You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by "Kar, Sagar (Genworth, Contractor)" <Sa...@genworth.com> on 2006/05/23 16:56:18 UTC
[Axis2] WS-Security: Security module isn't doing anything
Hi,
I am trying to use Axis2 to invoke a secured web service deployed on a
websphere appserver v 6.0.
I am a newbie to WS-Security and Axis2.
The websphere service is working fine and I can hit it with a websphere
client.
I just want to configure axis2 so that the rampart module starts to
create the required security headers.
The problem is that rampart is not doing anything ..... And I am unable
to figure out how do I ask it to start generating the headers. Its not
even throwing up so I don't know if its configured properly or not.
Do I need to add something in <phaseOrder type="outflow"> that would
start it up.
Following is my axis2.xml and sec.properties. If the values are
incorrect then isn't the rampart module supposed to throw some
exceptions?
-------------------------------------Axis2.xml--------------------------
----------------
<axisconfig name="AxisJava2.0">
<!-- Engage the addressing module -->
<module ref="addressing"/>
<!-- Engage the security module -->
<module ref="rampart"/>
<!-- Test with addressing and MTOM: Client's Configuration:START-->
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>esb</user>
<passwordCallbackClass>test.PWCallback</passwordCallbackClass>
<signaturePropFile>sec.properties</signaturePropFile>
<signatureKeyIdentifier>KeyIdentifier</signatureKeyIdentifier>
<signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Eleme
nt}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3
.org/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/w
ss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signat
ureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</op
timizeParts>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass
>
<signaturePropFile>sec.properties</signaturePropFile>
</action>
</parameter>
<!-- Test with addressing and MTOM: Client's Configuration:END-->
<!-- ================================================= -->
<!-- Parameters -->
<!-- ================================================= -->
<parameter name="hotdeployment" locked="false">true</parameter>
<parameter name="hotupdate" locked="false">false</parameter>
<parameter name="enableMTOM" locked="false">true</parameter>
<!-- Uncomment this to enable REST support -->
<!-- <parameter name="enableREST"
locked="false">true</parameter>-->
<parameter name="userName" locked="false">admin</parameter>
<parameter name="password" locked="false">axis2</parameter>
<!-- ================================================= -->
<!-- Message Receivers -->
<!-- ================================================= -->
<!--This is the Deafult Message Receiver for the system , if you
want to have MessageReceivers for -->
<!--all the other MEP implement it and add the correct entry to here
, so that you can refer from-->
<!--any operation -->
<!--Note : You can ovride this for particular service by adding the
same element with your requirement-->
<messageReceivers>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
</messageReceivers>
<!-- ================================================= -->
<!-- Transport Ins -->
<!-- ================================================= -->
<transportReceiver name="http"
class="org.apache.axis2.transport.http.SimpleHTTPServer">
<parameter name="port" locked="false">6060</parameter>
<!--If you want to give your own host address for EPR
generation-->
<!--uncommet following paramter , and set as you required.-->
<!--<parameter name="hostname"
locked="false">http://myApp.com/ws</parameter>-->
</transportReceiver>
<transportReceiver name="tcp"
class="org.apache.axis2.transport.tcp.TCPServer">
<parameter name="port" locked="false">6061</parameter>
<!--If you want to give your own host address for EPR
generation-->
<!--uncommet following paramter , and set as you required.-->
<!--<parameter name="hostname"
locked="false">tcp://myApp.com/ws</parameter>-->
</transportReceiver>
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
<transportSender name="tcp"
class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local"
class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="jms"
class="org.apache.axis2.transport.jms.JMSSender"/>
<transportSender name="http"
class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
<parameter name="Transfer-Encoding"
locked="false">chunked</parameter>
</transportSender>
<transportSender name="https"
class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
<parameter name="Transfer-Encoding"
locked="false">chunked</parameter>
</transportSender>
<!-- ================================================= -->
<!-- Phases -->
<!-- ================================================= -->
<phaseOrder type="inflow">
<!-- System pre defined phases -->
<phase name="Transport">
<handler name="RequestURIBasedDispatcher"
class="org.apache.axis2.engine.RequestURIBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="SOAPActionBasedDispatcher"
class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
<order phase="Dispatch"/>
</handler>
</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>
<phase name="Dispatch"
class="org.apache.axis2.engine.DispatchPhase">
<handler name="AddressingBasedDispatcher"
class="org.apache.axis2.engine.AddressingBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="SOAPMessageBodyBasedDispatcher"
class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="InstanceDispatcher"
class="org.apache.axis2.engine.InstanceDispatcher">
<order phase="PostDispatch"/>
</handler>
</phase>
<!-- System pre defined phases -->
<!-- After Postdispatch phase module author or or service
author can add any phase he want -->
<phase name="OperationInPhase"/>
</phaseOrder>
<phaseOrder type="outflow">
<!-- user can add his own phases to this area -->
<phase name="OperationOutPhase"/>
<!--system predefined phase-->
<!--these phase will run irrespective of the service-->
<phase name="PolicyDetermination"/>
<phase name="MessageOut"/>
</phaseOrder>
<phaseOrder type="INfaultflow">
<phase name="PreDispatch"/>
<phase name="Dispatch"
class="org.apache.axis2.engine.DispatchPhase">
<handler name="RequestURIBasedDispatcher"
class="org.apache.axis2.engine.RequestURIBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="SOAPActionBasedDispatcher"
class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="AddressingBasedDispatcher"
class="org.apache.axis2.engine.AddressingBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="SOAPMessageBodyBasedDispatcher"
class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="InstanceDispatcher"
class="org.apache.axis2.engine.InstanceDispatcher">
<order phase="PostDispatch"/>
</handler>
</phase>
<!-- user can add his own phases to this area -->
<phase name="OperationInFaultPhase"/>
</phaseOrder>
<phaseOrder type="Outfaultflow">
<!-- user can add his own phases to this area -->
<phase name="OperationOutFaultPhase"/>
<phase name="PolicyDetermination"/>
<phase name="MessageOut"/>
</phaseOrder>
</axisconfig>
------------------------------------------------sec.properties----------
----------------
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=clientstore
org.apache.ws.security.crypto.merlin.file=D:\security\esb_test\clientsto
re.jks
Thanks and regards,
Sagar Kar
Patni Computer Systems Inc.
