It's not a secret anymore!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Issue with using the Axis2 JAX-WS Client using Rampart  RSS feed

 
Bahadur Shah
Greenhorn
Posts: 18
posted 7 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm developing my Axis2 JAX-WS Client to consume the web service.
I'm using Axis2 1.5.4 and Rampart 1.5.1

When I ran the client with Axis2 1.4.1 and Rampart 1.4, it worked.
But when I try to use Axis2 1.5.x versions, I'm getting the null pointer exception
at org.apache.ws.security.message.token.X509Security.getX509Certificate(X509Security.java:94)
at org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCertificatesTokenReference(BinarySecurityTokenProcessor.java:109)


When I compare the debug log of both, I could see that, rampart is receiving the response.
I could see the statement
"*********************** RampartReceiver received"
But after that I could not see the statement
"*********************** WSDoAllReceiver recieved".
I could see the WSDoAllReceiver statement in the log which is working(Axis2 1.4.1+Rampart 1.4).


I'm attaching the debug log.


I'm engaging the rampart module in my client.axis2.xml.



My policy.xml contains just the below content
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
</ramp:RampartConfig>

I'm loading the Policy.xml in the client like this:


My crypto.properties is like below :
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.password=ABC5JHGFWWEDSWCT
org.apache.ws.security.crypto.merlin.file=srvc_claims_sit.jks


My WSDL has the below security configuration



Can some one please help me in resolving this issue please.
 
Bahadur Shah
Greenhorn
Posts: 18
posted 7 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It seems rampart configuration is not loaded properly.

Is there any alternative wayof loading rampart policy for Axis2 JAX-WS client?
 
Calisto Soul
Greenhorn
Posts: 4
posted 6 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I renamed rampart.mar to rampart.jar and put it into classpath of java project (also addressing and rahas mars).
This java project is client of my jax-ws web service. I use it for signing messages.

In client I put this:

String axis2xml = "C:/.../conf/client.axis2.xml";
System.setProperty(Constants.AXIS2_CONF, axis2xml);
FileSystemConfigurator configurator = new FileSystemConfigurator(null, axis2xml);
ClientConfigurationFactory factory = new ClientConfigurationFactory(configurator);
MetadataFactoryRegistry.setFactory(ClientConfigurationFactory.class, factory);

JaxwsLibrary service = new JaxwsLibrary();
ERacunPortType stub = service.getLibrary();

BindingProvider provider = (BindingProvider)stub;

Policy policy = loadPolicy("sign-policy-client.xml");
provider.getRequestContext().put(RampartMessageData.KEY_RAMPART_POLICY, policy);

provider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
"http://localhost:8080........../MyWebService");

You MUST set factory BEFORE creating service object. If you do not, then Axis will not be configured properly.
As you can see, my entire policy is in separate xml. I also put this policy into wsdl, but I am not sure if this one (from wsdl) is used anywhere.

For the web service side i put web service jar into "servicejars" directory.
I generate jar from ant task like this:

<jar jarfile="${service-archive-name}.jar">
<fileset dir="${compiled-code}"/>
</jar>

"compiled-code" is directory where resides classes generated by wsimport.
Then I put this into axis2.xml on the service side (I am not sure this is correct):

<parameter name="OutflowSecurity">
<action>
<items>Signature</items>
<user>serveralias</user>
<passwordCallbackClass>hr.bla.bla.PWServiceHandler</passwordCallbackClass>
<signaturePropFile>crypto.properties</signaturePropFile>
</action>
</parameter>

<parameter name="InflowSecurity">
<action>
<items>Signature</items>
<passwordCallbackClass>hr.bla.bla.PWServiceHandler</passwordCallbackClass>
<signaturePropFile>crypto.properties</signaturePropFile>
</action>
</parameter>

I put crypto.properties, My.jks and handler class into MyUtil.jar.
Then MyUtil.jar is added to /WEB-INF/lib.

When I start all this (WebSphere 6.1, Rational Software Developer with TCP/IP monitoring, Axis 1.6.0 and Rampart 1.6.0; axis and rampart versions MUST be the same) client sends signed message to web service. From the web service side this message is validated, but when server sends acknowledgement message something goes wrong.
I can see from debugger that password handler (on service side) do his job, but after that I see this (without security everything works ok):

[2012.06.18 10:08:52:000 CEST] 0000001f ServletWrappe E SRVE0068E: Uncaught exception thrown in one of the service methods of the servlet: AxisServlet. Exception thrown : java.lang.NullPointerException
at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:281)
at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:255)
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:717)
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
at org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:516)
at org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:216)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:989)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:501)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:464)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:90)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:744)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:113)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:279)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1469)

 
Ulf Dittmer
Rancher
Posts: 42975
76
posted 6 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Calisto Soul wrote:I renamed rampart.mar to rampart.jar and put it into classpath of java project (also addressing and rahas mars).


