
>
I'm using FreeBSD and OpenJDK6 on this machine. There's a Java KeyStore at
"/usr/local/openjdk6/jre/lib/security/cacerts" which I'm assuming is the one
I want to add this certificate to. Would adding my certificate to some (if
not this one) "cacerts" keystore force Axis2 to trust my certificate?
--
Jay Sullivan
Re: Trouble interfacing with WCF
Posted by Jay Sullivan <no...@gmail.com>.
On Fri, Jul 22, 2011 at 11:41 AM, Martin Gainty <mg...@hotmail.com> wrote:
> Hi Jay-
> The Axis solution is to configure public and private keystores..create a
> cert with public key and engage Rampart (Security) Module to Axis
> http://wso2.org/library/3190
>
>
Thanks, that looks like what I want to do.
There's three steps on this page, "Deploying the Rampart Module", "Securing
the Service", and "Securing the Client".
Do I need to follow the steps in "Deploying the Rampart Module" if I'm just
trying to make a client? It seems to insist on installing to Tomcat, but I
don't have Tomcat.
Anyway, I'm trying to follow "Securing the Client". I had no trouble with
steps 1 & 2. I now have a directory with the following structure (my service
is called MagicEightBallService):
- build.xml
- src/org/petio/magiceightballclient/
- MagicEightBallServiceCallbackHandler.java
- MagicEightBallServiceStub.java
- MagicEightBallServiceCGClient.java
but I'm confused by step 3:
To secure SOAP request made by the client, we need to engage the Rampart
> module to the client. So we have to create a client repository and the
> rampart-1.3.mar should be deployed in the modules directory...
What do they mean by "client repository" here? And where is "the modules
directory"? (next to src? under src? does it matter? do I create it
manually?)
> ...We should make sure that all dependency .jar files of the Apache Rampart
> module are in the classpath of the client. Then we can use the following
> code to engage Rampart in the client. Note that username and password to be
> used in the Username token, is provided using the Options class.
>
What are the username and password? Are these to gain access to the private
key? How do I set this up?
--
Jay Sullivan
RE: Trouble interfacing with WCF
Posted by Martin Gainty <mg...@hotmail.com>.
put the names of all the referenced modules into /WEB-INF/modules/modules.list here is mine for reference
soapmonitor-1.5.mar
ping-1.5.mar
mex-1.5.mar
axis2-scripting-1.5.mar
rampart-trust-SNAPSHOT.mar
rampart-policy.mar
hth,
Martin Gainty
______________________________________________
Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Ez az
üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy
jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának
készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és
semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek
könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet
ezen üzenet tartalma miatt.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
Date: Wed, 27 Jul 2011 14:25:32 -0400
Subject: Re: Trouble interfacing with WCF
From: notfed@gmail.com
To: java-dev@axis.apache.org
CC: mgainty@hotmail.com
On Fri, Jul 22, 2011 at 11:41 AM, Martin Gainty <mg...@hotmail.com> wrote:
Hi Jay-
The Axis solution is to configure public and private keystores..create a cert with public key and engage Rampart (Security) Module to Axis
http://wso2.org/library/3190
Let me know if you need any guidance..i've done this about a hundred times
Martin Gainty
I could definitely use some guidance. I'm trying to follow that guide, but it seems to be missing a few details, which is throwing me off. For instance, the code under "Step 3. Engaging Rampart and Setting Authentication Information" does not show its imports. I had to search to find that ConfigurationContext is apache.axis2.context.ConfigurationContext (similarly had to search for ConfigurationContextFactory and ServiceClient).
