You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Ben Mckenzie <bm...@highlineFI.com> on 2009/06/10 19:57:39 UTC
security token problem
Hello, I am using axis2 (1.4.1 build) and rampart (1.4) to access a .NET based SOAP server with the WSE extensions enabled.
I am using a policy.xml file which looks like this:
<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>xxxx</ramp:user>
<ramp:passwordCallbackClass>com.highlinedata.database.download.fdicweb.PWHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
My retrieval service looks like this:
public RetrievalServiceStub getRetrievalService() throws Exception {
if(retrievalServiceClient == null) {
retrievalServiceClient=new RetrievalServiceStub();
ServiceClient sc=retrievalServiceClient._getServiceClient();
Options options = sc.getOptions();
options.setProperty(org.apache.rampart.RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("/home/bmckenzie/Documents/java/src/earlyreg/java/policy.xml"));
org.apache.axis2.addressing.EndpointReference.addAnonymousEquivalentURI("http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous");
org.apache.axis2.addressing.EndpointReference replyTo=new org.apache.axis2.addressing.EndpointReference();
replyTo.setAddress("http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous");
options.setReplyTo(replyTo);
sc.engageModule(org.apache.axis2.Constants.MODULE_ADDRESSING);
sc.engageModule("rampart");
}
return retrievalServiceClient;
}
And I am getting the following error back:
org.apache.axis2.AxisFault: The security token could not be authenticated or authorized ---> WSE563: The computed password digest doesn't match
that of the incoming username token.
The WSDL I am using is freely available at:
https://cdr.ffiec.gov/public/pws/webservices/retrievalservice.asmx?WSDL
Any help would be much appreciated. I have exhausted google searches, documentation, and all other resources that I could find before posting to the list.
Thanks,
Ben McKenzie