You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Manjula Peiris <ma...@wso2.com> on 2007/09/20 05:41:18 UTC
Re: [wsf-php-user] [ws-policy]
Hi Shams,
Please see my comments inline.
On Wed, 2007-09-19 at 14:17 +0000, shams jawaid wrote:
> Hi im fairly new to rampart and i keep getting errors with the policy files
> i am using with wsf php and rampart 1.3
>
> in my wsf php client, i use this policy.xml file:
>
> <wsp:Policy xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256Rsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
>
> <sp:EncryptBeforeSigning />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
> <wsp:Policy>
> <sp:MustSupportRefIssuerSerial />
> </wsp:Policy>
> </sp:Wss10>
> <sp:EncryptedParts
> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
> <sp:Body/>
> </sp:EncryptedParts>
> <sp:SignedParts
> xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
> <sp:Body/>
> </sp:SignedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
>
> however, with my services.xml file like this, i get a
> <soapenv:Text xml:lang="en-US">java.lang.RuntimeException: Undefined
> 'badEncoding' resource property</soapenv:Text> error.
>
>
> <service name="Math" scope="application">
> <description>
> MathService
> </description>
> <messageReceivers>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
>
> <messageReceiver
> mep="http://www.w3.org/2004/08/wsdl/in-out"
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
> </messageReceivers>
>
> <parameter name="ServiceClass">
> math.Math
> </parameter>
>
> <module ref="rampart" />
> <module ref="addressing" />
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:EncryptBeforeSigning/>
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> </wsp:Policy>
> </sp:Wss10>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:EncryptedParts>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body/>
> </sp:SignedParts>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>service</ramp:user>
>
> <ramp:encryptionUser>client</ramp:encryptionUser>
> <ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> </service>
>
>
are my policy.xml file and services.xml file compatible?
No . The </sp:AlgorithmSuite> property in the two files are different.
In Policy.xml it is <sp:Basic256Rsa15/> and in Services.xml it is
<sp:TripleDesRsa15/>. Pleae use the same one in both sides.
And <sp:IncludeToken> attributes also different. It may also be a
problem if Rampart strictly validating key reference mechanisms.
-Manjula.
>
> _________________________________________________________________
> Got a favourite clothes shop, bar or restaurant? Share your local knowledge
> http://www.backofmyhand.com
>
>
> _______________________________________________
> Wsf-php-user mailing list
> Wsf-php-user@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/wsf-php-user
RE: [wsf-php-user] [ws-policy]
Posted by shams jawaid <sh...@hotmail.com>.
Hi manjula,
iv changed my policy.xml file to this:
<wsp:Policy xmlns:wsp='http://schemas.xmlsoap.org/ws/2004/09/policy'>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptBeforeSigning />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
<wsp:Policy>
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:EncryptedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
<sp:Body/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
and my services.xml file to :
<service name="Math" scope="application">
<description>
MathService
</description>
<messageReceivers>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</messageReceivers>
<parameter name="ServiceClass">
math.Math
</parameter>
<module ref="rampart" />
<module ref="addressing" />
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptBeforeSigning/>
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
</wsp:Policy>
</sp:Wss10>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>service</ramp:user>
<ramp:encryptionUser>client</ramp:encryptionUser>
<ramp:passwordCallbackClass>math.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
yet i still get this error in tcpMON:
HTTP/1.1 500 Internal Server ErrorServer: Apache-Coyote/1.1Content-Type: application/soap+xml; action="http://www.w3.org/2005/08/addressing/soap/fault";charset=UTF-8Transfer-Encoding: chunkedDate: Thu, 20 Sep 2007 11:25:50 GMTConnection: close
28E<?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <soapenv:Header> <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action> <wsa:RelatesTo>b6e3d805-0d46-45ad-ac85-48d6c87b70c3</wsa:RelatesTo> </soapenv:Header> <soapenv:Body> <soapenv:Fault> <soapenv:Code> <soapenv:Value>soapenv:Receiver</soapenv:Value> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">java.lang.RuntimeException: Undefined 'badEncoding' resource property</soapenv:Text> </soapenv:Reason> <soapenv:Detail /> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope>0
do you know what it could be?
would you happen to have any working samples for signature and encryption with wsf php extension and rampart? i have tried many samples..but i keep getting errors..
thanks for your help
_________________________________________________________________
The next generation of MSN Hotmail has arrived - Windows Live Hotmail
http://www.newhotmail.co.uk