Pages

Thursday, October 6, 2011

Calling an OWSM protected service with Axis2 and Rampart

In a previous blogpost I used Axis 1.4 in combination with WSS4J 1.5 and because Axis 1.4 is getting old so I tried the same with Axis 2 and Rampart which uses WSSJ. For all the security details like the username and how to generate certificates you can check see my previous post.

Just like the Axis 1.4 post I will call a OSB service which has an oracle/wss10_username_token_with_message_protection_service_policy OWSM server policy.

Before we start we need to download axis2 and the matching Rampart version, I use in this blogpost the 1.60 versions of axis2 and Rampart.  Copy the Rampart jars to the axis lib folder and the Rampart modules to the axis2 modules folder.

Download the WSDL with it's XSDs from the Web Service.

After that use this ANT build file to generate a ADB web service proxy client. The wsdl I used has the Customer.wsdl as name.
This OWSM policy have different signing and encryption options on the message of the request / response. So we need to move the right WS security policies / assertions from the Customer WSDL to a Request and Response policy file.

Here is the Request Policy which matches with the oracle/wss10_username_token_with_message_protection_service_policy Server policy. I also added the Rampart Configuration which contains references to the keystore and the username I used. Add the sp:AsymmetricBinding, sp:SignedSupportingTokens and the sp:SignedParts & sp:EncryptedParts of the request from the customer wsdl to this policy file.
We also need to do this for the Response. Add the sp:AsymmetricBinding and the sp:SignedParts & sp:EncryptedParts of the response from the customer wsdl to this policy file.
Because we are using a keystore and a username token ( which got passwords ) we need to add a Password Callback class.
And here the test client which loads the Axis2 configuration with the Addressing and Rampart modules and also loads the Request and Response policy.
Here you can download my code at https://github.com/biemond/soa11g_examples/tree/master/OWSM_AXIS



6 comments:

  1. How did you create the request and response policy files? I am trying to configure the same, but using the wss11_username_token_with_message_protection_server_policy.

    ReplyDelete
    Replies
    1. Hi,

      I think the wss11 policies can be tricky , can you try the wss10 policies first.

      thanks

      Delete
    2. Thanks for the reply. I switched to the wss10 policies (and have realized how to generate the request / response policies from the generate stubs), but I am getting the following exception:

      Exception in thread "main" org.apache.axis2.AxisFault: A required header representing a Message Addressing Property is not present
      at org.apache.axis2.addressing.AddressingFaultsHelper.triggerAddressingFault(AddressingFaultsHelper.java:373)
      at org.apache.axis2.addressing.AddressingFaultsHelper.triggerMessageAddressingRequiredFault(AddressingFaultsHelper.java:299)
      at org.apache.axis2.handlers.addressing.AddressingInHandler.checkForMandatoryHeaders(AddressingInHandler.java:296)
      at org.apache.axis2.handlers.addressing.AddressingInHandler.extractAddressingInformation(AddressingInHandler.java:281)
      at org.apache.axis2.handlers.addressing.AddressingInHandler.doInvoke(AddressingInHandler.java:157)
      at org.apache.axis2.handlers.AbstractTemplatedHandler.invoke(AbstractTemplatedHandler.java:44)
      at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
      at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
      at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
      at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
      at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
      at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
      at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
      at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
      at EmailSOAServiceStub.sendEmail(EmailSOAServiceStub.java:190)
      at SOATestClient.main(SOATestClient.java:123)

      Any ideas?

      Delete
    3. Hi,

      it seems like it missing the addressing element in the header or encryption failed first.

      good luck

      Delete
    4. For some reason Oracle doesn't send back a valid Ws-Addressing header.
      If you look at the response message, you'll see the mandatory wsa:Action header is missing. e.g.



      urn:535D33F0223E11E2BF7125EA8ED7578E

      http://www.w3.org/2005/08/addressing/anonymous


      http://www.w3.org/2005/08/addressing/anonymous




      ...

      The relevant section of the WS-Addressing spec is here:
      http://www.w3.org/TR/2006/REC-ws-addr-core-20060509/#msgaddrpropsinfoset

      On the oracle side, try adding the oracle/no_addressing_policy

      Delete
    5. Hi t-rane,

      Can you please suggest how to generate Request / Response policy files using generated stubs from Axis2?

      Delete