I use xws to secure my service server and client. But when I run Client call the server it has the problem, Not found [404]. here is my server and client config.
---------------------------
Server:and the Client:Code:<!--
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
-->
<!--
This server side config file pairs with wss-client-config-1.0.xml on the client
and supports the following UseCases:
Usecase 1: Authentication using Protected UsernameToken
Usecase 3: Encrypted UsernameToken and MessageBody
Usecase 4: Response Encryption Key Learnt from Incoming Message
-->
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"
dumpMessages="false">
<xwss:Timestamp/>
<xwss:RequireEncryption>
<xwss:Target type="qname">SOAP-BODY</xwss:Target>
</xwss:RequireEncryption>
<xwss:RequireSignature>
<xwss:Target type="qname">SOAP-BODY</xwss:Target>
</xwss:RequireSignature>
<xwss:Encrypt>
<xwss:X509Token certificateAlias="s1as"/>
<xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<xwss:Target type="qname">SOAP-BODY</xwss:Target>
</xwss:Encrypt>
<xwss:Sign>
<xwss:X509Token certificateAlias="s1as"/>
</xwss:Sign>
</xwss:SecurityConfiguration>
--------------------------------Code:<!--
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
-->
<!--
This client side config file pairs with wss-server-config-1.0.xml on the server
and supports the following UseCases:
Usecase 1: Authentication by Protected UsernameToken
Usecase 3: Encrypted UsernameToken and MessageBody
Usecase 4: Response Encryption Key Learnt from Incoming Message
-->
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"
dumpMessages="true">
<xwss:Timestamp/>
<xwss:UsernameToken name="epay" password="epay" digestPassword="false" useNonce="true"/>
<xwss:RequireEncryption>
<xwss:Target type="qname">SOAP-BODY</xwss:Target>
</xwss:RequireEncryption>
<xwss:Encrypt>
<xwss:X509Token certificateAlias="s1as"/>
<xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<xwss:Target type="qname">SOAP-BODY</xwss:Target>
</xwss:Encrypt>
</xwss:SecurityConfiguration>
In server I use keystoreCallbackHandler
Here is spring-ws-servlet on server side:
and the application context on client side, I use stand alone saaj, but I use keystoreCallbackHandler as SecurityEnvirontmenthandler so I use spring Applicationcontext to get keystore handler bean.Code:
<bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
<property name="policyConfiguration" value="/WEB-INF/config/wss-server-config.xml" />
<property name="callbackHandlers">
<list>
<bean id="passwordValidationHandler"
class="org.springframework.ws.soap.security.xwss.callback.SimplePasswordValidationCallbackHandler">
<property name="users">
<props>
<prop key="epay">epay</prop>
</props>
</property>
</bean>
<bean id="keystoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
<property name="keyStore" ref="keyStore"></property>
<property name="trustStore" ref="trustStore"></property>
<property name="symmetricStore" ref="symmetricStore"></property>
</bean>
</list>
</property>
</bean>
<bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="/WEB-INF/config/server-keystore.jks"/>
<property name="password" value="changeit"></property>
<property name="type" value="jks"></property>
</bean>
<bean id="trustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="/WEB-INF/config/server-truststore.jks"></property>
<property name="password" value="changeit"></property>
<property name="type" value="jks"></property>
</bean>
<bean id="symmetricStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="/WEB-INF/config/server-symmkeystore.jceks"></property>
<property name="password" value="changeit"></property>
<property name="type" value="jceks"></property>
</bean>
<bean id="loggingInterceptor" class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"/>
</beans>
here is the code:
finally is generate not found Exception:Code:public static void main(String[] args)throws Exception {
// TODO Auto-generated method stub
final String PREFIX = "tns";
final String NAME_SPACE = "http://www.onlinepayment.org/schemas";
//create soap message
SOAPMessage msg = MessageFactory.newInstance().createMessage();
SOAPBody body = msg.getSOAPBody();
SOAPBodyElement requestElement = body.addBodyElement(SOAPFactory.newInstance().createName("loginRequest",PREFIX, NAME_SPACE));
SOAPElement username = requestElement.addChildElement(SOAPFactory.newInstance().createElement("username",PREFIX, NAME_SPACE));
username.setTextContent("epay");
SOAPElement password = requestElement.addChildElement(SOAPFactory.newInstance().createElement("password",PREFIX, NAME_SPACE));
password.setTextContent("epay");
//--End of message--
//load spring application context to get SecurityEnvironmentHandler
XWSSProcessorFactory factory = XWSSProcessorFactory.newInstance();
ClassPathResource resource = new ClassPathResource("config/applicationContext.xml");
BeanFactory beanfact = new XmlBeanFactory(resource);
//load security policy configuration file
ClassPathResource configrsrc = new ClassPathResource("config/wss-client-config.xml");
XWSSProcessor cprocessor = factory.createProcessorForSecurityConfiguration(configrsrc.getInputStream(), (CallbackHandler)beanfact.getBean("callbackHandler"));
//create context which hold message
ProcessingContext context = new ProcessingContext();
context.setSOAPMessage(msg);
//secure message
SOAPMessage secureMsg = cprocessor.secureOutboundMessage(context);
secureMsg.saveChanges();
//create connection call the webservice
SOAPConnection connection = SOAPConnectionFactory.newInstance().createConnection();
//send message to service
System.out.println("Sending... ");
SOAPMessage reply = connection.call(secureMsg, "http://127.0.0.1:8080/service_server");
System.out.println("Done Sending request");
...
what's that problem?Code:log4j:WARN No appenders could be found for logger (org.springframework.util.ClassUtils).
log4j:WARN Please initialize the log4j system properly.
Nov 28, 2007 3:38:25 PM com.sun.xml.wss.impl.filter.DumpFilter process
Sending...
Nov 28, 2007 3:38:30 PM com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post
SEVERE: SAAJ0008: Bad Response; Not Found
Exception in thread "main" com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Bad response: (404Not Found
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
at org.epay.call.CallWS.main(CallWS.java:77)
Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Bad response: (404Not Found
at java.security.AccessController.doPrivileged(Native Method)
... 2 more
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Bad response: (404Not Found
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
... 3 more
CAUSE:
java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Bad response: (404Not Found
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(Unknown Source)
at org.epay.call.CallWS.main(CallWS.java:77)
Caused by: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Bad response: (404Not Found
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.post(Unknown Source)
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(Unknown Source)
... 3 more
please help me.
thanks.