' 434-845-0911 Ext. 4724
Visit us at: http://www.patni.com
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Axis2] WS-Security: Security module isn't doing anything
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Did you specify the location of the axis2.xml file when you created
the service client or the Stub?
OR
Did you provide the location of the axis2.xml file in the VM argument
named "axis2.xml" (Example: -Daxis2.xml=/path/to/axis2.xml) ?
Thanks,
Ruchith
On 5/23/06, Kar, Sagar (Genworth, Contractor) <Sa...@genworth.com> wrote:
> Hi,
>
> I am trying to use Axis2 to invoke a secured web service deployed on a
> websphere appserver v 6.0.
> I am a newbie to WS-Security and Axis2.
> The websphere service is working fine and I can hit it with a websphere
> client.
> I just want to configure axis2 so that the rampart module starts to
> create the required security headers.
> The problem is that rampart is not doing anything ..... And I am unable
> to figure out how do I ask it to start generating the headers. Its not
> even throwing up so I don't know if its configured properly or not.
> Do I need to add something in <phaseOrder type="outflow"> that would
> start it up.
>
>
> Following is my axis2.xml and sec.properties. If the values are
> incorrect then isn't the rampart module supposed to throw some
> exceptions?
> -------------------------------------Axis2.xml--------------------------
> ----------------
> <axisconfig name="AxisJava2.0">
>
> <!-- Engage the addressing module -->
> <module ref="addressing"/>
>
> <!-- Engage the security module -->
> <module ref="rampart"/>
>
> <!-- Test with addressing and MTOM: Client's Configuration:START-->
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Timestamp Signature Encrypt</items>
> <user>esb</user>
> <passwordCallbackClass>test.PWCallback</passwordCallbackClass>
> <signaturePropFile>sec.properties</signaturePropFile>
> <signatureKeyIdentifier>KeyIdentifier</signatureKeyIdentifier>
>
> <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Eleme
> nt}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3
> .org/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/w
> ss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signat
> ureParts>
>
> <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</op
> timizeParts>
> </action>
> </parameter>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Timestamp Signature Encrypt</items>
>
> <passwordCallbackClass>sample.security.PWCallback</passwordCallbackClass
> >
> <signaturePropFile>sec.properties</signaturePropFile>
> </action>
> </parameter>
>
> <!-- Test with addressing and MTOM: Client's Configuration:END-->
>
> <!-- ================================================= -->
> <!-- Parameters -->
> <!-- ================================================= -->
> <parameter name="hotdeployment" locked="false">true</parameter>
> <parameter name="hotupdate" locked="false">false</parameter>
> <parameter name="enableMTOM" locked="false">true</parameter>
> <!-- Uncomment this to enable REST support -->
> <!-- <parameter name="enableREST"
> locked="false">true</parameter>-->
>
>
> <parameter name="userName" locked="false">admin</parameter>
> <parameter name="password" locked="false">axis2</parameter>
>
> <!-- ================================================= -->
> <!-- Message Receivers -->
> <!-- ================================================= -->
> <!--This is the Deafult Message Receiver for the system , if you
> want to have MessageReceivers for -->
> <!--all the other MEP implement it and add the correct entry to here
> , so that you can refer from-->
> <!--any operation -->
> <!--Note : You can ovride this for particular service by adding the
> same element with your requirement-->
> <messageReceivers>
> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
>
> class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
>
> class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
> </messageReceivers>
> <!-- ================================================= -->
> <!-- Transport Ins -->
> <!-- ================================================= -->
> <transportReceiver name="http"
>
> class="org.apache.axis2.transport.http.SimpleHTTPServer">
> <parameter name="port" locked="false">6060</parameter>
> <!--If you want to give your own host address for EPR
> generation-->
> <!--uncommet following paramter , and set as you required.-->
> <!--<parameter name="hostname"
> locked="false">http://myApp.com/ws</parameter>-->
> </transportReceiver>
>
