You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-c-dev@ws.apache.org by donald yang <do...@googlemail.com> on 2010/07/12 16:04:51 UTC
problem to call web service over HTTPS from axis2c + ramparc
Hi All,
I am trying to write A generic web service client using axis2/c 1.6 +
rampart/c 1.3 to call web service, which might have different web service
security requirements. But I have the following configuration problems to
access HTTPS. Could anyone give me a hand? Many thanks in advance.
The web service to be accessed has defined *<TransportBinding>*
assertation. That
means the SOAP message will be transmited over SSL. Therefore I created a
client policy document, which is the same as the one on server side. To make
it work, I uncomment out *<transportSend name="https"
class="axis2_http_sender">* elment and specify the full path of server ssl
certificate in *$AXIS2C_HOME/axis2.xml*. The only way I can successfully
call the web service over HTTPS is that I don't load the policy and engage
rampart module. Therefore I have the following questions:
a) why should I specify the full path of the server SSL certificate in the
axis2.xml? According to my understanding, this should automatically download
from the server during handshake.
b) If we have to specify the full path of the server SSL certiciate in the
axis2.xml, that means that we also have to change *<parameter
anem="SERVER_CERT">* element in axis2.xml everytime when I access different
servers, which have different SSL certificates. This is because axis2.xml is
the global configuration. I know that I can specify the SSL certifcate in
local configuration, the client policy file, in *Rampart/JAVA*. Does*Rampart/C
* allow the SSL certificate specify locally like in Rampart/JAVA?
c)If I load the policy file and engage rampart module in the client code, I
must comment out *<phase name="Security">* element from <inflow> and
<outflow> in axis2.xml. This disables security phase and therefore ignore
policy document actually. But the security phase should be enabled if I
access web service with other web service security requirements, such as
user token. That means I should enable *<phase name="Security"> *when
accessing web service with user token, disable *<phase name="Security"> *when
accessing web service over HTTPS. This might suggest me that Rampart/C
cannot correctly understand *<TransportBinding>* assertation. Am I wrong?
Many thanks again.
best regards
yong
Re: problem to call web service over HTTPS from axis2c + ramparc
Posted by Selvaratnam Uthaiyashankar <ut...@gmail.com>.
Hi,
See my comments..
On Mon, Jul 12, 2010 at 7:34 PM, donald yang <do...@googlemail.com> wrote:
> Hi All,
>
> I am trying to write A generic web service client using axis2/c 1.6 +
> rampart/c 1.3 to call web service, which might have different web service
> security requirements. But I have the following configuration problems to
> access HTTPS. Could anyone give me a hand? Many thanks in advance.
>
> The web service to be accessed has defined *<TransportBinding>*
> assertation. That
> means the SOAP message will be transmited over SSL. Therefore I created a
> client policy document, which is the same as the one on server side. To make
> it work, I uncomment out *<transportSend name="https"
> class="axis2_http_sender">* elment and specify the full path of server ssl
> certificate in *$AXIS2C_HOME/axis2.xml*. The only way I can successfully
> call the web service over HTTPS is that I don't load the policy and engage
> rampart module. Therefore I have the following questions:
>
> a) why should I specify the full path of the server SSL certificate in the
> axis2.xml? According to my understanding, this should automatically download
> from the server during handshake.
AFAIK, it is not the SSL certificate, but the CA certificate. For self
signed certificate, SSL certificate = CA certificate. This is to
validate the certificate. But there is a jira to disable validation
and automatically download the certificate. If you prefer to provide
an implementation, we are more than happy to accept :D.
>
> b) If we have to specify the full path of the server SSL certiciate in the
> axis2.xml, that means that we also have to change *<parameter
> anem="SERVER_CERT">* element in axis2.xml everytime when I access different
> servers, which have different SSL certificates. This is because axis2.xml is
> the global configuration. I know that I can specify the SSL certifcate in
> local configuration, the client policy file, in *Rampart/JAVA*. Does*Rampart/C
> * allow the SSL certificate specify locally like in Rampart/JAVA?
The SSL configuration you are doing in Rampart/C are for
SymetricBinding and AsymetricBinding. Not for TransportBinding.
