javaweb-servicesapache-axisws-securityrampart

Axis2 : Unable to engage Rampart module


I am getting the following error while trying to implement WS-Security using Rampart in Axis2.

org.apache.axis2.AxisFault: Unable to engage module : rampart
at org.apache.axis2.client.ServiceClient.engageModule(ServiceClient.java:358)

I am using axis in embedded mode (inside my ear). Service is working fine without the security implementation. I have included the policy in services.xml and also in the WSDL. Using Jboss and JDK6 Please find the files below.

Axis2.xml

<wsdl:definitions xmlns:ns1="http://org.apache.axis2/xsd" xmlns:ns="http://service" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" targetNamespace="http://service">
<wsdl:types>
<xs:schema attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace="http://service">
<xs:element name="echo">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="args0" nillable="true" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="echoResponse">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="return" nillable="true" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
</wsdl:types>
<wsdl:message name="echoRequest">
<wsdl:part name="parameters" element="ns:echo"></wsdl:part>
</wsdl:message>
<wsdl:message name="echoResponse">
<wsdl:part name="parameters" element="ns:echoResponse"></wsdl:part>
</wsdl:message>
<wsdl:portType name="SimpleServicePortType">
<wsdl:operation name="echo">
<wsdl:input message="ns:echoRequest" wsaw:Action="urn:echo"></wsdl:input>
<wsdl:output message="ns:echoResponse" wsaw:Action="urn:echoResponse"></wsdl:output>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="SimpleServiceSoap11Binding" type="ns:SimpleServicePortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="echo">
<soap:operation soapAction="urn:echo" style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="SimpleServiceSoap12Binding" type="ns:SimpleServicePortType">
<soap12:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="echo">
<soap12:operation soapAction="urn:echo" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="SimpleServiceHttpBinding" type="ns:SimpleServicePortType">
<http:binding verb="POST"/>
<wsdl:operation name="echo">
<http:operation location="SimpleService/echo"/>
<wsdl:input>
<mime:content part="echo" type="text/xml"/>
</wsdl:input>
<wsdl:output>
<mime:content part="echo" type="text/xml"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SimpleService">
<wsdl:port name="SimpleServiceHttpEndpoint" binding="ns:SimpleServiceHttpBinding">
<http:address location="http://sbswsvm1426:9091/axis2/services/SimpleService.SimpleServiceHttpEndpoint/"/>
</wsdl:port>
<wsdl:port name="SimpleServiceHttpSoap11Endpoint" binding="ns:SimpleServiceSoap11Binding">
<soap:address location="http://sbswsvm1426:9091/axis2/services/SimpleService.SimpleServiceHttpSoap11Endpoint/"/>
</wsdl:port>
<wsdl:port name="SimpleServiceHttpSoap12Endpoint" binding="ns:SimpleServiceSoap12Binding">
<soap12:address location="http://sbswsvm1426:9091/axis2/services/SimpleService.SimpleServiceHttpSoap12Endpoint/"/>
</wsdl:port>
</wsdl:service>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SigOnly">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</sp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</wsdl:definitions>

Services.XML

<?xml version="1.0" encoding="UTF-8"?>
<!-- This file was auto-generated from WSDL -->
<!-- by the Apache Axis2 version: 1.5.6  Built on : Aug 30, 2011 (10:00:16 CEST) -->
<serviceGroup>
    <service name="SimpleService">
        <messageReceivers>
            <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out" class="service.SimpleServiceMessageReceiverInOut"/>
        </messageReceivers>
        <parameter name="ServiceClass">service.SimpleServiceSkeleton</parameter>
        <parameter name="useOriginalwsdl">true</parameter>
        <parameter name="modifyUserWSDLPortAddress">true</parameter>
        <operation name="echo" mep="http://www.w3.org/ns/wsdl/in-out" namespace="http://service">
            <actionMapping>urn:echo</actionMapping>
            <outputActionMapping>urn:echoResponse</outputActionMapping>
        </operation>
    <module ref="rampart"/>
    <module ref="addressing"/>

    <wsp:Policy wsu:Id="SigOnly"
                xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <wsp:Policy>
                        <sp:InitiatorToken>
                            <wsp:Policy>
                                <sp:X509Token
                                        sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                                    <wsp:Policy>
                                        <sp:RequireThumbprintReference/>
                                        <sp:WssX509V3Token10/>
                                    </wsp:Policy>
                                </sp:X509Token>
                            </wsp:Policy>
                        </sp:InitiatorToken>
                        <sp:RecipientToken>
                            <wsp:Policy>
                                <sp:X509Token
                                        sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                    <wsp:Policy>
                                        <sp:RequireThumbprintReference/>
                                        <sp:WssX509V3Token10/>
                                    </wsp:Policy>
                                </sp:X509Token>
                            </wsp:Policy>
                        </sp:RecipientToken>
                        <sp:AlgorithmSuite>
                            <wsp:Policy>
                                <sp:TripleDesRsa15/>
                            </wsp:Policy>
                        </sp:AlgorithmSuite>
                        <sp:Layout>
                            <wsp:Policy>
                                <sp:Strict/>
                            </wsp:Policy>
                        </sp:Layout>
                        <sp:IncludeTimestamp/>
                        <sp:OnlySignEntireHeadersAndBody/>
                    </wsp:Policy>
                </sp:AsymmetricBinding>
                <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <wsp:Policy>
                        <sp:MustSupportRefKeyIdentifier/>
                        <sp:MustSupportRefIssuerSerial/>
                    </wsp:Policy>
                </sp:Wss10>
                <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <sp:Body/>
                </sp:SignedParts>

                <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                    <ramp:user>service</ramp:user>
                    <ramp:encryptionUser>client</ramp:encryptionUser>
                    <ramp:passwordCallbackClass>service.PWCBHandler
                    </ramp:passwordCallbackClass>

                    <ramp:signatureCrypto>
                        <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                            <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                            <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
                            <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
                            </ramp:property>
                        </ramp:crypto>
                    </ramp:signatureCrypto>
                </ramp:RampartConfig>

            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
    </service>
</serviceGroup>

Client Stub

SimpleServiceStub stub = new SimpleServiceStub("http://sbswsvm1426:9091/axis2/services/SimpleService?wsdl");
            stub._getServiceClient().engageModule("rampart");
            stub._getServiceClient().engageModule("addressing");
            Options options = stub._getServiceClient().getOptions();
            options.setUserName("apache");
            options.setPassword("password");
            Echo oSreq=new Echo();
            oSreq.setArgs0("Echoed!!");


            EchoResponse response = stub.echo(oSreq);
            System.out.println(response.get_return());

Solution

  • Try following. You have to give the path of the client repository. In the repository folder there has to be a folder named 'modules' and the rampart mar should be inside this folder.

    ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("path/to/client/repo", null);
    SimpleServiceStub stub = new SimpleServiceStub(ctx, "http://sbswsvm1426ou:9091/axis2/services/SimpleService?wsdl");
    

    I think you will get a new error message again. Something like "PKIX path building failed". If you get that you need to add the server certificate to your keystore and need to import it. You can do it like this

     System.setProperty("javax.net.ssl.trustStore", "/path/to/server.jks");
     System.setProperty("javax.net.ssl.trustStorePassword", "password"); 
    

    You can read more on this here. http://wso2.com/library/3190/