Wednesday, December 2, 2009

How to build rampart-config programmatically..

This post explains, how to build the rampart-config programmatically at service consumer's end, without specifying it in policy file.
Posted by Thilina Mahesh Buddhika at 12:00 PM 1 comments
Labels:

Thursday, November 19, 2009

How to generate a non-secured response to a secured request?

In other words - how to avoid rampart being executed in the OutFlow of a particular service.

1. Add a new phase [NoSecurity] in global axis2.xml under OutFlow - just before the Security phase

<phaseOrder type="OutFlow">
        <phase name="soapmonitorPhase"/>
        <phase name="OperationOutPhase"/>
        <phase name="RMPhase"/>
        <phase name="PolicyDetermination"/>
        <phase name="MessageOut"/>
        <phase name="NoSecurity"/>
        <phase name="Security"/>
</phaseOrder>
2. Create a module [say, nosecuity] with handler having the following logic.

public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
    msgContext.setCurrentHandlerIndex(msgContext.getCurrentHandlerIndex() + 2);
    return InvocationResponse.CONTINUE;
}
You can download the eclipse project for this module from here.

3. Engage this module to the service you want to remove security frome OutFlow.

<module ref="nosecurity" />
Posted by Prabath Siriwardena at 4:02 PM 1 comments
Labels:

Monday, November 16, 2009

How to use Axis2 Dynamic Client to invoke Secured Web Services

Axis2 Dynamic Client is an extension to the Axis2 ServiceClient; it can be used to invoke secured web services relieving the burden of locally maintaining policy files in the client's end.
This post explains how to use Axis2 Dynamic Client to invoke a secured service.
Posted by Thilina Mahesh Buddhika at 11:07 AM 1 comments
Labels:

Sunday, November 1, 2009

Exception in thread "main" java.lang.NoClassDefFoundError: edu/emory/mathcs/backport/java/util/concurrent/locks/ReadWriteLock

Exception :

 [java] Exception in thread "main" org.apache.axis2.AxisFault: java.lang.NoClassDefFoundError: edu/emory/mathcs/backport/java/util/concurrent/locks/ReadWriteLock
[java]at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:435)
[java]at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:371)
[java]at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
[java]at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
[java]at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
Solution :Copy backport-util-concurrent jar from here to the classpath.
Posted by Prabath Siriwardena at 5:52 PM 0 comments
Labels:

Sunday, September 6, 2009

How to enable security for JAX-WS services with Axis2/Rampart?

1. What is the correct way to secure a JAX-WS service?
2. Can I use use rampart with JAX-WS style webservice?
Posted by Prabath Siriwardena at 4:21 AM 0 comments
Labels:

Wednesday, August 26, 2009

[ERROR] Referenced security token could not be retrieved (Reference "#CertId-238146")

Exception :

[WARN] Multiple elements with the same 'Id' attribute value!
[ERROR] Referenced security token could not be retrieved (Reference "#CertId-23
146")
org.apache.axis2.AxisFault: Referenced security token could not be retrieved (R
ference "#CertId-238146")
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisF
ult(RampartReceiver.java:166)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.ja
a:95)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
Root Cause :
This can be due to many reasons - in the request where multiple elements having the same id.

One scenario this happens is when you have security policy like following - with Rampart 1.4.

<sp:SupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:SupportingTokens>
In this case Rampart 1.4 includes multiple BinarySecurityToken(s) with duplicate wsu:Id.

Solution :
Rampart 1.4 inherits the issue from wss4j-1.5.4.jar - replacing it with wss4j-1.5.8.jar will fix this.
Posted by Prabath Siriwardena at 3:30 AM 0 comments
Labels:

Tuesday, August 25, 2009

java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/NONE/OAEPPADDING

Exception :

java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/NONE/OAEPPADDING
at javax.crypto.Cipher.getInstance(DashoA12275)
at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil.java:703)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:145)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:114)
Root Cause :
Bouncycastle jar may still in the classpath - but it's not picked as a crypto provider.

Solution 1:
Download the Bouncycastle jar corresponding to your JDK from here and copy it to [JAVA_HOME]\jre\lib\ext\

Set following in [JAVA_HOME]\jre\lib\security\java.security under;

#
# List of providers and their preference orders (see above):
#

security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider

Solution 2:
In code add Bouncycastle as a provider.


import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

Security.addProvider(new BouncyCastleProvider());
Related :
org.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used
Posted by Prabath Siriwardena at 1:28 PM 0 comments
Labels:
Subscribe to: Posts (Atom)