Here's my test code:
package org.petio.magiceightball;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.client.ServiceClient;
public class MagicEightBallServiceCGClient
{
public static void main(String[] args) throws Exception
{
/* Get repository context */
ConfigurationContext ctx = ConfigurationContextFactory.createConfigurati
onContextFromFileSystem("/usr/local/axis2-1.5.5/repository", null);
/* Get Service stub */
MagicEightBallServiceStub stub = new MagicEightBallServiceStub(ctx);
/* Engage rampart */
ServiceClient sc = stub._getServiceClient();
sc.engageModule("rampart");
/* Consume service */
System.out.println(stub.getAdvice());
}
}
When I try to run this, I get this error:
org.apache.axis2.AxisFault: Unable to engage module : rampart
at org.apache.axis2.client.ServiceClient.engageModule(ServiceClient.java:358)
at org.petio.magiceightball.MagicEightBallServiceCGClient.main(MagicEightBallServiceCGClient.java:19)
My /usr/local/axis2-1.5.5/repository directory looks like the following:
/usr/local/axis2-1.5.5/repository/modules:
addressing-1.5.5.mar mtompolicy-1.5.5.mar rampart-1.6.0.mar
mex-1.5.5.mar ping-1.5.5.mar scripting-1.5.5.mar
modules.list rahas-1.6.0.mar soapmonitor-1.5.5.mar
/usr/local/axis2-1.5.5/repository/services:
services.list version.aar
And I've manually added rahas-1.6.0.mar and rampart-1.6.0.mar to modules.list (should I have??). Still getting the same problem.
Also, when I don't engage the rampart module, I get this error:
Exception in thread "main" org.apache.axis2.AxisFault: Must Understand check failed for header http://www.w3.org/2005/08/addressing : Action
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at org.petio.magiceightball.MagicEightBallServiceStub.getAdvice(MagicEightBallServiceStub.java:189)
at org.petio.magiceightball.MagicEightBallServiceCGClient.main(MagicEightBallServiceCGClient.java:25)
I'm wondering if this is a side-effect of not loading rampart. Or must I also load the "addressing" module?
--
Jay Sullivan
Re: Trouble interfacing with WCF
Posted by Amila Jayasekara <am...@wso2.com>.
Hi Jay,
Sorry for the delay reply.
You dont need to engage rampart specifically talk to a HTTPS endpoint.
You need to make sure that relevant server certificate in your
truststore. In addition if you are using a truststore other Java
default truststore you need set trust store parameters within your
code as follows,
System.setProperty("javax.net.ssl.trustStore",
"/home/amila/development/Tools/keystore/article-transport/keys/server.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
Regarding sc.engageModule("addressing");, this might be due to the way
you have configured your server. According to IIS configuration you
are using "wsHttpBinding". I am not sure whether you need addressing
in "wsHttpBinding". Probably you do need addressing for
"wsHttpBinding", therefore when you engage "addressing" it started
working.
Hope this explains the situation.
Thanks
AmilaJ
On Thu, Jul 28, 2011 at 12:07 AM, Jay Sullivan <no...@gmail.com> wrote:
> Wow!!!!!!!!!!!!!!!!!!!!!! :) . Changing
>
>> sc.engageModule("rampart");
>
> to
>
>> sc.engageModule("addressing");
>
> Fixed both errors and now it WORKS! I can't believe it! I had already
> become so skeptical that I didn't think it would ever work. Now, can anyone
> explain why this worked? (and why I can't find anywhere on the web that
> someone's offered this solution?)
>
> --
> Jay Sullivan
>
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
Re: Trouble interfacing with WCF
Posted by Jay Sullivan <no...@gmail.com>.
Wow!!!!!!!!!!!!!!!!!!!!!! :) . Changing
sc.engageModule("rampart");
>
to
sc.engageModule("addressing");
>
Fixed both errors and now it WORKS! I can't believe it! I had already
become so skeptical that I didn't think it would ever work. Now, can anyone
explain why this worked? (and why I can't find anywhere on the web that
someone's offered this solution?)
--
Jay Sullivan
Re: Trouble interfacing with WCF
Posted by Jay Sullivan <no...@gmail.com>.
On Fri, Jul 22, 2011 at 11:41 AM, Martin Gainty <mg...@hotmail.com> wrote:
> Hi Jay-
> The Axis solution is to configure public and private keystores..create a
> cert with public key and engage Rampart (Security) Module to Axis
> http://wso2.org/library/3190
>
> Let me know if you need any guidance..i've done this about a hundred times
> Martin Gainty
>
I could definitely use some guidance. I'm trying to follow that guide, but
it seems to be missing a few details, which is throwing me off. For
instance, the code under "Step 3. Engaging Rampart and Setting
Authentication Information" does not show its imports. I had to search to
find that ConfigurationContext is apache.axis2.context.ConfigurationContext
(similarly had to search for ConfigurationContextFactory and
ServiceClient).
