You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Stefan Lecho <st...@gmail.com> on 2008/02/26 13:27:25 UTC
[Axis2/Rampart] Using Rampart for OutFlow, but not for InFlow
Hi,
In one of our applications, we are contacting a Webservice for which the
requests should be signed, but for which the responses are not signed. We do
not control this webservice, so on the server side we can not change
anything. We are trying to build a client for this webservice, but found
some problems in using a policy-based configuration of the client.
With Axis2 v1.1.1 and rampart v1.1, we were able to configure Axis2 to
accept this kind of requirement by modifying the axis2.xml file. The
following modifications were included: <model ref="rampart"/><parameter
name="OutflowSecurity"><action><items>Signature</items>...</action></parameter>".
With Axis2 v1.3 and Rampart v1.3, we would like to achieve the same result
by using the policy-based configuration. Based on the provided
samples/policy/sample02/policy.xml file, we tried to only enable signature
on the Initiator but not on the Recipient. We have tried several things, but
without any success :o(. The response that is received by the client is
treated by the Rampart module, which results in a NullPointerException on
this code in RampartEngine:
"rmd.getMsgContext().getEnvelope().getHeader().getHeaderBlocksWithNSURI(...)"
because the SOAP-header element is missing in the response (because the
response was not signed).
How can we avoid the handling of non-signed responses by Rampart? Any help
with this issue would be highly appreciated :o).
Regards, Stefan Lecho.
Re: [Axis2/Rampart] Using Rampart for OutFlow, but not for InFlow
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Stefan,
There a small problem with the nightly builds in Rampart and
Glen is looking in to that matter. For the moment, you can download
the latest build from [1].
thanks,
/nandana
[1] - http://people.apache.org/~ruchithf/rampart/SNAPSHOT/
On Wed, Feb 27, 2008 at 2:40 PM, stlecho <st...@gmail.com> wrote:
>
> Hi Nandana,
>
> Thanks for your answer. We will try with the latest snapshot build available
> on
> http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/rampart-core/SNAPSHOT/.
>
> Do you have an idea if there are nightly builds that are available for
> download ?
>
> Regards, Stefan.
>
>
>
>
> Nunny wrote:
> >
> > Hi Stefan,
> > I think you will be able to get over with this problem using
> > operational level security. So you apply security policy not at the
> > end point level but at the operation level. I think the following code
> > snippet will help. But you may have to use Rampart SNAPSHOT not 1.3.
> >
> > ServiceClient client = new ServiceClient(ctx, null);
> >
> > AxisService service = client.getAxisService();
> >
> > service.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_SERVICE_POLICY,
> > servicePolicy);
> >
> > AxisOperation operation =
> > service.getOperation(ServiceClient.ANON_OUT_IN_OP);
> >
> > AxisMessage outMessage =
> > operation.getMessage(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
> >
> > outMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
> > outPolicy);
> >
> > AxisMessage inMessage =
> > operation.getMessage(WSDLConstants.MESSAGE_LABEL_IN_VALUE);
> >
> > inMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
> > inPolicy);
> >
> > thanks,
> > /nandana
> >
> >
> > On Tue, Feb 26, 2008 at 5:57 PM, Stefan Lecho <st...@gmail.com> wrote:
> >> Hi,
> >>
> >> In one of our applications, we are contacting a Webservice for which the
> >> requests should be signed, but for which the responses are not signed. We
> >> do
> >> not control this webservice, so on the server side we can not change
> >> anything. We are trying to build a client for this webservice, but found
> >> some problems in using a policy-based configuration of the client.
> >>
> >> With Axis2 v1.1.1 and rampart v1.1, we were able to configure Axis2 to
> >> accept this kind of requirement by modifying the axis2.xml file. The
> >> following modifications were included: <model ref="rampart"/><parameter
> >> name="OutflowSecurity"><action><items>Signature</items>...</action></parameter>".
> >>
> >> With Axis2 v1.3 and Rampart v1.3, we would like to achieve the same
> >> result
> >> by using the policy-based configuration. Based on the provided
> >> samples/policy/sample02/policy.xml file, we tried to only enable
> >> signature
> >> on the Initiator but not on the Recipient. We have tried several things,
> >> but
> >> without any success :o(. The response that is received by the client is
> >> treated by the Rampart module, which results in a NullPointerException on
> >> this code in RampartEngine:
> >> "rmd.getMsgContext().getEnvelope().getHeader().getHeaderBlocksWithNSURI(...)"
