axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hasini Gunasinghe <hasi7...@gmail.com>
Subject Security policy with policy attachments makes the service faulty in Axis2
Date Sun, 02 Oct 2011 13:52:35 GMT
Hi all,

I have applied two different security policies to in and out messages of a
service operation using policy attachments.

When I deployed the service in Axis2 with the policies included in the
services.xml as shown in [2], I get the following exception [1], at service
deployment time and the service is shown as a faulty service. (axis2 and
rampart built from trunk)

When I deployed the same service in another application server, I didn't
encounter this error and I was able to access the policy engaged wsdl
without a problem.

Could I please get some insight whether this may be due to anything wrong
with the security policy or could it be due to some other reason...

Thanks in advance.
Hasini.

[1] org.apache.axis2.deployment.DeploymentException: {
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
<wsp:Policy> element.
    at
org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150)
    at
org.apache.axis2.deployment.ServiceDeployer.deploy(ServiceDeployer.java:82)
    .............
    [ERROR] The sample09.aar service, which is not valid, caused {
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
<wsp:Policy> element.
    org.apache.axis2.deployment.DeploymentException: {
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
<wsp:Policy> element.
    at
org.apache.axis2.deployment.repository.util.ArchiveReader.processServiceGroup(ArchiveReader.java:150)
    .............
    Caused by: java.lang.IllegalArgumentException: {
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Policy is not a
<wsp:Policy> element.
    at
org.apache.neethi.PolicyBuilder.getPolicyOperator(PolicyBuilder.java:177)
    at org.apache.neethi.PolicyBuilder.getPolicy(PolicyBuilder.java:125)
    .............

[2] <service>
    <operation name="echo">
        <messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
    </operation>
    <parameter name="ServiceClass"
locked="false">org.apache.rampart.samples.policy.sample09.SimpleService</parameter>

    <module ref="rampart"/>
    <module ref="addressing"/>

    <wsp:PolicyAttachment xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsp:AppliesTo>
            <policy-subject identifier="binding:soap11/operation:echo/in"/>
            <policy-subject identifier="binding:soap12/operation:echo/in"/>
        </wsp:AppliesTo>
        <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
                    xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
                    wsu:Id="EncryptOnly">
            <wsp:ExactlyOne>
                <wsp:All>
                    <sp:SymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                        <wsp:Policy>
                            <sp:ProtectionToken>
                                <wsp:Policy>
                                    <sp:X509Token
                                            sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                        <wsp:Policy>
                                            <sp:RequireThumbprintReference/>
                                            <sp:WssX509V3Token10/>
                                        </wsp:Policy>
                                    </sp:X509Token>
                                </wsp:Policy>
                            </sp:ProtectionToken>
                            <sp:AlgorithmSuite>
                                <wsp:Policy>
                                    <sp:Basic256/>
                                </wsp:Policy>
                            </sp:AlgorithmSuite>
                            <sp:Layout>
                                <wsp:Policy>
                                    <sp:Lax/>
                                </wsp:Policy>
                            </sp:Layout>
                            <sp:IncludeTimestamp/>
                        </wsp:Policy>
                    </sp:SymmetricBinding>
                    <sp:EncryptedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                        <sp:Body/>
                    </sp:EncryptedParts>
                    <sp:Wss11 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                        <sp:Policy>
                            <sp:MustSupportRefKeyIdentifier/>
                            <sp:MustSupportRefIssuerSerial/>
                            <sp:MustSupportRefThumbprint/>
                            <sp:RequireSignatureConfirmation/>
                        </sp:Policy>
                    </sp:Wss11>
                    <sp:Trust10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                        <wsp:Policy>
                            <sp:RequireClientEntropy/>
                            <sp:RequireServerEntropy/>
                            <sp:MustSupportIssuedTokens/>
                        </wsp:Policy>
                    </sp:Trust10>
                    <ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy">
                        <ramp:user>service</ramp:user>
                        <ramp:encryptionUser>service</ramp:encryptionUser>

<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
                        </ramp:passwordCallbackClass>

                        <ramp:encryptionCypto>
                            <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
                                <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                                <ramp:property
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
                                <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache
                                </ramp:property>
                            </ramp:crypto>
                        </ramp:encryptionCypto>
                    </ramp:RampartConfig>

                </wsp:All>
            </wsp:ExactlyOne>
        </wsp:Policy>
    </wsp:PolicyAttachment>
    <wsp:PolicyAttachment xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsp:AppliesTo>
            <policy-subject identifier="binding:soap11/operation:echo/out"/>
            <policy-subject identifier="binding:soap12/operation:echo/out"/>
        </wsp:AppliesTo>
        <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
                    xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
                    wsu:Id="SignOnly">
            <wsp:ExactlyOne>
                <wsp:All>
                    <sp:SymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                        <wsp:Policy>
                            <sp:ProtectionToken>
                                <wsp:Policy>
                                    <sp:X509Token
                                            sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                        <wsp:Policy>
                                            <sp:RequireThumbprintReference/>
                                            <sp:WssX509V3Token10/>
                                        </wsp:Policy>
                                    </sp:X509Token>
                                </wsp:Policy>
                            </sp:ProtectionToken>
                            <sp:AlgorithmSuite>
                                <wsp:Policy>
                                    <sp:Basic256/>
                                </wsp:Policy>
                            </sp:AlgorithmSuite>
                            <sp:Layout>
                                <wsp:Policy>
                                    <sp:Lax/>
                                </wsp:Policy>
                            </sp:Layout>
                            <sp:IncludeTimestamp/>
                            <sp:OnlySignEntireHeadersAndBody/>
                        </wsp:Policy>
                    </sp:SymmetricBinding>
                    <sp:SignedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                        <sp:Body/>
                    </sp:SignedParts>
                    <sp:Wss11 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                        <sp:Policy>
                            <sp:MustSupportRefKeyIdentifier/>
                            <sp:MustSupportRefIssuerSerial/>
                            <sp:MustSupportRefThumbprint/>
                            <sp:RequireSignatureConfirmation/>
                        </sp:Policy>
                    </sp:Wss11>
                    <sp:Trust10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                        <wsp:Policy>
                            <sp:RequireClientEntropy/>
                            <sp:RequireServerEntropy/>
                            <sp:MustSupportIssuedTokens/>
                        </wsp:Policy>
                    </sp:Trust10>
                    <ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy">
                    <ramp:user>service</ramp:user>
                    <ramp:encryptionUser>service</ramp:encryptionUser>

<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
                    </ramp:passwordCallbackClass>

                    <ramp:signatureCrypto>
                        <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
                            <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                            <ramp:property
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
                            <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache
                            </ramp:property>
                        </ramp:crypto>
                    </ramp:signatureCrypto>

                </ramp:RampartConfig>
                </wsp:All>
            </wsp:ExactlyOne>
        </wsp:Policy>

    </wsp:PolicyAttachment>

</service>

Mime
View raw message