Just like the Axis 1.4 post I will call a OSB service which has an oracle/wss10_username_token_with_message_protection_service_policy OWSM server policy.
Before we start we need to download axis2 and the matching Rampart version, I use in this blogpost the 1.60 versions of axis2 and Rampart. Copy the Rampart jars to the axis lib folder and the Rampart modules to the axis2 modules folder.
Download the WSDL with it's XSDs from the Web Service.
After that use this ANT build file to generate a ADB web service proxy client. The wsdl I used has the Customer.wsdl as name.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8" ?> | |
| <project default="wsdl2java"> | |
| <path id="classpath.libraries" description=" 3rd party and Axis libs"> | |
| <fileset dir="C:/java/axis2-1.6.0/lib"> | |
| <include name="**/*.jar"/> | |
| </fileset> | |
| </path> | |
| <target name="wsdl2java"> | |
| <java classname="org.apache.axis2.wsdl.WSDL2Java" | |
| fork="true" | |
| classpathref="classpath.libraries"> | |
| <arg line="-uri ${basedir}/Customer.wsdl"/> | |
| <arg line="-u"/> | |
| <arg line="-ap"/> | |
| <arg line="-d adb -s"/> | |
| <arg line="-o ${basedir}"/> | |
| </java> | |
| </target> | |
| </project> |
Here is the Request Policy which matches with the oracle/wss10_username_token_with_message_protection_service_policy Server policy. I also added the Rampart Configuration which contains references to the keystore and the username I used. Add the sp:AsymmetricBinding, sp:SignedSupportingTokens and the sp:SignedParts & sp:EncryptedParts of the request from the customer wsdl to this policy file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8" ?> | |
| <wsp:Policy wsu:Id="CustomerManagementSOAPQSPort_Input_Policy" | |
| xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" | |
| xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> | |
| <wsp:ExactlyOne> | |
| <wsp:All> | |
| <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <wsp:Policy> | |
| <sp:InitiatorToken> | |
| <wsp:Policy> | |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"> | |
| <wsp:Policy> | |
| <sp:WssX509V3Token10/> | |
| </wsp:Policy> | |
| </sp:X509Token> | |
| </wsp:Policy> | |
| </sp:InitiatorToken> | |
| <sp:RecipientToken> | |
| <wsp:Policy> | |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"> | |
| <wsp:Policy> | |
| <sp:WssX509V3Token10/> | |
| </wsp:Policy> | |
| </sp:X509Token> | |
| </wsp:Policy> | |
| </sp:RecipientToken> | |
| <sp:AlgorithmSuite> | |
| <wsp:Policy> | |
| <sp:Basic128/> | |
| </wsp:Policy> | |
| </sp:AlgorithmSuite> | |
| <sp:Layout> | |
| <wsp:Policy> | |
| <sp:Lax/> | |
| </wsp:Policy> | |
| </sp:Layout> | |
| <sp:IncludeTimestamp/> | |
| <sp:OnlySignEntireHeadersAndBody/> | |
| </wsp:Policy> | |
| </sp:AsymmetricBinding> | |
| <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <wsp:Policy> | |
| <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> | |
| <wsp:Policy> | |
| <sp:WssUsernameToken10/> | |
| </wsp:Policy> | |
| </sp:UsernameToken> | |
| </wsp:Policy> | |
| </sp:SignedSupportingTokens> | |
| <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <sp:Body/> | |
| <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/> | |
| <sp:Header Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/> | |
| <sp:Header Name="fmw-context" | |
| Namespace="http://xmlns.oracle.com/fmw/context/1.0"/> | |
| </sp:SignedParts> | |
| <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <sp:Body/> | |
| <sp:Header Name="fmw-context" | |
| Namespace="http://xmlns.oracle.com/fmw/context/1.0"/> | |
| </sp:EncryptedParts> | |
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> | |
| <ramp:user>osbbook</ramp:user> | |
| <ramp:encryptionUser>serverKey</ramp:encryptionUser> | |
| <ramp:userCertAlias>clientkey</ramp:userCertAlias> | |
| <ramp:passwordCallbackClass>osb.cookbook.owsm.axis.PWCallback</ramp:passwordCallbackClass> | |
| <ramp:signatureCrypto> | |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">c:/oracle/client_2.jks</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">welcome</ramp:property> | |
| </ramp:crypto> | |
| </ramp:signatureCrypto> | |
| <ramp:encryptionCypto> | |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">c:/oracle/client_2.jks</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">welcome</ramp:property> | |