> >> because the SOAP-header element is missing in the response (because the
> >> response was not signed).
> >>
> >> How can we avoid the handling of non-signed responses by Rampart? Any
> >> help
> >> with this issue would be highly appreciated :o).
> >>
> >> Regards, Stefan Lecho.
> >>
> >
> > http://nandana83.blogspot.com/
> > http://nandanasm.wordpress.com/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
> >
>
> --
> View this message in context: http://www.nabble.com/-Axis2-Rampart--Using-Rampart-for-OutFlow%2C-but-not-for-InFlow-tp15689307p15709088.html
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Axis2/Rampart] Using Rampart for OutFlow, but not for InFlow
Posted by stlecho <st...@gmail.com>.
Hi Nandana,
Thanks for your answer. We will try with the latest snapshot build available
on
http://people.apache.org/repo/m2-snapshot-repository/org/apache/rampart/rampart-core/SNAPSHOT/.
Do you have an idea if there are nightly builds that are available for
download ?
Regards, Stefan.
Nunny wrote:
>
> Hi Stefan,
> I think you will be able to get over with this problem using
> operational level security. So you apply security policy not at the
> end point level but at the operation level. I think the following code
> snippet will help. But you may have to use Rampart SNAPSHOT not 1.3.
>
> ServiceClient client = new ServiceClient(ctx, null);
>
> AxisService service = client.getAxisService();
>
> service.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_SERVICE_POLICY,
> servicePolicy);
>
> AxisOperation operation =
> service.getOperation(ServiceClient.ANON_OUT_IN_OP);
>
> AxisMessage outMessage =
> operation.getMessage(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
>
> outMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
> outPolicy);
>
> AxisMessage inMessage =
> operation.getMessage(WSDLConstants.MESSAGE_LABEL_IN_VALUE);
>
> inMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
> inPolicy);
>
> thanks,
> /nandana
>
>
> On Tue, Feb 26, 2008 at 5:57 PM, Stefan Lecho <st...@gmail.com> wrote:
>> Hi,
>>
>> In one of our applications, we are contacting a Webservice for which the
>> requests should be signed, but for which the responses are not signed. We
>> do
>> not control this webservice, so on the server side we can not change
>> anything. We are trying to build a client for this webservice, but found
>> some problems in using a policy-based configuration of the client.
>>
>> With Axis2 v1.1.1 and rampart v1.1, we were able to configure Axis2 to
>> accept this kind of requirement by modifying the axis2.xml file. The
>> following modifications were included: <model ref="rampart"/><parameter
>> name="OutflowSecurity"><action><items>Signature</items>...</action></parameter>".
>>
>> With Axis2 v1.3 and Rampart v1.3, we would like to achieve the same
>> result
>> by using the policy-based configuration. Based on the provided
>> samples/policy/sample02/policy.xml file, we tried to only enable
>> signature
>> on the Initiator but not on the Recipient. We have tried several things,
>> but
>> without any success :o(. The response that is received by the client is
>> treated by the Rampart module, which results in a NullPointerException on
>> this code in RampartEngine:
>> "rmd.getMsgContext().getEnvelope().getHeader().getHeaderBlocksWithNSURI(...)"
>> because the SOAP-header element is missing in the response (because the
>> response was not signed).
>>
>> How can we avoid the handling of non-signed responses by Rampart? Any
>> help
>> with this issue would be highly appreciated :o).
>>
>> Regards, Stefan Lecho.
>>
>
> http://nandana83.blogspot.com/
> http://nandanasm.wordpress.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/-Axis2-Rampart--Using-Rampart-for-OutFlow%2C-but-not-for-InFlow-tp15689307p15709088.html
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Axis2/Rampart] Using Rampart for OutFlow, but not for InFlow
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi,
see the inline comments.
I'm now using Axis 1.4. Can you tell me how to migrate the code
>
>
> service.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
> servicePolicy);
>
> to Axis 1.4 ? The method attachPolicy does take anymore a PolicyInclude
> constant as parameter ?