>
> c)If I load the policy file and engage rampart module in the client code, I
> must comment out *<phase name="Security">* element from <inflow> and
> <outflow> in axis2.xml. This disables security phase and therefore ignore
> policy document actually. But the security phase should be enabled if I
> access web service with other web service security requirements, such as
> user token. That means I should enable *<phase name="Security"> *when
> accessing web service with user token, disable *<phase name="Security"> *when
> accessing web service over HTTPS. This might suggest me that Rampart/C
> cannot correctly understand *<TransportBinding>* assertation. Am I wrong?
Again, I have to admit that we have to revisit TransportBinding cases
in Rampart/C. Currently, only username token/ timestamp is supported
with TransportBinding. If the policy is such a way that there are no
assertions inside "TransportBinding", then it might go wrong. Can you
please raise a Jira, I can have a look. Also, if you can provide any
contributions, we will be more than happy to get it.
Regards,
Shankar
>
> Many thanks again.
>
> best regards
> yong
>
--
S.Uthaiyashankar
Senior Software Architect
WSO2 Inc.
http://wso2.com/ - "lean . enterprise . middleware"
Re: problem to call web service over HTTPS from axis2c + ramparc
Posted by Jack McGregor <ja...@microsabio.com>.
Hi Yong,
Thanks very much for the tips! I'll do some experimenting with it later
today to see if I can get it working now.
Thanks again,
Jack
donald yang wrote, On 7/14/2010 3:34 AM:
> Hi Jack,
>
> I already downloaded WSFC 2.0 and reading the source code of wsclient. Now
> I know how to specify the server ssl certificate locally, rather than read
> it from axis2.xml.
> For web services that only have HTTPs requirement(note: <transportBinding>
> asseration does not include time stamp asseration), you can check the
> following possibilities to make wsclient work:
> 1)whether you enable ssl when compiling source codes
> 2)do not engage rampart module locally or globally
> 3)do not try to load client policy document
> 4)ssl certificate is PEM format
> As far as I know, rampart/c cannot understand pure HTTPS client policy
> document. that is why we should not engage rampart and/or load policy file.
> If you still have any problem, we can discuss it.
>
> best regards
> yong
> On Tue, Jul 13, 2010 at 3:26 PM, Jack McGregor <ja...@microsabio.com> wrote:
>
>
>> Hi Donald (or Yong)
>>
>> It certainly appears (from the wsclient --help and the html
>> documentation that comes with it) that wsclient can indeed be that
>> generic client capable of accessing different servers with different
>> security certificates and requirements. I haven't been able to get it
>> to work with SSL or certificates yet, but I'm guessing that is because
>> of some minor error in my syntax or failure in my understanding, rather
>> than in the actual software.
>>
>> The wsclient program is contained in the WS02 Web Services Framework for
>> C (WSF/C) distribution at http://wso2.org/downloads/wsf/c
>> (WSF/C is made up of Axis2/C, Rampart/C, etc., all packaged together for
>> convenience.)
>> The binary distribution is just for Windows, so you'll need the source
>> distribution.
>>
>> Good luck, and please let me know how you make out,
>> Jack
>>
>>
>> donald yang wrote, On 7/13/2010 2:30 AM:
>> > Hi Jack,
>>
>>> Thank you very much for your reply. If the ssl certificate can be
>>>
>> specified
>>
>>> as an argument for wsclient command, that means we can have a generic
>>> wsclient to access different servers, which might have different SSL
>>> certificate, without modifying axis2.xml globally. Could you please tell
>>>
>> me
>>
>>> where I can find the source code of wsclient? I cannot find it from
>>> axis2/c-1.6 and rampart/c source code.
>>>
>>> best regards
>>> yong
>>>
>>> On Mon, Jul 12, 2010 at 6:36 PM, Jack McGregor <ja...@microsabio.com>
>>>
>> wrote:
>>
>>>
>>>
>>>> Donald -
>>>>
>>>> Excellent questions - I wish I had the answers myself. I too would
>>>> like to be able to use a generic web service command line client that
>>>> works with services requiring HTTPS and various kinds of
>>>> authentication. Mostly for testing, but in some cases, such a generic
>>>> utility for sending/receiving xml/soap document/transactions (i.e. one
>>>> that handles the connection/authentication/transmission logic while
>>>> leaving the xml parsing/serializing/deserializing/WSDL logic to be
>>>> handled independently) might even be useful in certain production
>>>> environments, as an alternative to creating a custom client for each web
>>>> service.
