Kristofor Davison

Greenhorn
+ Follow
since Jul 05, 2011
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Kristofor Davison

you can put rampart on the server side and in specify your own implementation of the security WSPasswordCallback class.
in axis2 the services.xml within the service itself on the server tells axis2 which password callback handler to use.
within this services.xml you can include the policy.xml for the server end. - there are samples in the rampart samples folder.

within your WSPasswordCallback class you can check many types of authentication security ect. but rampart will do a lot for you based on your policy.

hope this helps.
12 years ago
Are you sure this is a Web Service?
from what you are describing it sounds more like a standard java web application with a back end worker section being accessed be the web part all on one server.

Although being on the same server does not mean it is not a web service but the idea of a web service is that it is a service that can be accessed via the web or remotely usually by xml and soap ect.

kris
12 years ago
As you are already using axis I would say the best option is to upgrade to axis2 as it has many newer features and simpler and more robust security (Such as rampart).
As you may already know axis has the code generation tools such as WSDL to Java and Java to WSDL and also create a service.aar file from a simple java project.

there are many more options I am sure but as you already have knowledge in this area it may be worth sticking to what you know.
12 years ago
Seems correct to me I did the same thing this morning.
have you tried getting a new version of rampart in case your download was corrupt?
or maybe it is your tomcat which is having problems?

or you could un-deploy axis2 and try again from scratch it is a quick process anyway.

have you had normal insecure web services running on axis already?
12 years ago
take a look at Axis2 you can deploy the Axis2.war file on most servers and then you can the the axis2 admin console to deploy your web services
which means that the deployment is axis specific but not server specific (so if you must change server your web services should be unaffected).
12 years ago
Hi All,

I had been struggling with this for about a week with the same issue so I thought I would contribute back to help anyone with the same issue now I have solved it.

Essentially I implemented the Basic Rampart Sample02 which is included in the rampart distribution.

to do this I created a simple Java project in eclipse added the Service class and also the Password Callback Handler.
After adding all the dependencies I used the Axis2 plugin to create a service.aar file and in the wizard selecting the services.xml file to be included from the rampart sample02 folder
and deployed it to the axis2 using the front end admin console usually found at http://localhost:8080/axis2/ if deployed to a local server.

then I needed to add the rampart.mar files to the \axis2\WEB-INF\modules\ folder of the axis2.war that is deployed from the rampart modules folder when you unpack the rampart download
and also copy the contents of the lib folder from for example C:\Rampart\rampart-dist-1.6.0-bin\rampart-1.6.0\lib\ to \axis2\WEB-INF\lib\ and restart the server

I then created another simple java project called client and added the Client.java file from the rampart samples02 added all the dependencies (essentially just the axis2 lib folder) and ran the client.
(In the client I had to find the endpoint I was using and also the axis2.xml config file which is located in the rampart sample02 folder called client.axis2.xml so I swapped this one out for the real one and referenced it)


At this point I had been following tutorials and expected it to run.

The client started outputting this error



which I could not figure out what the problem was as axis2 has the wss4j.jar in the lib folder and the service.aar file had both the service and PWCBHandler.java which was the password callback class.

so after changing from glassfish 3.1 to tomcat 7 and going through the same process and still no luck I eventually stumbled across a post about wrapping the PWCBHandler.class in a jar a putting it into the axis2 lib folder.
this worked great news hope this helps someone as when whacking WSPasswordCallback cannot be resolved to a type into google there really is nothing.

(Apologies if I have missed any steps)
feel free to ask any questions and I will try to answer them.

cheers Kris

cheers Kris

12 years ago