>
in Axis2 1.4, PolicyInclude is deprecated. Now you attach policies using
Policy subjects.
service.getPolicySubject().attachPolicy(servicePolicy)
for operation and message, it's the same.
thanks,
nandana
> Nunny wrote:
> >
> > Hi Stefan,
> > I think you will be able to get over with this problem using
> > operational level security. So you apply security policy not at the
> > end point level but at the operation level. I think the following code
> > snippet will help. But you may have to use Rampart SNAPSHOT not 1.3.
> >
> > ServiceClient client = new ServiceClient(ctx, null);
> >
> > AxisService service = client.getAxisService();
> >
> >
> service.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_SERVICE_POLICY,
> > servicePolicy);
> >
> > AxisOperation operation =
> > service.getOperation(ServiceClient.ANON_OUT_IN_OP);
> >
> > AxisMessage outMessage =
> > operation.getMessage(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
> >
> >
> outMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
> > outPolicy);
> >
> > AxisMessage inMessage =
> > operation.getMessage(WSDLConstants.MESSAGE_LABEL_IN_VALUE);
> >
> >
> inMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
> > inPolicy);
> >
> > thanks,
> > /nandana
> >
> >
> > On Tue, Feb 26, 2008 at 5:57 PM, Stefan Lecho <st...@gmail.com> wrote:
> >> Hi,
> >>
> >> In one of our applications, we are contacting a Webservice for which the
> >> requests should be signed, but for which the responses are not signed.
> We
> >> do
> >> not control this webservice, so on the server side we can not change
> >> anything. We are trying to build a client for this webservice, but found
> >> some problems in using a policy-based configuration of the client.
> >>
> >> With Axis2 v1.1.1 and rampart v1.1, we were able to configure Axis2 to
> >> accept this kind of requirement by modifying the axis2.xml file. The
> >> following modifications were included: <model ref="rampart"/><parameter
> >>
> name="OutflowSecurity"><action><items>Signature</items>...</action></parameter>".
> >>
> >> With Axis2 v1.3 and Rampart v1.3, we would like to achieve the same
> >> result
> >> by using the policy-based configuration. Based on the provided
> >> samples/policy/sample02/policy.xml file, we tried to only enable
> >> signature
> >> on the Initiator but not on the Recipient. We have tried several things,
> >> but
> >> without any success :o(. The response that is received by the client is
> >> treated by the Rampart module, which results in a NullPointerException
> on
> >> this code in RampartEngine:
> >>
> "rmd.getMsgContext().getEnvelope().getHeader().getHeaderBlocksWithNSURI(...)"
> >> because the SOAP-header element is missing in the response (because the
> >> response was not signed).
> >>
> >> How can we avoid the handling of non-signed responses by Rampart? Any
> >> help
> >> with this issue would be highly appreciated :o).
> >>
> >> Regards, Stefan Lecho.
> >>
> >
> > http://nandana83.blogspot.com/
> > http://nandanasm.wordpress.com/
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/-Axis2-Rampart--Using-Rampart-for-OutFlow%2C-but-not-for-InFlow-tp15689307p18826338.html
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org
Re: [Axis2/Rampart] Using Rampart for OutFlow, but not for InFlow
Posted by gprovost <pr...@fednot.be>.
Hi,
I'm now using Axis 1.4. Can you tell me how to migrate the code
service.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
servicePolicy);
to Axis 1.4 ? The method attachPolicy does take anymore a PolicyInclude
constant as parameter ?
Thanks
Grégory
Nunny wrote:
>
> Hi Stefan,
> I think you will be able to get over with this problem using
> operational level security. So you apply security policy not at the
> end point level but at the operation level. I think the following code
> snippet will help. But you may have to use Rampart SNAPSHOT not 1.3.
>
> ServiceClient client = new ServiceClient(ctx, null);
>
> AxisService service = client.getAxisService();
>
> service.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_SERVICE_POLICY,
> servicePolicy);
>
> AxisOperation operation =
> service.getOperation(ServiceClient.ANON_OUT_IN_OP);
>
> AxisMessage outMessage =
> operation.getMessage(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
>
> outMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
> outPolicy);
>
> AxisMessage inMessage =
> operation.getMessage(WSDLConstants.MESSAGE_LABEL_IN_VALUE);
>
> inMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
> inPolicy);
>
> thanks,
> /nandana
>
>
> On Tue, Feb 26, 2008 at 5:57 PM, Stefan Lecho <st...@gmail.com> wrote:
>> Hi,
>>
>> In one of our applications, we are contacting a Webservice for which the
>> requests should be signed, but for which the responses are not signed. We
>> do
>> not control this webservice, so on the server side we can not change
>> anything. We are trying to build a client for this webservice, but found
>> some problems in using a policy-based configuration of the client.