>>>>
>>>> I'm not sure though why the existing wsclient utility shouldn't be able
>>>> to do that. It seems to have the necessary command line options, but I
>>>> have not been able to get even a simple anonymous client authentication
>>>> example to work with a "real world" web service. (You can see my forum
>>>> post on that subject at http://wso2.org/forum/thread/10137 )
>>>>
>>>> Unfortunately I don't think I can provide you any help, as it sounds
>>>> like you probably have gotten deeper into it than I have. But if you do
>>>> get your client working (or figure out how to make wsclient work), I
>>>> would be grateful for any information, and could probably even provide
>>>> some compensation for your time.
>>>>
>>>> Good luck and best regards,
>>>>
>>>> Jack McGregor
>>>>
>>>>
>>>> donald yang wrote, On 7/12/2010 7:04 AM:
>>>> > Hi All,
>>>>
>>>>
>>>>> I am trying to write A generic web service client using axis2/c 1.6 +
>>>>> rampart/c 1.3 to call web service, which might have different web
>>>>>
>>>>>
>>>> service
>>>>
>>>>
>>>>> security requirements. But I have the following configuration problems
>>>>>
>> to
>>
>>>>> access HTTPS. Could anyone give me a hand? Many thanks in advance.
>>>>>
>>>>> The web service to be accessed has defined *<TransportBinding>*
>>>>> assertation. That
>>>>> means the SOAP message will be transmited over SSL. Therefore I created
>>>>>
>> a
>>
>>>>> client policy document, which is the same as the one on server side. To
>>>>>
>>>>>
>>>> make
>>>>
>>>>
>>>>> it work, I uncomment out *<transportSend name="https"
>>>>> class="axis2_http_sender">* elment and specify the full path of server
>>>>>
>>>>>
>>>> ssl
>>>>
>>>>
>>>>> certificate in *$AXIS2C_HOME/axis2.xml*. The only way I can
>>>>>
>> successfully
>>
>>>>> call the web service over HTTPS is that I don't load the policy and
>>>>>
>>>>>
>>>> engage
>>>>
>>>>
>>>>> rampart module. Therefore I have the following questions:
>>>>>
>>>>> a) why should I specify the full path of the server SSL certificate in
>>>>>
>>>>>
>>>> the
>>>>
>>>>
>>>>> axis2.xml? According to my understanding, this should automatically
>>>>>
>>>>>
>>>> download
>>>>
>>>>
>>>>> from the server during handshake.
>>>>>
>>>>> b) If we have to specify the full path of the server SSL certiciate in
>>>>>
>>>>>
>>>> the
>>>>
>>>>
>>>>> axis2.xml, that means that we also have to change *<parameter
>>>>> anem="SERVER_CERT">* element in axis2.xml everytime when I access
>>>>>
>>>>>
>>>> different
>>>>
>>>>
>>>>> servers, which have different SSL certificates. This is because
>>>>>
>> axis2.xml
>>
>>>>>
>>>> is
>>>>
>>>>
>>>>> the global configuration. I know that I can specify the SSL certifcate
>>>>>
>> in
>>
>>>>> local configuration, the client policy file, in *Rampart/JAVA*.
>>>>>
>>>>>
>>>> Does*Rampart/C
>>>>
>>>>
>>>>> * allow the SSL certificate specify locally like in Rampart/JAVA?
>>>>>
>>>>> c)If I load the policy file and engage rampart module in the client
>>>>>
>> code,
>>
>>>>>
>>>> I
>>>>
>>>>
>>>>> must comment out *<phase name="Security">* element from <inflow> and
>>>>> <outflow> in axis2.xml. This disables security phase and therefore
>>>>>
>> ignore
>>
>>>>> policy document actually. But the security phase should be enabled if I
>>>>> access web service with other web service security requirements, such
>>>>>
>> as
>>
>>>>> user token. That means I should enable *<phase name="Security"> *when
>>>>> accessing web service with user token, disable *<phase name="Security">
>>>>>
>>>>>
>>>> *when
>>>>
>>>>
>>>>> accessing web service over HTTPS. This might suggest me that Rampart/C
>>>>> cannot correctly understand *<TransportBinding>* assertation. Am I
>>>>>
>> wrong?
