You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Sanane Söylemezoglu <sd...@hotmail.de> on 2007/08/29 09:23:13 UTC
Using rampart without engaging on client side
Hi, i developed an simple webservice which only returns a value. The communication between client and webservice must be secure, therefore i used rampart. I developed it similiar to the sample04 of the rampart examples. It works well when i engage rampart on client side. But i dont want this, the rampart module is engaged on service side. The client should only send data on a secure way to the service.
If i leave out engaging rampart on client side the data is send in plain text !! Why ? Have i to engage rampart on client side? Is there a other way ?
I use axis2 1.2, rampart 1.2, ws-policy policy is same as in sample04 of rampart examples Here is my client code: ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("C:\\..\\webapps\\axis2\\WEB-INF", null); ServiceClient client = new ServiceClient(ctx, null); Options options =new Options(); options.setAction("urn:test");
options.setTo(new EndpointReference( "https://localhost/axis2/services/TestService")); InputStream policyStream = new ClassPathResource("policy.xml").getInputStream(); options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(policyStream)); client.setOptions(options); client.engageModule("rampart"); OMElement response = client.sendReceive(getPayload("testvalue"));
I also tried it with OpereationClient but this time the Exception "Missing Timestamp" ist thrown, if i engage rampart it works.
ServiceClient client = new ServiceClient();
Options opt = new Options();
opt.setTo(new EndpointReference("http://localhost/axis2/services/TestService"));
opt.setAction("urn:test");
InputStream policyStream = new ClassPathResource("policy.xml").getInputStream();
opt.setProperty(RampartMessageData.KEY_RAMPART_POLICY,loadPolicy(policyStream));
client.setOptions(opt);
MessageContext outMsgCtx = new MessageContext();
SOAPFactory fac = OMAbstractFactory.getSOAP11Factory();
SOAPEnvelope env = fac.getDefaultEnvelope();
env.getBody().addChild(getPayload("testvalue"));
outMsgCtx.setEnvelope(env);
OperationClient opClient = client.createClient(ServiceClient.ANON_OUT_IN_OP);
opClient.addMessageContext(outMsgCtx);
opClient.execute(true);
MessageContext responseMsgCtx = opClient.getMessageContext(org.apache.axis2.wsdl.WSDLConstants.MESSAGE_LABEL_IN_VALUE);
SOAPEnvelope response = responseMsgCtx.getEnvelope();
I hope you can help me
Best regards
_________________________________________________________________
Windows Live Writer Beta - Veröffentlichen Sie Multimediainhalte in Ihrem Blog!
http://get.live.com/messenger/overview
Re: Using rampart without engaging on client side
Posted by Dimuthu <mu...@apache.org>.
Hi,
When securing a SOAP messages, the sender must know what security
actions to be performed on the message and the receiver must know enough
details to process and validate the security of the message.
If client does not provide the required security, service throws an
Exception. In your case the service expects a Timestamp, when the client
fails to send it, a "Missing Timestamp" Exception is thrown.
Therefore when using Rampart with Axis2, it must be engaged at both
ends.
Regards,
Dimuthu
On Wed, 2007-08-29 at 08:23 +0100, Sanane Söylemezoglu wrote:
> Hi, i developed an simple webservice which only returns a value. The communication between client and webservice must be secure, therefore i used rampart. I developed it similiar to the sample04 of the rampart examples. It works well when i engage rampart on client side. But i dont want this, the rampart module is engaged on service side. The client should only send data on a secure way to the service.
> If i leave out engaging rampart on client side the data is send in plain text !! Why ? Have i to engage rampart on client side? Is there a other way ?
> I use axis2 1.2, rampart 1.2, ws-policy policy is same as in sample04 of rampart examples Here is my client code: ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("C:\\..\\webapps\\axis2\\WEB-INF", null); ServiceClient client = new ServiceClient(ctx, null); Options options =new Options(); options.setAction("urn:test");
> options.setTo(new EndpointReference( "https://localhost/axis2/services/TestService")); InputStream policyStream = new ClassPathResource("policy.xml").getInputStream(); options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(policyStream)); client.setOptions(options); client.engageModule("rampart"); OMElement response = client.sendReceive(getPayload("testvalue"));
>
>
> I also tried it with OpereationClient but this time the Exception "Missing Timestamp" ist thrown, if i engage rampart it works.
>
>
> ServiceClient client = new ServiceClient();
> Options opt = new Options();
>
> opt.setTo(new EndpointReference("http://localhost/axis2/services/TestService"));
> opt.setAction("urn:test");
>
> InputStream policyStream = new ClassPathResource("policy.xml").getInputStream();
>
> opt.setProperty(RampartMessageData.KEY_RAMPART_POLICY,loadPolicy(policyStream));
>
> client.setOptions(opt);
> MessageContext outMsgCtx = new MessageContext();
>
> SOAPFactory fac = OMAbstractFactory.getSOAP11Factory();
> SOAPEnvelope env = fac.getDefaultEnvelope();
> env.getBody().addChild(getPayload("testvalue"));
>
> outMsgCtx.setEnvelope(env);
>
> OperationClient opClient = client.createClient(ServiceClient.ANON_OUT_IN_OP);
> opClient.addMessageContext(outMsgCtx);
>
> opClient.execute(true);
>
>
> MessageContext responseMsgCtx = opClient.getMessageContext(org.apache.axis2.wsdl.WSDLConstants.MESSAGE_LABEL_IN_VALUE);
> SOAPEnvelope response = responseMsgCtx.getEnvelope();
>
>
> I hope you can help me
>
> Best regards
>
> _________________________________________________________________
> Windows Live Writer Beta - Veröffentlichen Sie Multimediainhalte in Ihrem Blog!
> http://get.live.com/messenger/overview