>>
>> With Axis2 v1.1.1 and rampart v1.1, we were able to configure Axis2 to
>> accept this kind of requirement by modifying the axis2.xml file. The
>> following modifications were included: <model ref="rampart"/><parameter
>> name="OutflowSecurity"><action><items>Signature</items>...</action></parameter>".
>>
>> With Axis2 v1.3 and Rampart v1.3, we would like to achieve the same
>> result
>> by using the policy-based configuration. Based on the provided
>> samples/policy/sample02/policy.xml file, we tried to only enable
>> signature
>> on the Initiator but not on the Recipient. We have tried several things,
>> but
>> without any success :o(. The response that is received by the client is
>> treated by the Rampart module, which results in a NullPointerException on
>> this code in RampartEngine:
>> "rmd.getMsgContext().getEnvelope().getHeader().getHeaderBlocksWithNSURI(...)"
>> because the SOAP-header element is missing in the response (because the
>> response was not signed).
>>
>> How can we avoid the handling of non-signed responses by Rampart? Any
>> help
>> with this issue would be highly appreciated :o).
>>
>> Regards, Stefan Lecho.
>>
>
> http://nandana83.blogspot.com/
> http://nandanasm.wordpress.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/-Axis2-Rampart--Using-Rampart-for-OutFlow%2C-but-not-for-InFlow-tp15689307p18826338.html
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Axis2/Rampart] Using Rampart for OutFlow, but not for InFlow
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Stefan,
I think you will be able to get over with this problem using
operational level security. So you apply security policy not at the
end point level but at the operation level. I think the following code
snippet will help. But you may have to use Rampart SNAPSHOT not 1.3.
ServiceClient client = new ServiceClient(ctx, null);
AxisService service = client.getAxisService();
service.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_SERVICE_POLICY,
servicePolicy);
AxisOperation operation =
service.getOperation(ServiceClient.ANON_OUT_IN_OP);
AxisMessage outMessage =
operation.getMessage(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
outMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
outPolicy);
AxisMessage inMessage =
operation.getMessage(WSDLConstants.MESSAGE_LABEL_IN_VALUE);
inMessage.getPolicyInclude().addPolicyElement(PolicyInclude.AXIS_MESSAGE_POLICY,
inPolicy);
thanks,
/nandana
On Tue, Feb 26, 2008 at 5:57 PM, Stefan Lecho <st...@gmail.com> wrote:
> Hi,
>
> In one of our applications, we are contacting a Webservice for which the
> requests should be signed, but for which the responses are not signed. We do
> not control this webservice, so on the server side we can not change
> anything. We are trying to build a client for this webservice, but found
> some problems in using a policy-based configuration of the client.
>
> With Axis2 v1.1.1 and rampart v1.1, we were able to configure Axis2 to
> accept this kind of requirement by modifying the axis2.xml file. The
> following modifications were included: <model ref="rampart"/><parameter
> name="OutflowSecurity"><action><items>Signature</items>...</action></parameter>".
>
> With Axis2 v1.3 and Rampart v1.3, we would like to achieve the same result
> by using the policy-based configuration. Based on the provided
> samples/policy/sample02/policy.xml file, we tried to only enable signature
> on the Initiator but not on the Recipient. We have tried several things, but
> without any success :o(. The response that is received by the client is
> treated by the Rampart module, which results in a NullPointerException on
> this code in RampartEngine:
> "rmd.getMsgContext().getEnvelope().getHeader().getHeaderBlocksWithNSURI(...)"
> because the SOAP-header element is missing in the response (because the
> response was not signed).
>
> How can we avoid the handling of non-signed responses by Rampart? Any help
> with this issue would be highly appreciated :o).
>
> Regards, Stefan Lecho.
>
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org