axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: [Axis2] Services.xml is wrong but when the WSDL queried is corrected somewhere?
Date Tue, 06 Nov 2007 22:21:37 GMT
Hi Dobri,

Are you using rampart-policy-<version>.jar to create and serialize this policy?
We fixed a lot of policy serialization issues in rampart-policy after
1.3. Can you please try using the rampart-policy-SNAPSHOT.jar from the
latest trunk?

Thanks,
Ruchith

p.s. Please subscribe (rampart-dev-subscribe@ws.apache.org) and post
rampart related issues to rampart-dev@ws.apache.org list.

On 10/31/07, Dobri Kitipov <kdobrik.axis2@googlemail.com> wrote:
> Hi everybody,
> I am using Axis2 1.3 and rampart2 1.2.
> I observed something interesting. I am using a custom tool to generate a
> services.xml. This tool is under development so it did not works perfect at
> the moment. I am testing the symmetric binding and have the following
> services.xml generated:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <serviceGroup>
>   <service name="HelloPojo">
>     <description>Web Service HelloPojo</description>
>     <parameter
> name="ServiceClass">com.mycompany.wsstack.pojo.HelloPojo</parameter>
>     <messageReceivers>
>       <messageReceiver
>
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver "
> mep="http://www.w3.org/2004/08/wsdl/in-out"/>
>     </messageReceivers>
>     <operation name="sayHello"/>
>     <wsp:Policy wsu:Id="User defined"
>
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>       <wsp:ExactlyOne>
>         <wsp:All>
>           <sp:SymmetricBinding xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>             <wsp:Policy>
>               <sp:ProtectionToken>
>                  <sp:ProtectionToken>
>                   <sp:X509Token sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
>                     <wsp:Policy>
>                        <sp:WssX509V3Token10/>
>                       <sp:RequireDerivedKeys/>
>                      </wsp:Policy>
>                   </sp:X509Token>
>                  </sp:ProtectionToken>
>               </sp:ProtectionToken>
>               <sp:AlgorithmSuite xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                 <wsp:Policy>
>                   <sp:Basic128/>
>                 </wsp:Policy>
>               </sp:AlgorithmSuite>
>               <sp:Layout>
>                 <wsp:Policy>
>                   <sp:Strict/>
>                 </wsp:Policy>
>               </sp:Layout>
>               <sp:ProtectionToken>
>                 <sp:ProtectionToken>
>                   <sp:X509Token sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
>                      <wsp:Policy>
>                       <sp:WssX509V3Token10/>
>                        <sp:RequireDerivedKeys/>
>                     </wsp:Policy>
>                    </sp:X509Token>
>                 </sp:ProtectionToken>
>                </sp:ProtectionToken>
>             </wsp:Policy>
>           </sp:SymmetricBinding>
>           <sp:Wss10 xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>             <sp:Policy>
>               <sp:MustSupportRefKeyIdentifier/>
>               <sp:MustSupportRefIssuerSerial/>
>             </sp:Policy>
>           </sp:Wss10>
>           <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>              <wsp:Policy/>
>           </sp:SignedSupportingTokens>
>           <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy">
>             <ramp:user>service</ramp:user>
>
> <ramp:encryptionUser>client</ramp:encryptionUser>
>
> <ramp:passwordCallbackClass>com.mycompany.wsstack.pwcb.PasswordCallbackHandler
> </ramp:passwordCallbackClass>
>             <ramp:signatureCrypto>
>               <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
>                 <ramp:property name="
> org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>                 <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
>                  <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">openssl</ramp:property>
>               </ramp:crypto>
>             </ramp:signatureCrypto>
>             <ramp:encryptionCypto>
>               <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
>                 <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type
> ">JKS</ramp:property>
>                 <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
>                 <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password
> ">openssl</ramp:property>
>               </ramp:crypto>
>             </ramp:encryptionCypto>
>           </ramp:RampartConfig>
>         </wsp:All>
>       </wsp:ExactlyOne>
>     </wsp:Policy>
>     <module ref="addressing"/>
>     <module ref="rampart"/>
>   </service>
> </serviceGroup>
>
> You can see in bold that <sp:ProtectionToken> is not correctly formed. it
> has two opening and closing <sp:ProtectionToken>  tags. The second one
> should be replaced by <sp:Policy> tag. Another problem is that
> <sp:ProtectionToken> block is set twice into the file.
> THE interesting thing is that when I deploy the AAR at Tomcat 5.5.20 and
> query the ?wsdl the policy in the wsdl returned is correct and obviously
> fixed at some stage. Here is an excerpt from the wsdl that contains the
> policy:
>
> <wsp:Policy
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="User defined">
>         <wsp:ExactlyOne>
>             <wsp:All>
>                 <sp:SymmetricBinding xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                     <wsp:Policy>
>                         <sp:ProtectionToken>
>                             <wsp:Policy>
>                                 <sp:X509Token sp:IncludeToken="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
>                                      <wsp:Policy>
>
> <sp:WssX509V3Token10/>
>
> <sp:RequireDerivedKeys/>
>                                     </wsp:Policy>
>                                 </sp:X509Token>
>                             </wsp:Policy>
>                         </sp:ProtectionToken>
>                         <sp:AlgorithmSuite>
>                             <wsp:Policy>
>                                 <sp:Basic128/>
>                             </wsp:Policy>
>                         </sp:AlgorithmSuite>
>                         <sp:Layout>
>                             <wsp:Policy>
>                                 <sp:Strict/>
>                             </wsp:Policy>
>                         </sp:Layout>
>                     </wsp:Policy>
>                 </sp:SymmetricBinding>
>                 <sp:Wss10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                     <sp:Policy>
>                          <sp:MustSupportRefKeyIdentifier/>
>                         <sp:MustSupportRefIssuerSerial/>
>                     </sp:Policy>
>                 </sp:Wss10>
>                 <sp:SignedSupportingTokens xmlns:sp="
> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                     <wsp:Policy/>
>                 </sp:SignedSupportingTokens>
>             </wsp:All>
>         </wsp:ExactlyOne>
>     </wsp:Policy>
>
> In bold you can see that the <sp:ProtectionToken> is somehow corrected and
> normalized. Do you know where this happens?
>
> Thank you in advance!
> Dobri
>
>
>
>
>
>


-- 
http://blog.ruchith.org
http://wso2.org

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message