| </ramp:crypto> | |
| </ramp:encryptionCypto> | |
| </ramp:RampartConfig> | |
| </wsp:All> | |
| </wsp:ExactlyOne> | |
| </wsp:Policy> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8" ?> | |
| <wsp:Policy wsu:Id="CustomerManagementSOAPQSPort_Output_Policy" | |
| xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" | |
| xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> | |
| <wsp:ExactlyOne> | |
| <wsp:All> | |
| <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <wsp:Policy> | |
| <sp:InitiatorToken> | |
| <wsp:Policy> | |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"> | |
| <wsp:Policy> | |
| <sp:WssX509V3Token10/> | |
| </wsp:Policy> | |
| </sp:X509Token> | |
| </wsp:Policy> | |
| </sp:InitiatorToken> | |
| <sp:RecipientToken> | |
| <wsp:Policy> | |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"> | |
| <wsp:Policy> | |
| <sp:WssX509V3Token10/> | |
| </wsp:Policy> | |
| </sp:X509Token> | |
| </wsp:Policy> | |
| </sp:RecipientToken> | |
| <sp:AlgorithmSuite> | |
| <wsp:Policy> | |
| <sp:Basic128/> | |
| </wsp:Policy> | |
| </sp:AlgorithmSuite> | |
| <sp:Layout> | |
| <wsp:Policy> | |
| <sp:Lax/> | |
| </wsp:Policy> | |
| </sp:Layout> | |
| <sp:IncludeTimestamp/> | |
| <sp:OnlySignEntireHeadersAndBody/> | |
| </wsp:Policy> | |
| </sp:AsymmetricBinding> | |
| <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <sp:Body/> | |
| </sp:SignedParts> | |
| <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> | |
| <sp:Body/> | |
| </sp:EncryptedParts> | |
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> | |
| <ramp:encryptionUser>serverKey</ramp:encryptionUser> | |
| <ramp:userCertAlias>clientkey</ramp:userCertAlias> | |
| <ramp:passwordCallbackClass>osb.cookbook.owsm.axis.PWCallback</ramp:passwordCallbackClass> | |
| <ramp:signatureCrypto> | |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">c:/oracle/client_2.jks</ramp:property> | |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">welcome</ramp:property> | |
| </ramp:crypto> | |
| </ramp:signatureCrypto> | |
| </ramp:RampartConfig> | |
| </wsp:All> | |
| </wsp:ExactlyOne> | |
| </wsp:Policy> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package osb.cookbook.owsm.axis; | |
| import org.apache.ws.security.WSPasswordCallback; | |
| import javax.security.auth.callback.Callback; | |
| import javax.security.auth.callback.CallbackHandler; | |
| import javax.security.auth.callback.UnsupportedCallbackException; | |
| import java.io.IOException; | |
| public class PWCallback implements CallbackHandler { | |
| /** Field key */ | |
| private static final byte[] key = { | |
| (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb, | |
| (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19, | |
| (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7, | |
| (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51, | |
| (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04, | |
| }; | |
| /** | |
| * Method handle | |
| * | |
| * @param callbacks | |
| * @throws IOException | |
| * @throws UnsupportedCallbackException | |
| */ | |
| public void handle(Callback[] callbacks) | |
| throws IOException, UnsupportedCallbackException { | |
| for (int i = 0; i < callbacks.length; i++) { | |
| if (callbacks[i] instanceof WSPasswordCallback) { | |
| WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; | |
| System.out.println("xxx retrieve password for : "+pc.getIdentifier() ); | |
| if (pc.getUsage() == WSPasswordCallback.KEY_NAME) { | |
| pc.setKey(key); | |
| } else if(pc.getIdentifier().equals("osbbook")) { | |
| pc.setPassword("weblogic1"); | |
| } else if(pc.getIdentifier().equals("clientkey")) { | |
| pc.setPassword("welcome"); | |
| } else if(pc.getIdentifier().equals("serverkey")) { | |
| pc.setPassword("welcome"); | |
| } | |
| } else { | |
| throw new UnsupportedCallbackException(callbacks[i], | |
| "Unrecognized Callback"); | |
| } | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package osb.cookbook.owsm; | |
| import java.io.FileNotFoundException; | |
| import java.rmi.RemoteException; | |
| import java.util.Properties; | |
| import javax.xml.stream.XMLStreamException; | |
| import org.apache.axiom.om.impl.builder.StAXOMBuilder; | |
| import org.apache.axis2.AxisFault; | |
| import org.apache.axis2.client.Options; | |