>>
>>>>> Many thanks again.
>>>>>
>>>>> best regards
>>>>> yong
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> No virus found in this incoming message.
>>>>> Checked by AVG - www.avg.com
>>>>> Version: 9.0.830 / Virus Database: 271.1.1/2997 - Release Date:
>>>>>
>> 07/11/10
>>
>>>>>
>>>> 11:36:00
>>>>
>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> No virus found in this incoming message.
>>> Checked by AVG - www.avg.com
>>> Version: 9.0.830 / Virus Database: 271.1.1/3001 - Release Date: 07/12/10
>>>
>> 09:49:00
>>
>>>
>>>
>>
>>
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/3003 - Release Date: 07/13/10 11:36:00
>
>
Re: problem to call web service over HTTPS from axis2c + ramparc
Posted by donald yang <do...@googlemail.com>.
Hi Jack,
I already downloaded WSFC 2.0 and reading the source code of wsclient. Now
I know how to specify the server ssl certificate locally, rather than read
it from axis2.xml.
For web services that only have HTTPs requirement(note: <transportBinding>
asseration does not include time stamp asseration), you can check the
following possibilities to make wsclient work:
1)whether you enable ssl when compiling source codes
2)do not engage rampart module locally or globally
3)do not try to load client policy document
4)ssl certificate is PEM format
As far as I know, rampart/c cannot understand pure HTTPS client policy
document. that is why we should not engage rampart and/or load policy file.
If you still have any problem, we can discuss it.
best regards
yong
On Tue, Jul 13, 2010 at 3:26 PM, Jack McGregor <ja...@microsabio.com> wrote:
> Hi Donald (or Yong)
>
> It certainly appears (from the wsclient --help and the html
> documentation that comes with it) that wsclient can indeed be that
> generic client capable of accessing different servers with different
> security certificates and requirements. I haven't been able to get it
> to work with SSL or certificates yet, but I'm guessing that is because
> of some minor error in my syntax or failure in my understanding, rather
> than in the actual software.
>
> The wsclient program is contained in the WS02 Web Services Framework for
> C (WSF/C) distribution at http://wso2.org/downloads/wsf/c
> (WSF/C is made up of Axis2/C, Rampart/C, etc., all packaged together for
> convenience.)
> The binary distribution is just for Windows, so you'll need the source
> distribution.
>
> Good luck, and please let me know how you make out,
> Jack
>
>
> donald yang wrote, On 7/13/2010 2:30 AM:
> > Hi Jack,
> >
> > Thank you very much for your reply. If the ssl certificate can be
> specified
> > as an argument for wsclient command, that means we can have a generic
> > wsclient to access different servers, which might have different SSL
> > certificate, without modifying axis2.xml globally. Could you please tell
> me
> > where I can find the source code of wsclient? I cannot find it from
> > axis2/c-1.6 and rampart/c source code.
> >
> > best regards
> > yong
> >
> > On Mon, Jul 12, 2010 at 6:36 PM, Jack McGregor <ja...@microsabio.com>
> wrote:
> >
> >
> >> Donald -
> >>
> >> Excellent questions - I wish I had the answers myself. I too would
> >> like to be able to use a generic web service command line client that
> >> works with services requiring HTTPS and various kinds of
> >> authentication. Mostly for testing, but in some cases, such a generic
> >> utility for sending/receiving xml/soap document/transactions (i.e. one
> >> that handles the connection/authentication/transmission logic while
> >> leaving the xml parsing/serializing/deserializing/WSDL logic to be
> >> handled independently) might even be useful in certain production
> >> environments, as an alternative to creating a custom client for each web
> >> service.
> >>
> >> I'm not sure though why the existing wsclient utility shouldn't be able
> >> to do that. It seems to have the necessary command line options, but I
> >> have not been able to get even a simple anonymous client authentication
> >> example to work with a "real world" web service. (You can see my forum
> >> post on that subject at http://wso2.org/forum/thread/10137 )
> >>
> >> Unfortunately I don't think I can provide you any help, as it sounds
> >> like you probably have gotten deeper into it than I have. But if you do
> >> get your client working (or figure out how to make wsclient work), I
> >> would be grateful for any information, and could probably even provide
> >> some compensation for your time.
