You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Ben Mckenzie <bm...@highlineFI.com> on 2009/06/10 19:57:39 UTC

security token problem

Hello, I am using axis2 (1.4.1 build) and rampart (1.4) to access a .NET based SOAP server with the WSE extensions enabled.

I am using a policy.xml file which looks like this:


<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <wsp:Policy>
                    <sp:TransportToken>
                        <wsp:Policy>
                            <sp:HttpsToken RequireClientCertificate="false"/>
                        </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic256/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Lax/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                </wsp:Policy>
            </sp:TransportBinding>
            <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:HashPassword/>
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SignedSupportingTokens>
            <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                <ramp:user>xxxx</ramp:user>
                              <ramp:passwordCallbackClass>com.highlinedata.database.download.fdicweb.PWHandler</ramp:passwordCallbackClass>
            </ramp:RampartConfig>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

My retrieval service looks like this:

  public RetrievalServiceStub getRetrievalService() throws Exception {
    if(retrievalServiceClient == null) {
      retrievalServiceClient=new RetrievalServiceStub();
            ServiceClient sc=retrievalServiceClient._getServiceClient();
          Options options = sc.getOptions();
         options.setProperty(org.apache.rampart.RampartMessageData.KEY_RAMPART_POLICY,  loadPolicy("/home/bmckenzie/Documents/java/src/earlyreg/java/policy.xml"));
          org.apache.axis2.addressing.EndpointReference.addAnonymousEquivalentURI("http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous");
           org.apache.axis2.addressing.EndpointReference replyTo=new org.apache.axis2.addressing.EndpointReference();
           replyTo.setAddress("http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous");
         options.setReplyTo(replyTo);
         sc.engageModule(org.apache.axis2.Constants.MODULE_ADDRESSING);
        sc.engageModule("rampart");
    }

    return retrievalServiceClient;
  }

And I am getting the following error back:

org.apache.axis2.AxisFault: The security token could not be authenticated or authorized ---> WSE563: The computed password digest doesn't match
that of the incoming username token.

The WSDL I am using is freely available at:
https://cdr.ffiec.gov/public/pws/webservices/retrievalservice.asmx?WSDL

Any help would be much appreciated.  I have exhausted google searches, documentation, and all other resources that I could find before posting to the list.

Thanks,
Ben McKenzie