开发者

Axis2+Rampart WebService Signing and Encryption

i have a problem with the security between one webservice and his client. I use Axis2 and Rampart to build bottom up my webservice and than create the client from the generated wsdl. I show you my code and the concrete problem.

Client.java

package de.security.tutorial;

import java.io.InputStream;
import java.rmi.RemoteException;

import javax.xml.stream.XMLStreamException;
开发者_如何学Cimport org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;

import de.security.tutorial.ServerStub.GetWelcomeResponse;

public class Client {

    /**
     * Load policy file from classpath.
     */
    private static Policy loadPolicy(String name) throws XMLStreamException {
        ClassLoader loader = new ClassLoader() {};
        InputStream resource = loader.getResourceAsStream(name);
        StAXOMBuilder builder = new StAXOMBuilder(resource);
        return PolicyEngine.getPolicy(builder.getDocumentElement());
    }

    public static void main(String[] arg) throws RemoteException{
        String url = "http://localhost:8080/axis2/services/Server";
        try {
            // get Modulrepository
            ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("WebContent/WEB-INF/", null);

            // create new Stub
            ServerStub stub = new ServerStub(ctx, url);

            // configure and engage Rampart
            ServiceClient client = stub._getServiceClient();
            Options options = client.getOptions();

            Policy policy = loadPolicy("policy.xml");
//          client.getAxisService().getPolicySubject().attachPolicy(policy);
            options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
            options.setUserName("libuser");
            options.setPassword("books");

            client.setOptions( options );           
            client.engageModule( "addressing" );        
            client.engageModule( "rampart" );
            stub._setServiceClient( client );

            // send request
            GetWelcomeResponse response = stub.getWelcome();

            // print response to console
            if(response.local_returnTracker){
                String string = response.get_return();
                System.out.println(string);
            }

        } catch(Exception e) {
            System.out.println("Exception: " + e.getMessage());
        }

    }

}

PasswordCallbackHandler.java

package de.security.tutorial;

import org.apache.ws.security.WSPasswordCallback;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;

import java.io.IOException;

/**
 * Simple password callback handler. This just checks if the password for the private key
 * is being requested, and if so sets that value.
 */
public class PWCBHandler implements CallbackHandler
{
    public void handle(Callback[] callbacks) throws IOException {
        for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
            String id = pwcb.getIdentifer();
            int usage = pwcb.getUsage();
            if (usage == WSPasswordCallback.DECRYPT || usage == WSPasswordCallback.SIGNATURE) {

                // used to retrieve password for private key
                if ("clientkey".equals(id)) {
                    pwcb.setPassword("clientpass");
                }

            }
        }
    }
}

policy.xml

<?xml version="1.0" encoding="UTF-8"?>

<wsp:Policy wsu:Id="SigEncr"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:AsymmetricBinding
                xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:InitiatorToken>
                        <wsp:Policy>
                            <sp:X509Token
                                sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference />
                                    <sp:WssX509V1Token10 />
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:InitiatorToken>
                    <sp:RecipientToken>
                        <wsp:Policy>
                            <sp:X509Token
                                sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference />
                                    <sp:WssX509V3Token10 />
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:RecipientToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:TripleDesRsa15 />
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Strict />
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp />
                    <sp:OnlySignEntireHeadersAndBody />
                </wsp:Policy>
            </sp:AsymmetricBinding>
            <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:MustSupportRefKeyIdentifier />
                    <sp:MustSupportRefIssuerSerial />
                </wsp:Policy>
            </sp:Wss10>
            <sp:SignedParts
                xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <sp:Body />
            </sp:SignedParts>
            <sp:EncryptedParts
                xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <sp:Body />
            </sp:EncryptedParts>
            <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                <ramp:user>clientkey</ramp:user>
                <ramp:encryptionUser>serverkey</ramp:encryptionUser>
                <ramp:passwordCallbackClass>de.security.tutorial.PWCBHandler
                </ramp:passwordCallbackClass>
                <ramp:signatureCypto>
                    <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                        <ramp:property
                            name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.file">D:/keystore/client.keystore
                        </ramp:property>
                        <ramp:property
                            name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
                    </ramp:crypto>
                </ramp:signatureCypto>

                <ramp:encryptionCypto>
                    <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                        <ramp:property
                            name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.file">D:/keystore/client.keystore
                        </ramp:property>
                        <ramp:property
                            name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
                    </ramp:crypto>
                </ramp:encryptionCypto>

            </ramp:RampartConfig>

        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

OK. I have a WebService called "Server" with one function "getWelcome" which returned a simple String. Importent is only the security.

The Problem: If i execute my client, he returned one NullPointerException and he didn´t was connected with the service. This line throws the exception:

GetWelcomeResponse response = stub.getWelcome();

But if i disable the rampart modul, then i get a connection to the service but he miss the security header. The Problem is this line:

client.engageModule( "rampart" );

Can anybody help me?


From the code below i would say that you need to include the commented out line and comment out the other 5 below that.

//      client.getAxisService().getPolicySubject().attachPolicy(policy);
        options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
        options.setUserName("libuser");
        options.setPassword("books");

        client.setOptions( options );           
        client.engageModule( "addressing" );  
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