> >>
> >> Good luck and best regards,
> >>
> >> Jack McGregor
> >>
> >>
> >> donald yang wrote, On 7/12/2010 7:04 AM:
> >> > Hi All,
> >>
> >>> I am trying to write A generic web service client using axis2/c 1.6 +
> >>> rampart/c 1.3 to call web service, which might have different web
> >>>
> >> service
> >>
> >>> security requirements. But I have the following configuration problems
> to
> >>> access HTTPS. Could anyone give me a hand? Many thanks in advance.
> >>>
> >>> The web service to be accessed has defined *<TransportBinding>*
> >>> assertation. That
> >>> means the SOAP message will be transmited over SSL. Therefore I created
> a
> >>> client policy document, which is the same as the one on server side. To
> >>>
> >> make
> >>
> >>> it work, I uncomment out *<transportSend name="https"
> >>> class="axis2_http_sender">* elment and specify the full path of server
> >>>
> >> ssl
> >>
> >>> certificate in *$AXIS2C_HOME/axis2.xml*. The only way I can
> successfully
> >>> call the web service over HTTPS is that I don't load the policy and
> >>>
> >> engage
> >>
> >>> rampart module. Therefore I have the following questions:
> >>>
> >>> a) why should I specify the full path of the server SSL certificate in
> >>>
> >> the
> >>
> >>> axis2.xml? According to my understanding, this should automatically
> >>>
> >> download
> >>
> >>> from the server during handshake.
> >>>
> >>> b) If we have to specify the full path of the server SSL certiciate in
> >>>
> >> the
> >>
> >>> axis2.xml, that means that we also have to change *<parameter
> >>> anem="SERVER_CERT">* element in axis2.xml everytime when I access
> >>>
> >> different
> >>
> >>> servers, which have different SSL certificates. This is because
> axis2.xml
> >>>
> >> is
> >>
> >>> the global configuration. I know that I can specify the SSL certifcate
> in
> >>> local configuration, the client policy file, in *Rampart/JAVA*.
> >>>
> >> Does*Rampart/C
> >>
> >>> * allow the SSL certificate specify locally like in Rampart/JAVA?
> >>>
> >>> c)If I load the policy file and engage rampart module in the client
> code,
> >>>
> >> I
> >>
> >>> must comment out *<phase name="Security">* element from <inflow> and
> >>> <outflow> in axis2.xml. This disables security phase and therefore
> ignore
> >>> policy document actually. But the security phase should be enabled if I
> >>> access web service with other web service security requirements, such
> as
> >>> user token. That means I should enable *<phase name="Security"> *when
> >>> accessing web service with user token, disable *<phase name="Security">
> >>>
> >> *when
> >>
> >>> accessing web service over HTTPS. This might suggest me that Rampart/C
> >>> cannot correctly understand *<TransportBinding>* assertation. Am I
> wrong?
> >>>
> >>> Many thanks again.
> >>>
> >>> best regards
> >>> yong
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> No virus found in this incoming message.
> >>> Checked by AVG - www.avg.com
> >>> Version: 9.0.830 / Virus Database: 271.1.1/2997 - Release Date:
> 07/11/10
> >>>
> >> 11:36:00
> >>
> >>>
> >>>
> >>
> >>
> >
> >
> >
> >
> > No virus found in this incoming message.
> > Checked by AVG - www.avg.com
> > Version: 9.0.830 / Virus Database: 271.1.1/3001 - Release Date: 07/12/10
> 09:49:00
> >
> >
>
>
Re: problem to call web service over HTTPS from axis2c + ramparc
Posted by Jack McGregor <ja...@microsabio.com>.
Hi Donald (or Yong)
It certainly appears (from the wsclient --help and the html
documentation that comes with it) that wsclient can indeed be that
generic client capable of accessing different servers with different
security certificates and requirements. I haven't been able to get it
to work with SSL or certificates yet, but I'm guessing that is because
of some minor error in my syntax or failure in my understanding, rather
than in the actual software.