> <transportReceiver name="tcp"
> class="org.apache.axis2.transport.tcp.TCPServer">
> <parameter name="port" locked="false">6061</parameter>
> <!--If you want to give your own host address for EPR
> generation-->
> <!--uncommet following paramter , and set as you required.-->
> <!--<parameter name="hostname"
> locked="false">tcp://myApp.com/ws</parameter>-->
> </transportReceiver>
>
> <!-- ================================================= -->
> <!-- Transport Outs -->
> <!-- ================================================= -->
>
> <transportSender name="tcp"
>
> class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
> <transportSender name="local"
>
> class="org.apache.axis2.transport.local.LocalTransportSender"/>
> <transportSender name="jms"
> class="org.apache.axis2.transport.jms.JMSSender"/>
> <transportSender name="http"
>
> class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="Transfer-Encoding"
> locked="false">chunked</parameter>
> </transportSender>
> <transportSender name="https"
>
> class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
> <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
> <parameter name="Transfer-Encoding"
> locked="false">chunked</parameter>
> </transportSender>
>
> <!-- ================================================= -->
> <!-- Phases -->
> <!-- ================================================= -->
> <phaseOrder type="inflow">
> <!-- System pre defined phases -->
> <phase name="Transport">
> <handler name="RequestURIBasedDispatcher"
>
> class="org.apache.axis2.engine.RequestURIBasedDispatcher">
> <order phase="Dispatch"/>
> </handler>
> <handler name="SOAPActionBasedDispatcher"
>
> class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
> <order phase="Dispatch"/>
> </handler>
> </phase>
> <phase name="Security"/>
> <phase name="PreDispatch"/>
> <phase name="Dispatch"
> class="org.apache.axis2.engine.DispatchPhase">
> <handler name="AddressingBasedDispatcher"
>
> class="org.apache.axis2.engine.AddressingBasedDispatcher">
> <order phase="Dispatch"/>
> </handler>
>
> <handler name="SOAPMessageBodyBasedDispatcher"
>
> class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
> <order phase="Dispatch"/>
> </handler>
> <handler name="InstanceDispatcher"
> class="org.apache.axis2.engine.InstanceDispatcher">
> <order phase="PostDispatch"/>
> </handler>
> </phase>
> <!-- System pre defined phases -->
> <!-- After Postdispatch phase module author or or service
> author can add any phase he want -->
> <phase name="OperationInPhase"/>
> </phaseOrder>
> <phaseOrder type="outflow">
> <!-- user can add his own phases to this area -->
> <phase name="OperationOutPhase"/>
> <!--system predefined phase-->
> <!--these phase will run irrespective of the service-->
> <phase name="PolicyDetermination"/>
> <phase name="MessageOut"/>
> </phaseOrder>
> <phaseOrder type="INfaultflow">
> <phase name="PreDispatch"/>
> <phase name="Dispatch"
> class="org.apache.axis2.engine.DispatchPhase">
> <handler name="RequestURIBasedDispatcher"
>
> class="org.apache.axis2.engine.RequestURIBasedDispatcher">
> <order phase="Dispatch"/>
> </handler>
>
> <handler name="SOAPActionBasedDispatcher"
>
> class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
> <order phase="Dispatch"/>
> </handler>
>
> <handler name="AddressingBasedDispatcher"
>
> class="org.apache.axis2.engine.AddressingBasedDispatcher">
> <order phase="Dispatch"/>
> </handler>
>
> <handler name="SOAPMessageBodyBasedDispatcher"
>
> class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
> <order phase="Dispatch"/>
> </handler>
> <handler name="InstanceDispatcher"
> class="org.apache.axis2.engine.InstanceDispatcher">
> <order phase="PostDispatch"/>
> </handler>
> </phase>
> <!-- user can add his own phases to this area -->
> <phase name="OperationInFaultPhase"/>
> </phaseOrder>
> <phaseOrder type="Outfaultflow">
> <!-- user can add his own phases to this area -->
> <phase name="OperationOutFaultPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="MessageOut"/>
> </phaseOrder>
> </axisconfig>
> ------------------------------------------------sec.properties----------
> ----------------
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components
> .crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=clientstore
> org.apache.ws.security.crypto.merlin.file=D:\security\esb_test\clientsto
> re.jks
>
>
>
> Thanks and regards,
> Sagar Kar
> Patni Computer Systems Inc.
> ' 434-845-0911 Ext. 4724
> Visit us at: http://www.patni.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org