Two Laptop Bag*
The moose likes Web Services and the fly likes Axis2/Rampart problem. Certificate not found for user. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Axis2/Rampart problem. Certificate not found for user." Watch "Axis2/Rampart problem. Certificate not found for user." New topic
Author

Axis2/Rampart problem. Certificate not found for user.

Raine Pyssysalo
Greenhorn

Joined: Dec 04, 2009
Posts: 5
Hi,

I have this Jax-ws web service which functions as a container for Axis-client. This client sends secure and signed messages with Rampart. I have ran into problems lately because I can't change keystore on the fly. It always crashes to following error:

org.apache.axis2.AxisFault: Error during Signature: ; nested exception is:
org.apache.ws.security.WSSecurityException: General security error (No certificates for user user1 were found for signature)
at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:67)
at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

This is really weird problem because I can normally send messages always when I start Tomcat-server or when I restart the server. So it seems that something stays in the memory or cache that isn't cleared.

Thanks! Raine
Raine Pyssysalo
Greenhorn

Joined: Dec 04, 2009
Posts: 5
Ok, I've found out this much:

My dynamic keystore change fails because Password Callback Handler validates wrong certificate. Handler gets the password on the first call to service and certificate is saved somewhere in the memory. If I use "hardcoded"-password -> my service will work fine if the first call is made with matching certificate.

Does anybody know how to clear old certificate from the memory/cache? Restarting Tomcat will work but I need bit more dynamic solution
Raine Pyssysalo
Greenhorn

Joined: Dec 04, 2009
Posts: 5
Ok I found out the solution. The trick was to use PolicyBased configuration. I was using old ParameterBased configuration. Here is a link to great blog by Thilina:

How to build rampart-config programmatically..

Remember to define policy.xml file when following this tutorial. This was something that I first forgot to do
PrasannaKumar Sathiyanantham
Ranch Hand

Joined: Nov 12, 2009
Posts: 110
Hi i am also working on axis2 1.5 version(just beginning to work on it). Can you provide me any online tutorial links or any books for apache axis .please.

I am not able to understand a lot in it. help me


To err is human,
To forgive is not company policy
Raine Pyssysalo
Greenhorn

Joined: Dec 04, 2009
Posts: 5
Hi,

Are you trying to create web service or client? I think the easiest way to work with Axis is with Netbeans plugins.

Netbeans tutorials I think this is a great place to start..
PrasannaKumar Sathiyanantham
Ranch Hand

Joined: Nov 12, 2009
Posts: 110
thank you. I will look into them.

I just want to understand how the server and client side works meaning i just want to develop a project with the web service me acting as both server and client.

I will look into the netbeans tutorial. But is there a tutorial available for eclipse because in my office am expected to work in eclipse IDE only. That's why.

However thank you for that link
 
Don't get me started about those stupid light bulbs.
 
subject: Axis2/Rampart problem. Certificate not found for user.
 
Similar Threads
org.apache.axis2.AxisFault: The message has expired
Signature error while processing message
Axis client with changing keystorefile
org.apache.axis2.AxisFault: Transport error: 411 Error: Invalid Request
can't run rampart client