The wsclient program is contained in the WS02 Web Services Framework for
C (WSF/C) distribution at http://wso2.org/downloads/wsf/c
(WSF/C is made up of Axis2/C, Rampart/C, etc., all packaged together for
convenience.)
The binary distribution is just for Windows, so you'll need the source
distribution.
Good luck, and please let me know how you make out,
Jack
donald yang wrote, On 7/13/2010 2:30 AM:
> Hi Jack,
>
> Thank you very much for your reply. If the ssl certificate can be specified
> as an argument for wsclient command, that means we can have a generic
> wsclient to access different servers, which might have different SSL
> certificate, without modifying axis2.xml globally. Could you please tell me
> where I can find the source code of wsclient? I cannot find it from
> axis2/c-1.6 and rampart/c source code.
>
> best regards
> yong
>
> On Mon, Jul 12, 2010 at 6:36 PM, Jack McGregor <ja...@microsabio.com> wrote:
>
>
>> Donald -
>>
>> Excellent questions - I wish I had the answers myself. I too would
>> like to be able to use a generic web service command line client that
>> works with services requiring HTTPS and various kinds of
>> authentication. Mostly for testing, but in some cases, such a generic
>> utility for sending/receiving xml/soap document/transactions (i.e. one
>> that handles the connection/authentication/transmission logic while
>> leaving the xml parsing/serializing/deserializing/WSDL logic to be
>> handled independently) might even be useful in certain production
>> environments, as an alternative to creating a custom client for each web
>> service.
>>
>> I'm not sure though why the existing wsclient utility shouldn't be able
>> to do that. It seems to have the necessary command line options, but I
>> have not been able to get even a simple anonymous client authentication
>> example to work with a "real world" web service. (You can see my forum
>> post on that subject at http://wso2.org/forum/thread/10137 )
>>
>> Unfortunately I don't think I can provide you any help, as it sounds
>> like you probably have gotten deeper into it than I have. But if you do
>> get your client working (or figure out how to make wsclient work), I
>> would be grateful for any information, and could probably even provide
>> some compensation for your time.
>>
>> Good luck and best regards,
>>
>> Jack McGregor
>>
>>
>> donald yang wrote, On 7/12/2010 7:04 AM:
>> > Hi All,
>>
>>> I am trying to write A generic web service client using axis2/c 1.6 +
>>> rampart/c 1.3 to call web service, which might have different web
>>>
>> service
>>
>>> security requirements. But I have the following configuration problems to
>>> access HTTPS. Could anyone give me a hand? Many thanks in advance.
>>>
>>> The web service to be accessed has defined *<TransportBinding>*
>>> assertation. That
>>> means the SOAP message will be transmited over SSL. Therefore I created a
>>> client policy document, which is the same as the one on server side. To
>>>
>> make
>>
>>> it work, I uncomment out *<transportSend name="https"
>>> class="axis2_http_sender">* elment and specify the full path of server
>>>
>> ssl
>>
>>> certificate in *$AXIS2C_HOME/axis2.xml*. The only way I can successfully
>>> call the web service over HTTPS is that I don't load the policy and
>>>
>> engage
>>
>>> rampart module. Therefore I have the following questions:
>>>
>>> a) why should I specify the full path of the server SSL certificate in
>>>
>> the
>>
>>> axis2.xml? According to my understanding, this should automatically
>>>
>> download
>>
>>> from the server during handshake.
>>>
>>> b) If we have to specify the full path of the server SSL certiciate in
>>>
>> the
>>
>>> axis2.xml, that means that we also have to change *<parameter
>>> anem="SERVER_CERT">* element in axis2.xml everytime when I access
>>>
>> different
>>
>>> servers, which have different SSL certificates. This is because axis2.xml
>>>
>> is
>>
>>> the global configuration. I know that I can specify the SSL certifcate in
>>> local configuration, the client policy file, in *Rampart/JAVA*.
>>>
>> Does*Rampart/C
>>
>>> * allow the SSL certificate specify locally like in Rampart/JAVA?
