Hi all,
I am writing a
java client to consume a web service that I have no control of. The web service requires a sign message. I have configured Rampart to sign the message with file policy.xml and code.
Server WS return this error:
org.apache.axis2.AxisFault:
SOAP header missing
[java] at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
[java] at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
[java] at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
[java] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
[java] at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
[java] at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
[java] at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
[java] at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
[java] at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
[java] at es.contrataciondelestado.b2b.publicacion.ServicioPublicacionB2BStub.getExpedientState(ServicioPublicacionB2BStub.java:238)
[java] at PruebaCliente.main(PruebaCliente.java:109)
[java] Caused by: org.apache.rampart.RampartException: SOAP header missing
[java] at org.apache.rampart.RampartEngine.process(RampartEngine.java:106)
[java] at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
[java] ... 9 more
The server who validate the messages is an IBM Websphere DataPower XS40 and return the error "Hash values do not match. (from client)".
I'm using axis2-1.5.1, rampart-1.5, jdk1.6.0_20
My policy.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V1Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:EncryptedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>clientkey</ramp:user>
<ramp:encryptionUser>serverkey</ramp:encryptionUser>
<ramp:passwordCallbackClass>com.sosnoski.ws.library.adb.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">client.keystore</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
</ramp:crypto>
</ramp:signatureCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
My java class is:
public class PruebaCliente {
/**
* Load policy file from classpath.
*/
private static Policy loadPolicy(
String name) throws XMLStreamException {
ClassLoader loader = PruebaCliente.class.getClassLoader();
InputStream resource = loader.getResourceAsStream(name);
StAXOMBuilder builder = new StAXOMBuilder(resource);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
public static void main(String[] args) {
PruebaCliente pc = new PruebaCliente();
Logger log = Logger.getLogger( pc.getClass() );
System.setProperty("javax.net.ssl.trustStore", "security/almacenPLACE.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
// create the client stub
String target = "https://ip:port/service";
ServicioPublicacionB2BStub stub;
try {
ConfigurationContextFactory.createConfigurationContextFromFileSystem(
/axis2-1.5.1/repository/",
null);
stub = new ServicioPublicacionB2BStub(target);
System.out.println("Stub initializated");
// configure and engage Rampart
ServiceClient client = stub._getServiceClient();
Options options = client.getOptions();
try {
RampartConfig rampartConfig = new RampartConfig();
Properties merlinProp = new Properties();
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "PKCS12");
merlinProp.put("org.apache.ws.security.crypto.merlin.file","clienteplace.p12");
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.alias", "clienteplace");
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "changeit");
CryptoConfig cryptoConfig = new CryptoConfig();
cryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
cryptoConfig.setProp(merlinProp);
rampartConfig.setUser("clienteplace");
rampartConfig.setUserCertAlias("clienteplace");
rampartConfig.setPwCbClass("PWCBHandler");
rampartConfig.setSigCryptoConfig(cryptoConfig);
StAXOMBuilder builder = new StAXOMBuilder("security/policy.xml");
Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());
policy.addAssertion(rampartConfig);
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
client.engageModule("rampart");
// web service call
GetExpedientStateDocument gesDocument = GetExpedientStateDocument.Factory.newInstance();
GetExpedientStateDocument.GetExpedientState ges = gesDocument.addNewGetExpedientState();
ges.setExpedientNumber("RED_B2B_01");
ges.setBuyerProfileId("10000200031834");
stub.getExpedientState(gesDocument);
} catch (XMLStreamException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (RemoteException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
} catch (AxisFault e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
Please, any help is appreciated.
Thanks.
Antonio.