Here's my test code:
> package org.petio.magiceightball;
> import org.apache.axis2.context.ConfigurationContext;
> import org.apache.axis2.context.ConfigurationContextFactory;
> import org.apache.axis2.client.ServiceClient;
> public class MagicEightBallServiceCGClient
> {
> public static void main(String[] args) throws Exception
> {
> /* Get repository context */
> ConfigurationContext ctx = ConfigurationContextFactory.createConfigurati
> onContextFromFileSystem("/usr/local/axis2-1.5.5/repository", null);
>
> /* Get Service stub */
> MagicEightBallServiceStub stub = new MagicEightBallServiceStub(ctx);
>
> /* Engage rampart */
> ServiceClient sc = stub._getServiceClient();
> sc.engageModule("rampart");
>
> /* Consume service */
> System.out.println(stub.getAdvice());
> }
> }
>
> When I try to run this, I get this error:
org.apache.axis2.AxisFault: Unable to engage module : rampart
> at
> org.apache.axis2.client.ServiceClient.engageModule(ServiceClient.java:358)
> at
> org.petio.magiceightball.MagicEightBallServiceCGClient.main(MagicEightBallServiceCGClient.java:19)
>
My /usr/local/axis2-1.5.5/repository directory looks like the following:
/usr/local/axis2-1.5.5/repository/modules:
> addressing-1.5.5.mar mtompolicy-1.5.5.mar rampart-1.6.0.mar
> mex-1.5.5.mar ping-1.5.5.mar scripting-1.5.5.mar
> modules.list rahas-1.6.0.mar soapmonitor-1.5.5.mar
>
> /usr/local/axis2-1.5.5/repository/services:
> services.list version.aar
>
And I've manually added rahas-1.6.0.mar and rampart-1.6.0.mar to
modules.list (should I have??). Still getting the same problem.
Also, when I don't engage the rampart module, I get this error:
Exception in thread "main" org.apache.axis2.AxisFault: Must Understand check
> failed for header http://www.w3.org/2005/08/addressing : Action
> at
> org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> at
> org.petio.magiceightball.MagicEightBallServiceStub.getAdvice(MagicEightBallServiceStub.java:189)
> at
> org.petio.magiceightball.MagicEightBallServiceCGClient.main(MagicEightBallServiceCGClient.java:25)
>
I'm wondering if this is a side-effect of not loading rampart. Or must I
also load the "addressing" module?
--
Jay Sullivan
RE: Trouble interfacing with WCF
Posted by Martin Gainty <mg...@hotmail.com>.
Hi Jay-
The Axis solution is to configure public and private keystores..create a cert with public key and engage Rampart (Security) Module to Axis
http://wso2.org/library/3190
Let me know if you need any guidance..i've done this about a hundred times
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
Date: Fri, 22 Jul 2011 11:33:46 -0400
Subject: Trouble interfacing with WCF
From: notfed@gmail.com
To: java-dev@axis.apache.org
Hi,
I have a few WCF Web Services set up, and I've been trying to connect to them with Java web service clients. So far, I've only been able to get it to work with basic HTTP (basicHttpBinding, in WCF terminology). I can't convince any clients to connect using HTTPS (wsHttpBinding with transport security), or Window Authentication (wsHttpBinding with windows security)
In these past few months I've been attempting to securely connect to a WCF web service. For now I'm focusing on getting the HTTPS to work, as I assume Windows Security is less supported by Java. I've slowly tried to claw my way into getting something to work, but have been consistently disappointed. I tried using NetBeans, IntelliJ IDEA, Eclipse, and command line Axis2 tools. Eclipse (and the Axis2 Code Generator plugin) runs into obscure errors and I can't get it to work (see http://stackoverflow.com/questions/6782782/how-to-create-an-axis2-web-service-client-in-eclipse). NetBeans, IntelliJ IDEA, and command line Axis2 all run into a "MustUnderstand headers not understood" error (something about http://www.w3.org/2005/08/addressing not being understood: see http://stackoverflow.com/questions/6685164/wcf-web-service-java-web-client-mustunderstand-headers-not-understood).
Has anyone been in a similar situation and found success? I need to get this done for my job but I'm starting to feel that it's hopeless since I can't make any progress. Any information or ideas would be greatly appreciated.
--
Jay Sullivan