>>>
>>> c)If I load the policy file and engage rampart module in the client code,
>>>
>> I
>>
>>> must comment out *<phase name="Security">* element from <inflow> and
>>> <outflow> in axis2.xml. This disables security phase and therefore ignore
>>> policy document actually. But the security phase should be enabled if I
>>> access web service with other web service security requirements, such as
>>> user token. That means I should enable *<phase name="Security"> *when
>>> accessing web service with user token, disable *<phase name="Security">
>>>
>> *when
>>
>>> accessing web service over HTTPS. This might suggest me that Rampart/C
>>> cannot correctly understand *<TransportBinding>* assertation. Am I wrong?
>>>
>>> Many thanks again.
>>>
>>> best regards
>>> yong
>>>
>>>
>>>
>>>
>>>
>>> No virus found in this incoming message.
>>> Checked by AVG - www.avg.com
>>> Version: 9.0.830 / Virus Database: 271.1.1/2997 - Release Date: 07/11/10
>>>
>> 11:36:00
>>
>>>
>>>
>>
>>
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/3001 - Release Date: 07/12/10 09:49:00
>
>
Re: problem to call web service over HTTPS from axis2c + ramparc
Posted by donald yang <do...@googlemail.com>.
Hi Jack,
Thank you very much for your reply. If the ssl certificate can be specified
as an argument for wsclient command, that means we can have a generic
wsclient to access different servers, which might have different SSL
certificate, without modifying axis2.xml globally. Could you please tell me
where I can find the source code of wsclient? I cannot find it from
axis2/c-1.6 and rampart/c source code.
best regards
yong
On Mon, Jul 12, 2010 at 6:36 PM, Jack McGregor <ja...@microsabio.com> wrote:
> Donald -
>
> Excellent questions - I wish I had the answers myself. I too would
> like to be able to use a generic web service command line client that
> works with services requiring HTTPS and various kinds of
> authentication. Mostly for testing, but in some cases, such a generic
> utility for sending/receiving xml/soap document/transactions (i.e. one
> that handles the connection/authentication/transmission logic while
> leaving the xml parsing/serializing/deserializing/WSDL logic to be
> handled independently) might even be useful in certain production
> environments, as an alternative to creating a custom client for each web
> service.
>
> I'm not sure though why the existing wsclient utility shouldn't be able
> to do that. It seems to have the necessary command line options, but I
> have not been able to get even a simple anonymous client authentication
> example to work with a "real world" web service. (You can see my forum
> post on that subject at http://wso2.org/forum/thread/10137 )
>
> Unfortunately I don't think I can provide you any help, as it sounds
> like you probably have gotten deeper into it than I have. But if you do
> get your client working (or figure out how to make wsclient work), I
> would be grateful for any information, and could probably even provide
> some compensation for your time.
>
> Good luck and best regards,
>
> Jack McGregor
>
>
> donald yang wrote, On 7/12/2010 7:04 AM:
> > Hi All,
> >
> > I am trying to write A generic web service client using axis2/c 1.6 +
> > rampart/c 1.3 to call web service, which might have different web
> service
> > security requirements. But I have the following configuration problems to
> > access HTTPS. Could anyone give me a hand? Many thanks in advance.
> >
> > The web service to be accessed has defined *<TransportBinding>*
> > assertation. That
> > means the SOAP message will be transmited over SSL. Therefore I created a
> > client policy document, which is the same as the one on server side. To
> make
> > it work, I uncomment out *<transportSend name="https"
> > class="axis2_http_sender">* elment and specify the full path of server
> ssl
> > certificate in *$AXIS2C_HOME/axis2.xml*. The only way I can successfully
> > call the web service over HTTPS is that I don't load the policy and
> engage
> > rampart module. Therefore I have the following questions:
> >
> > a) why should I specify the full path of the server SSL certificate in
> the
> > axis2.xml? According to my understanding, this should automatically
> download
> > from the server during handshake.
> >
> > b) If we have to specify the full path of the server SSL certiciate in
> the
> > axis2.xml, that means that we also have to change *<parameter
> > anem="SERVER_CERT">* element in axis2.xml everytime when I access
> different
> > servers, which have different SSL certificates. This is because axis2.xml
> is
> > the global configuration. I know that I can specify the SSL certifcate in
> > local configuration, the client policy file, in *Rampart/JAVA*.
> Does*Rampart/C
> > * allow the SSL certificate specify locally like in Rampart/JAVA?
