You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Samisa Abeysinghe (JIRA)" <ji...@apache.org> on 2010/12/22 00:22:00 UTC
[jira] Resolved: (RAMPART-300) Rampart automaticaly tries to load
an "Encryption user" if the security policy defines the use of a
UsernameToken with a AsymmetricBinding
[ https://issues.apache.org/jira/browse/RAMPART-300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Samisa Abeysinghe resolved RAMPART-300.
---------------------------------------
Resolution: Fixed
Fix Version/s: NextVersion
Assignee: Samisa Abeysinghe (was: Ruchith Udayanga Fernando)
Fix for RAMPART-225 should also fix this issue
> Rampart automaticaly tries to load an "Encryption user" if the security policy defines the use of a UsernameToken with a AsymmetricBinding
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-300
> URL: https://issues.apache.org/jira/browse/RAMPART-300
> Project: Rampart
> Issue Type: Bug
> Environment: OS: Linux. Axis2, RAMPART 1.5
> Reporter: cerbero
> Assignee: Samisa Abeysinghe
> Fix For: NextVersion
>
>
> Rampart automaticaly tries to load an "Encryption user" if the security policy defines the use of a UsernameToken with a AsymmetricBinding
> I have a service implemented using Websphere Message Broker and I'm developing an axis2 client for this service.
> To use this service, the message's body must be signed, to sign the message I created the following policy (based on rampart sample03):
> <?xml version="1.0" encoding="UTF-8"?>
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
> </wsp:Policy>
> </sp:SupportingTokens>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <!-- <sp:RequireThumbprintReference /> -->
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic128Rsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <!-- <sp:IncludeTimestamp /> -->
> <!-- <sp:OnlySignEntireHeadersAndBody /> -->
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> </wsp:Policy>
> </sp:Wss10>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:SignedParts>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>client</ramp:user>
> <ramp:userCertAlias>client</ramp:userCertAlias>
> <!-- <ramp:encryptionUser>client</ramp:encryptionUser> -->
> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">/home/.../src/client.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">changeme</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> The problem is that rampart is trying to retrieve "Encryption user" to encrypt the mesage, but I only wish sign the mesage.
> org.apache.axis2.AxisFault: Encryption user not specified (The context is created by the initiating party)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
> at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
> at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> at org.example.www.echoservice.EchoServiceStub.send(EchoServiceStub.java:187)
> at TesteSignOnly.main(TesteSignOnly.java:45)
> Caused by: org.apache.rampart.RampartException: Encryption user not specified (The context is created by the initiating party)
> at org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1254)
> at org.apache.rampart.util.RampartUtil.setEncryptionUser(RampartUtil.java:1242)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:536)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:95)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
> ... 8 more
> the code works fine, the message is signed, if I take out the snippet:
> <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
> </wsp:Policy>
> </sp:SupportingTokens>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org