<TransportBindig/> and <AsymmetricBinding/> simultaneously

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

<TransportBindig/> and <AsymmetricBinding/> simultaneously

anismek
Hi there,

Does axis2 (1.3) (with rampart) supports policies with simultaneous use of Transport Binding (SSL) and Asymmetric Binding (Signature) ?

A got the following Error, using services.xml below.
But everything works OK when i use only one of the two bindings ...

Error:
Exception in thread "main" org.apache.axis2.AxisFault: Message is not signed
	at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
	at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
	at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
	at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
	at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
	at tn.nat.cnss.client.SignBodySampleServiceSSLStub.doTheJob(SignBodySampleServiceSSLStub.java:160)
	at tn.nat.cnss.client.SignBodySampleServiceSSLClient.main(SignBodySampleServiceSSLClient.java:43)

services.xml
<service name="SignBodySampleServiceSSL" >
	<description>
		[serviceDescription]
	</description>
	<module ref="rampart"/>
	<messageReceivers>
		<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only" class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver" />
		<messageReceiver  mep="http://www.w3.org/2004/08/wsdl/in-out"  class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
	</messageReceivers>
	<parameter name="ServiceClass">tn.nat.cnss.service.logic.SignBodySampleServiceSSL</parameter>
	<wsp:Policy wsu:Id="SignBodyOverSSL" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
		<wsp:ExactlyOne>
			<wsp:All>
				<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:TransportToken>
							<wsp:Policy>
								<sp:HttpsToken RequireClientCertificate="false"/>
							</wsp:Policy>
						</sp:TransportToken>
						<sp:AlgorithmSuite>
							<wsp:Policy>
								<sp:Basic256/>
							</wsp:Policy>
						</sp:AlgorithmSuite>
						<sp:Layout>
							<wsp:Policy>
								<sp:Lax/>
							</wsp:Policy>
						</sp:Layout>
						<sp:IncludeTimestamp/>
					</wsp:Policy>
				</sp:TransportBinding>
				<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:InitiatorToken>
							<wsp:Policy>
								<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
									<wsp:Policy>
										<sp:WssX509V3Token10/>
									</wsp:Policy>
								</sp:X509Token>
							</wsp:Policy>
						</sp:InitiatorToken>
						<sp:RecipientToken>
							<wsp:Policy>
								<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
									<wsp:Policy>
										<sp:WssX509V3Token10/>
									</wsp:Policy>
								</sp:X509Token>
							</wsp:Policy>
						</sp:RecipientToken>
						<sp:AlgorithmSuite>
							<wsp:Policy>
								<sp:TripleDesRsa15/>
							</wsp:Policy>
						</sp:AlgorithmSuite>
						<sp:Layout>
							<wsp:Policy>
								<sp:Strict/>
							</wsp:Policy>
						</sp:Layout>
						<sp:IncludeTimestamp/>
						<sp:OnlySignEntireHeadersAndBody/>
					</wsp:Policy>
				</sp:AsymmetricBinding>
				<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:MustSupportRefKeyIdentifier/>
						<sp:MustSupportRefIssuerSerial/>
					</wsp:Policy>
				</sp:Wss10>
				<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<sp:Body/>
				</sp:SignedParts>
				<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
					<ramp:user>service</ramp:user>
					<ramp:passwordCallbackClass>tn.nat.cnss.service.callback.PasswordCallBackHandler</ramp:passwordCallbackClass>
					<ramp:signatureCrypto>
						<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
							<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
							<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
							<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property>
						</ramp:crypto>
					</ramp:signatureCrypto>
				</ramp:RampartConfig>
			</wsp:All>
		</wsp:ExactlyOne>
	</wsp:Policy>
</service>
Reply | Threaded
Open this post in threaded view
|

Re: <TransportBindig/> and <AsymmetricBinding/> simultaneously

anismek
It seems like Rampart will choose only one Binding ...

org.apache.rampart.MessageBuilder

137        if(rpd.isTransportBinding()) {
138           log.debug("Building transport binding");
139           TransportBindingBuilder building = new TransportBindingBuilder();
140           building.build(rmd);
141        } else if(rpd.isSymmetricBinding()) {
142           log.debug("Building SymmetricBinding");
143           SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
144           builder.build(rmd);
145        } else {
146            AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
147            builder.build(rmd);
148        }