wood burning stoves 2.0*
The moose likes Web Services and the fly likes Issue with using the Axis2 JAX-WS Client using Rampart Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Issue with using the Axis2 JAX-WS Client using Rampart" Watch "Issue with using the Axis2 JAX-WS Client using Rampart" New topic
Author

Issue with using the Axis2 JAX-WS Client using Rampart

Bahadur Shah
Greenhorn

Joined: Feb 20, 2007
Posts: 18
I'm developing my Axis2 JAX-WS Client to consume the web service.
I'm using Axis2 1.5.4 and Rampart 1.5.1

When I ran the client with Axis2 1.4.1 and Rampart 1.4, it worked.
But when I try to use Axis2 1.5.x versions, I'm getting the null pointer exception
at org.apache.ws.security.message.token.X509Security.getX509Certificate(X509Security.java:94)
at org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCertificatesTokenReference(BinarySecurityTokenProcessor.java:109)


When I compare the debug log of both, I could see that, rampart is receiving the response.
I could see the statement
"*********************** RampartReceiver received"
But after that I could not see the statement
"*********************** WSDoAllReceiver recieved".
I could see the WSDoAllReceiver statement in the log which is working(Axis2 1.4.1+Rampart 1.4).


I'm attaching the debug log.


I'm engaging the rampart module in my client.axis2.xml.



My policy.xml contains just the below content
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
</ramp:RampartConfig>

I'm loading the Policy.xml in the client like this:


My crypto.properties is like below :
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.password=ABC5JHGFWWEDSWCT
org.apache.ws.security.crypto.merlin.file=srvc_claims_sit.jks


My WSDL has the below security configuration



Can some one please help me in resolving this issue please.
Bahadur Shah
Greenhorn

Joined: Feb 20, 2007
Posts: 18
It seems rampart configuration is not loaded properly.

Is there any alternative wayof loading rampart policy for Axis2 JAX-WS client?
Calisto Soul
Greenhorn

Joined: Jun 18, 2012
Posts: 4
Hi,

I renamed rampart.mar to rampart.jar and put it into classpath of java project (also addressing and rahas mars).
This java project is client of my jax-ws web service. I use it for signing messages.

In client I put this:

String axis2xml = "C:/.../conf/client.axis2.xml";
System.setProperty(Constants.AXIS2_CONF, axis2xml);
FileSystemConfigurator configurator = new FileSystemConfigurator(null, axis2xml);
ClientConfigurationFactory factory = new ClientConfigurationFactory(configurator);
MetadataFactoryRegistry.setFactory(ClientConfigurationFactory.class, factory);

JaxwsLibrary service = new JaxwsLibrary();
ERacunPortType stub = service.getLibrary();

BindingProvider provider = (BindingProvider)stub;

Policy policy = loadPolicy("sign-policy-client.xml");
provider.getRequestContext().put(RampartMessageData.KEY_RAMPART_POLICY, policy);

provider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
"http://localhost:8080........../MyWebService");

You MUST set factory BEFORE creating service object. If you do not, then Axis will not be configured properly.
As you can see, my entire policy is in separate xml. I also put this policy into wsdl, but I am not sure if this one (from wsdl) is used anywhere.

For the web service side i put web service jar into "servicejars" directory.
I generate jar from ant task like this:

<jar jarfile="${service-archive-name}.jar">
<fileset dir="${compiled-code}"/>
</jar>

"compiled-code" is directory where resides classes generated by wsimport.
Then I put this into axis2.xml on the service side (I am not sure this is correct):

<parameter name="OutflowSecurity">
<action>
<items>Signature</items>
<user>serveralias</user>
<passwordCallbackClass>hr.bla.bla.PWServiceHandler</passwordCallbackClass>
<signaturePropFile>crypto.properties</signaturePropFile>
</action>
</parameter>

<parameter name="InflowSecurity">
<action>
<items>Signature</items>
<passwordCallbackClass>hr.bla.bla.PWServiceHandler</passwordCallbackClass>
<signaturePropFile>crypto.properties</signaturePropFile>
</action>
</parameter>

I put crypto.properties, My.jks and handler class into MyUtil.jar.
Then MyUtil.jar is added to /WEB-INF/lib.

When I start all this (WebSphere 6.1, Rational Software Developer with TCP/IP monitoring, Axis 1.6.0 and Rampart 1.6.0; axis and rampart versions MUST be the same) client sends signed message to web service. From the web service side this message is validated, but when server sends acknowledgement message something goes wrong.
I can see from debugger that password handler (on service side) do his job, but after that I see this (without security everything works ok):

[2012.06.18 10:08:52:000 CEST] 0000001f ServletWrappe E SRVE0068E: Uncaught exception thrown in one of the service methods of the servlet: AxisServlet. Exception thrown : java.lang.NullPointerException
at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:281)
at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:255)
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:717)
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
at org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:516)
at org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:216)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:989)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:501)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:464)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:90)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:744)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1455)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:113)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:383)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:279)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1469)

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41060
    
  43
Calisto Soul wrote:I renamed rampart.mar to rampart.jar and put it into classpath of java project (also addressing and rahas mars).