> >
> > c)If I load the policy file and engage rampart module in the client code,
> I
> > must comment out *<phase name="Security">* element from <inflow> and
> > <outflow> in axis2.xml. This disables security phase and therefore ignore
> > policy document actually. But the security phase should be enabled if I
> > access web service with other web service security requirements, such as
> > user token. That means I should enable *<phase name="Security"> *when
> > accessing web service with user token, disable *<phase name="Security">
> *when
> > accessing web service over HTTPS. This might suggest me that Rampart/C
> > cannot correctly understand *<TransportBinding>* assertation. Am I wrong?
> >
> > Many thanks again.
> >
> > best regards
> > yong
> >
> >
> >
> >
> >
> > No virus found in this incoming message.
> > Checked by AVG - www.avg.com
> > Version: 9.0.830 / Virus Database: 271.1.1/2997 - Release Date: 07/11/10
> 11:36:00
> >
> >
>
>
Re: problem to call web service over HTTPS from axis2c + ramparc
Posted by Jack McGregor <ja...@microsabio.com>.
Donald -
Excellent questions - I wish I had the answers myself. I too would
like to be able to use a generic web service command line client that
works with services requiring HTTPS and various kinds of
authentication. Mostly for testing, but in some cases, such a generic
utility for sending/receiving xml/soap document/transactions (i.e. one
that handles the connection/authentication/transmission logic while
leaving the xml parsing/serializing/deserializing/WSDL logic to be
handled independently) might even be useful in certain production
environments, as an alternative to creating a custom client for each web
service.
I'm not sure though why the existing wsclient utility shouldn't be able
to do that. It seems to have the necessary command line options, but I
have not been able to get even a simple anonymous client authentication
example to work with a "real world" web service. (You can see my forum
post on that subject at http://wso2.org/forum/thread/10137 )
Unfortunately I don't think I can provide you any help, as it sounds
like you probably have gotten deeper into it than I have. But if you do
get your client working (or figure out how to make wsclient work), I
would be grateful for any information, and could probably even provide
some compensation for your time.
Good luck and best regards,
Jack McGregor
donald yang wrote, On 7/12/2010 7:04 AM:
> Hi All,
>
> I am trying to write A generic web service client using axis2/c 1.6 +
> rampart/c 1.3 to call web service, which might have different web service
> security requirements. But I have the following configuration problems to
> access HTTPS. Could anyone give me a hand? Many thanks in advance.
>
> The web service to be accessed has defined *<TransportBinding>*
> assertation. That
> means the SOAP message will be transmited over SSL. Therefore I created a
> client policy document, which is the same as the one on server side. To make
> it work, I uncomment out *<transportSend name="https"
> class="axis2_http_sender">* elment and specify the full path of server ssl
> certificate in *$AXIS2C_HOME/axis2.xml*. The only way I can successfully
> call the web service over HTTPS is that I don't load the policy and engage
> rampart module. Therefore I have the following questions:
>
> a) why should I specify the full path of the server SSL certificate in the
> axis2.xml? According to my understanding, this should automatically download
> from the server during handshake.
>
> b) If we have to specify the full path of the server SSL certiciate in the
> axis2.xml, that means that we also have to change *<parameter
> anem="SERVER_CERT">* element in axis2.xml everytime when I access different
> servers, which have different SSL certificates. This is because axis2.xml is
> the global configuration. I know that I can specify the SSL certifcate in
> local configuration, the client policy file, in *Rampart/JAVA*. Does*Rampart/C
> * allow the SSL certificate specify locally like in Rampart/JAVA?
>
> c)If I load the policy file and engage rampart module in the client code, I
> must comment out *<phase name="Security">* element from <inflow> and
> <outflow> in axis2.xml. This disables security phase and therefore ignore
> policy document actually. But the security phase should be enabled if I
> access web service with other web service security requirements, such as
> user token. That means I should enable *<phase name="Security"> *when
> accessing web service with user token, disable *<phase name="Security"> *when
> accessing web service over HTTPS. This might suggest me that Rampart/C
> cannot correctly understand *<TransportBinding>* assertation. Am I wrong?
>
> Many thanks again.
>
> best regards
> yong
>
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.830 / Virus Database: 271.1.1/2997 - Release Date: 07/11/10 11:36:00
>
>