Don't do that. .mar files are Axis modules. There's more to them than to .jar files.
 
Calisto Soul
Greenhorn
Posts: 4
posted 6 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ulf,

But how will I load this .mar files on client side without converting them to .jar files ?
Do I need to put something in axis2.xml on client side ?


For the exception above: Probably I forgot to load policy for service.

There is:
https://issues.apache.org/jira/browse/AXIS2-4611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

I will try to create aar and put policy in service.xml.
But for that I need axis2 1.7 and rampart 1.7.

I'll keep you informed.
 
Calisto Soul
Greenhorn
Posts: 4
posted 6 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Now I get...

Probably I sign "The service class cannot be found for this..."

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"><wsu:Created>2012-06-18T14:45:29.000Z</wsu:Created><wsu:Expires>2012-06-18T14:50:29.000Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-CFAD48F0CEE02316E613400307290001">MIICKzCCAZSgAwIBAgIET9nnZDANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJIUjENMAsGA1UEChMERmluYTETMBEGA1UECxMKUHJvZ3JhbWVyaTEnMCUGA1UEAxMeZHRvbWxqZW5vdmljMS5pbnRyYW5ldC5maW5hLmhyMB4XDTEyMDYxNDEzMzAxMloXDTEzMDYxNDEzMzAxMlowWjELMAkGA1UEBhMCSFIxDTALBgNVBAoTBEZpbmExEzARBgNVBAsTClByb2dyYW1lcmkxJzAlBgNVBAMTHmR0b21samVub3ZpYzEuaW50cmFuZXQuZmluYS5ocjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu/FWX1RIOSHaVSMHMU/debHywi5PMkKXQISeWljpZ/by4T/HEQGFB9muJDnOTdHJ8ELF0s+r1RUAF/+mG5sD3UpUZeAmyP+haSQh5weD7Aj/OUf3g8S6/Ftk5OkS4XOaVWqJwhpkTrLa9Lgk2fQLpOW2Zsk0z62Cb87/VsYy42ECAwEAATANBgkqhkiG9w0BAQQFAAOBgQAJ0+fNH8o3BPV9JgQrjdJbeObRccNT7fIR3YtMgtm/Xp6/hqMAbS/qBkNsPx4VJImc8xjXnWdDr6I0+nsxTtCmw5FIPKKkYaYWxo3r/LZy6eZwcSfAzxWGVv4S4b8lIkZqLn2iBBKNEwDPr5dDtCMj5+SfvDmRo1Kp096K7iEqHw==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#Id-806760470">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsigestValue>PZ7Tv3Iei2t9trchNcReIWIPqdg=</dsigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsigestValue>dW1lWCZA1zJ+aKHv7k6oIE7VcDE=</dsigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Vw2alx+bvcoUqhtYKeYfNm4LEi6P1PBqJs2vDu9mzN4VghsLiYXQsADaK2S+izxNLIy+FwVuXn/z
DI7tyPqZtZW6GXUGfl8fSJvDbxtcX7SWu8mQwzQGuK9gBQRLMkqEvB3Gh/YuNpD8htiU1jFM4jBw
yhgIQco07s1R5B+yK5U=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-CFAD48F0CEE02316E613400307290002">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-CFAD48F0CEE02316E613400307290003"><wsse:Reference URI="#CertId-CFAD48F0CEE02316E613400307290001" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security><wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action><wsa:RelatesTo>urn:uuid:4a9625ed-87b6-4238-8fc8-2589f578edd9</wsa:RelatesTo></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-806760470"><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>java.lang.RuntimeException: The service class cannot be found for this AxisService.</faultstring><detail /></soapenv:Fault></soapenv:Body></soapenv:Envelope>

I suppose that rampart now runs.
 
Calisto Soul
Greenhorn
Posts: 4
posted 6 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The same above exception in Axis 1.7 and Rampart 1.7 (SNAPSHPOTS) is also when I reset my service to Axis 1.6 and Rampart 1.6:

<faultstring>java.lang.RuntimeException: The service class cannot be found for this AxisService.</faultstring>

Then I create old JAX-RPC client with stub and call my JAX-WS service.
Also "The service class..."
 
Ulf Dittmer
Rancher
Posts: 42975
76
posted 6 years ago
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're looking for complete, ready-to-run examples of of the client and server sides of a secured WS, check out the 3 articles I wrote some time ago on WS-Security using Axis. If you study the code, you'll learn how to make use of the .mar files on the client side.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!

Similar Threads