Don't do that. .mar files are Axis modules. There's more to them than to .jar files.


Ping & DNS - my free Android networking tools app
Calisto Soul
Greenhorn

Joined: Jun 18, 2012
Posts: 4
Thanks Ulf,

But how will I load this .mar files on client side without converting them to .jar files ?
Do I need to put something in axis2.xml on client side ?


For the exception above: Probably I forgot to load policy for service.

There is:
https://issues.apache.org/jira/browse/AXIS2-4611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

I will try to create aar and put policy in service.xml.
But for that I need axis2 1.7 and rampart 1.7.

I'll keep you informed.
Calisto Soul
Greenhorn

Joined: Jun 18, 2012
Posts: 4
Now I get...

Probably I sign "The service class cannot be found for this..."

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1"><wsu:Created>2012-06-18T14:45:29.000Z</wsu:Created><wsu:Expires>2012-06-18T14:50:29.000Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-CFAD48F0CEE02316E613400307290001">MIICKzCCAZSgAwIBAgIET9nnZDANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJIUjENMAsGA1UEChMERmluYTETMBEGA1UECxMKUHJvZ3JhbWVyaTEnMCUGA1UEAxMeZHRvbWxqZW5vdmljMS5pbnRyYW5ldC5maW5hLmhyMB4XDTEyMDYxNDEzMzAxMloXDTEzMDYxNDEzMzAxMlowWjELMAkGA1UEBhMCSFIxDTALBgNVBAoTBEZpbmExEzARBgNVBAsTClByb2dyYW1lcmkxJzAlBgNVBAMTHmR0b21samVub3ZpYzEuaW50cmFuZXQuZmluYS5ocjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu/FWX1RIOSHaVSMHMU/debHywi5PMkKXQISeWljpZ/by4T/HEQGFB9muJDnOTdHJ8ELF0s+r1RUAF/+mG5sD3UpUZeAmyP+haSQh5weD7Aj/OUf3g8S6/Ftk5OkS4XOaVWqJwhpkTrLa9Lgk2fQLpOW2Zsk0z62Cb87/VsYy42ECAwEAATANBgkqhkiG9w0BAQQFAAOBgQAJ0+fNH8o3BPV9JgQrjdJbeObRccNT7fIR3YtMgtm/Xp6/hqMAbS/qBkNsPx4VJImc8xjXnWdDr6I0+nsxTtCmw5FIPKKkYaYWxo3r/LZy6eZwcSfAzxWGVv4S4b8lIkZqLn2iBBKNEwDPr5dDtCMj5+SfvDmRo1Kp096K7iEqHw==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#Id-806760470">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsigestValue>PZ7Tv3Iei2t9trchNcReIWIPqdg=</dsigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsigestValue>dW1lWCZA1zJ+aKHv7k6oIE7VcDE=</dsigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Vw2alx+bvcoUqhtYKeYfNm4LEi6P1PBqJs2vDu9mzN4VghsLiYXQsADaK2S+izxNLIy+FwVuXn/z
DI7tyPqZtZW6GXUGfl8fSJvDbxtcX7SWu8mQwzQGuK9gBQRLMkqEvB3Gh/YuNpD8htiU1jFM4jBw
yhgIQco07s1R5B+yK5U=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-CFAD48F0CEE02316E613400307290002">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-CFAD48F0CEE02316E613400307290003"><wsse:Reference URI="#CertId-CFAD48F0CEE02316E613400307290001" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security><wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action><wsa:RelatesTo>urn:uuid:4a9625ed-87b6-4238-8fc8-2589f578edd9</wsa:RelatesTo></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-806760470"><soapenv:Fault><faultcode>soapenv:Server</faultcode><faultstring>java.lang.RuntimeException: The service class cannot be found for this AxisService.</faultstring><detail /></soapenv:Fault></soapenv:Body></soapenv:Envelope>

I suppose that rampart now runs.
Calisto Soul
Greenhorn

Joined: Jun 18, 2012
Posts: 4
The same above exception in Axis 1.7 and Rampart 1.7 (SNAPSHPOTS) is also when I reset my service to Axis 1.6 and Rampart 1.6:

<faultstring>java.lang.RuntimeException: The service class cannot be found for this AxisService.</faultstring>

Then I create old JAX-RPC client with stub and call my JAX-WS service.
Also "The service class..."
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41060
    
  43
If you're looking for complete, ready-to-run examples of of the client and server sides of a secured WS, check out the 3 articles I wrote some time ago on WS-Security using Axis. If you study the code, you'll learn how to make use of the .mar files on the client side.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Issue with using the Axis2 JAX-WS Client using Rampart
 
Similar Threads
Axis2/Rampart fails auth from WCF client, never calls password callback handler
SOAP Header missing using Rampart w/ Axis2 Generated Stub
CXF, WSDL, and SecurityPolicy problems with "None of the policy alternatives can be satisfied."
WCF, Rampart, ADFS2 and SAML Interop issue
Axis2 and mustUnderstand