| import org.apache.axis2.client.ServiceClient; | |
| import org.apache.axis2.context.ConfigurationContext; | |
| import org.apache.axis2.context.ConfigurationContextFactory; | |
| import org.apache.neethi.Policy; | |
| import org.apache.neethi.PolicyEngine; | |
| import org.apache.rampart.RampartMessageData; | |
| import org.apache.rampart.policy.model.CryptoConfig; | |
| import org.apache.rampart.policy.model.RampartConfig; | |
| import osb_cookbook.customermanagement.CustomerManagementSOAPQSServiceStub; | |
| import osb_cookbook.customermanagement.FindCustomer; | |
| import osb_cookbook.customermanagement.FindCustomerResponse; | |
| public class TestClient { | |
| public static void main(String[] args) throws AxisFault, RemoteException, | |
| Exception { | |
| ConfigurationContext ctx = ConfigurationContextFactory | |
| .createConfigurationContextFromFileSystem("C:/java/axis2-1.6.0/repository", | |
| "C:/java/axis2-1.6.0/conf/axis2.xml"); | |
| CustomerManagementSOAPQSServiceStub stub = | |
| new CustomerManagementSOAPQSServiceStub(ctx, | |
| "http://SOAPS3.alfa.local:8011/01_Securing-an-OSB-service/proxy/Customer"); | |
| ServiceClient client = stub._getServiceClient(); | |
| Options clientOptions = client.getOptions(); | |
| Policy policyRequest = loadPolicy("./policy_request.xml"); | |
| Policy policyResponse = loadPolicy("./policy_response.xml"); | |
| clientOptions.setProperty(RampartMessageData.KEY_RAMPART_OUT_POLICY, policyRequest); | |
| clientOptions.setProperty(RampartMessageData.KEY_RAMPART_IN_POLICY, policyResponse); | |
| client.setOptions(clientOptions); | |
| client.engageModule("addressing"); | |
| client.engageModule("rampart"); | |
| stub._setServiceClient(client); | |
| FindCustomer params = new FindCustomer(); | |
| params.setID(100L); | |
| FindCustomerResponse response = stub.findCustomer(params); | |
| System.out.println(response.getCustomer().getLastName()); | |
| } | |
| private static Policy loadPolicy(String filePath) | |
| throws XMLStreamException, FileNotFoundException { | |
| StAXOMBuilder builder = new StAXOMBuilder(filePath); | |
| return PolicyEngine.getPolicy(builder.getDocumentElement()); | |
| } | |
| } |
How did you create the request and response policy files? I am trying to configure the same, but using the wss11_username_token_with_message_protection_server_policy.
ReplyDeleteHi,
DeleteI think the wss11 policies can be tricky , can you try the wss10 policies first.
thanks
Thanks for the reply. I switched to the wss10 policies (and have realized how to generate the request / response policies from the generate stubs), but I am getting the following exception:
DeleteException in thread "main" org.apache.axis2.AxisFault: A required header representing a Message Addressing Property is not present
at org.apache.axis2.addressing.AddressingFaultsHelper.triggerAddressingFault(AddressingFaultsHelper.java:373)
at org.apache.axis2.addressing.AddressingFaultsHelper.triggerMessageAddressingRequiredFault(AddressingFaultsHelper.java:299)
at org.apache.axis2.handlers.addressing.AddressingInHandler.checkForMandatoryHeaders(AddressingInHandler.java:296)
at org.apache.axis2.handlers.addressing.AddressingInHandler.extractAddressingInformation(AddressingInHandler.java:281)
at org.apache.axis2.handlers.addressing.AddressingInHandler.doInvoke(AddressingInHandler.java:157)
at org.apache.axis2.handlers.AbstractTemplatedHandler.invoke(AbstractTemplatedHandler.java:44)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at EmailSOAServiceStub.sendEmail(EmailSOAServiceStub.java:190)
at SOATestClient.main(SOATestClient.java:123)
Any ideas?
Hi,
Deleteit seems like it missing the addressing element in the header or encryption failed first.
good luck
For some reason Oracle doesn't send back a valid Ws-Addressing header.
DeleteIf you look at the response message, you'll see the mandatory wsa:Action header is missing. e.g.
urn:535D33F0223E11E2BF7125EA8ED7578E
http://www.w3.org/2005/08/addressing/anonymous
http://www.w3.org/2005/08/addressing/anonymous
...
The relevant section of the WS-Addressing spec is here:
http://www.w3.org/TR/2006/REC-ws-addr-core-20060509/#msgaddrpropsinfoset
On the oracle side, try adding the oracle/no_addressing_policy
Hi t-rane,
DeleteCan you please suggest how to generate Request / Response policy files using generated stubs from Axis2?