Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Update:</p> <p>The RampartConfigBuilder class:</p> <pre><code>package org.wso2.carbon.security.ws; import org.apache.rampart.policy.model.RampartConfig; import org.apache.rampart.policy.model.CryptoConfig; import java.util.Properties; import java.io.File; /** * This class is used to create Rampart Configurations for different security scenarios in WSAS */ public class RampartConfigBuilder { public static RampartConfig createRampartConfig(int securityScenario) { RampartConfig rampartConfig = null; Properties merlinProp = new Properties(); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS"); merlinProp.put("org.apache.ws.security.crypto.merlin.file", "src" + File.separator + "main" + File.separator + "resources" + File.separator + "wso2carbon.jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon"); CryptoConfig sigCryptoConfig = new CryptoConfig(); sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin"); sigCryptoConfig.setProp(merlinProp); CryptoConfig encCryptoConfig = new CryptoConfig(); encCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin"); encCryptoConfig.setProp(merlinProp); switch (securityScenario) { /** * Scenario : Username Token * Rampart Config : username , password callback handler */ case 1: rampartConfig = new RampartConfig(); rampartConfig.setUser("admin"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); break; /** * Scenario : Non-repudiation * Rampart Config : signatureCrypto , Password Callback Hanlder , User certificate Alias , * Signature CryptoConfig */ case 2: rampartConfig = new RampartConfig(); rampartConfig.setUserCertAlias("wso2carbon"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); rampartConfig.setSigCryptoConfig(sigCryptoConfig); break; /** * Scenario : Integrity * Rampart Config : Encryption user , Signature CryptoConfig */ case 3: rampartConfig = new RampartConfig(); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setSigCryptoConfig(sigCryptoConfig); break; /** * Scenario : Confidentiality : * Rampart Config : Encryption user , Encryption CryptoConfig */ case 4: rampartConfig = new RampartConfig(); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); break; /** * Scenario : Sign and encrypt - X509 Authentication * Rampart Config : User cert alias , Encryption user , Sign. CryptoConfig , Enc. CryptoConfig , * Password Callback Handler */ case 5: rampartConfig = new RampartConfig(); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setUserCertAlias("wso2carbon"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); rampartConfig.setSigCryptoConfig(sigCryptoConfig); rampartConfig.setEncrCryptoConfig(encCryptoConfig); break; /** * Scenario : Sign and Encrypt - Anonymous clients * Rampart Config : Encryption User , Sign. CryptoConfig | Encr. CryptoConfig */ case 6: rampartConfig = new RampartConfig(); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); break; /** * Scenario : Encrypt only - Username Token Authentication * Rampart Config : Username , PasswordCallbackHandler + Encryption User * , Sign. CryptoConfig | Encr. CryptoConfig */ case 7: rampartConfig = new RampartConfig(); rampartConfig.setUser("admin"); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); break; /** * Scenario : Sign and Encrypt - Username Token Authentication * Rampart Config : Username + PasswordCallbackhandler , Encryption User , * Sign. CryptoConfig | Encr. CryptoConfig */ case 8: rampartConfig = new RampartConfig(); rampartConfig.setUser("admin"); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); break; /** * Scenario : SecureConversation - Sign only - Service as STS - Bootstrap policy - Sign and Encrypt , * X509 Authentication * Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig, * Encr. CryptoConfig */ case 9: rampartConfig = new RampartConfig(); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setUserCertAlias("wso2carbon"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); rampartConfig.setSigCryptoConfig(sigCryptoConfig); break; /** * Scenario : SecureConversation - Encrypt only - Service as STS - Bootstrap policy - Sign and Encrypt , * X509 Authentication Provides Confidentiality. Multiple message exchange.Clients have X509 certificates. * Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig, * Encr. CryptoConfig */ case 10: rampartConfig = new RampartConfig(); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setUserCertAlias("wso2carbon"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); rampartConfig.setSigCryptoConfig(sigCryptoConfig); break; /** * Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt, * X509 Authentication * Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig, * Encr. CryptoConfig */ case 11: rampartConfig = new RampartConfig(); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setUserCertAlias("wso2carbon"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); rampartConfig.setSigCryptoConfig(sigCryptoConfig); break; /** * Scenario : SecureConversation - Sign Only - Service as STS - Bootstrap policy - Sign and Encrypt , * Anonymous clients * Rampart Config : Encryption User, enc. crypto config */ case 12: rampartConfig = new RampartConfig(); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); break; /** * Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt , * Anonymous clients * Rampart Config : Encryption User, enc. crypto config */ case 13: rampartConfig = new RampartConfig(); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); break; /** * Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt , * Username Token Authentication * Rampart Config : Username, encryption user, Password Callback Handler, enc. crypto config */ case 14: rampartConfig = new RampartConfig(); rampartConfig.setUser("admin"); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); break; /** * Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt, * Username Token Authentication * Rampart Config : Username, encryption user, Password Callback Handler, Encryption Crypto Config */ case 15: rampartConfig = new RampartConfig(); rampartConfig.setUser("admin"); rampartConfig.setEncryptionUser("wso2carbon"); rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler"); rampartConfig.setEncrCryptoConfig(encCryptoConfig); break; } return rampartConfig; } } </code></pre> <p>The PasswordCallbackHandler class:</p> <pre><code>package org.wso2.carbon.security.ws; import org.apache.ws.security.WSPasswordCallback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.Callback; import javax.security.auth.callback.UnsupportedCallbackException; import java.io.IOException; public class PasswordCallbackHandler implements CallbackHandler{ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i &lt; callbacks.length; i++) { WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; String id = pwcb.getIdentifer(); if("admin".equals(id)) { pwcb.setPassword("admin"); } else if("wso2carbon".equals(id)) { pwcb.setPassword("wso2carbon"); } } } } </code></pre> <hr> <p>Original:</p> <p>Following Java code allows you to invoke a secured service. You can invoke a service that could be secured using the 15 default security scenarios [1]. You need to change "/path/to/keystore" to point to the location of wso2carbon.jks which is shipped with wso2esb by default (ESB_HOME/repository/resources/security/wso2carbon.jks). Also change /path/to/repo to point to client axis2 repository. The file structure is as follows. The EPRs are hard-coded. So, you might want to change those to match with your service.</p> <pre><code>repository/ └── modules ├── addressing-1.6.1-wso2v1.mar ├── rahas-1.6.1-wso2v1.mar └── rampart-1.6.1-wso2v1.mar </code></pre> <p>[1] <a href="http://docs.wso2.org/wiki/display/AS510/QoS+-+Security+and+Reliable+Messaging" rel="nofollow">http://docs.wso2.org/wiki/display/AS510/QoS+-+Security+and+Reliable+Messaging</a></p> <pre><code>package org.wso2.carbon.security.ws; import org.apache.axis2.addressing.EndpointReference; import org.apache.axis2.context.ConfigurationContext; import org.apache.axis2.context.ConfigurationContextFactory; import org.apache.axis2.description.AxisBinding; import org.apache.axis2.description.AxisEndpoint; import org.apache.axis2.rpc.client.RPCServiceClient; import org.apache.neethi.Policy; import javax.xml.namespace.QName; import java.io.BufferedReader; import java.io.File; import java.io.InputStreamReader; import java.net.URL; import java.util.Map; public class HelloServiceClient { static { System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore" + File.separator+ "wso2carbon.jks"); System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon"); } public static void main(String[] args) { try { int securityScenario = getSecurityScenario(); String repository = "/path/to/repo" + File.separator + "repository"; ConfigurationContext confContext = ConfigurationContextFactory. createConfigurationContextFromFileSystem(repository, null); String endPoint = "HelloServiceHttpSoap12Endpoint"; if(securityScenario == 1){ endPoint = "HelloServiceHttpsSoap12Endpoint"; // scenario 1 uses HelloServiceHttpsSoap12Endpoint } RPCServiceClient dynamicClient = new RPCServiceClient(confContext, new URL("http://127.0.0.1:9763/services/HelloService?wsdl"), new QName("http://www.wso2.org/types", "HelloService"), endPoint); //Engage Modules dynamicClient.engageModule("rampart"); dynamicClient.engageModule("addressing"); //TODO : Change the port to monitor the messages through TCPMon if(securityScenario != 1){ dynamicClient.getOptions().setTo(new EndpointReference("http://127.0.0.1:9763/services/HelloService/")); } //Get the policy from the binding and append the rampartconfig assertion Map endPoints = dynamicClient.getAxisService().getEndpoints(); AxisBinding axisBinding = ((AxisEndpoint) endPoints.values().iterator().next()).getBinding(); Policy policy = axisBinding.getEffectivePolicy(); policy.addAssertion(RampartConfigBuilder.createRampartConfig(securityScenario)); axisBinding.applyPolicy(policy); //Invoke the service Object[] returnArray = dynamicClient.invokeBlocking(new QName("http://www.wso2.org/types","greet"), new Object[]{"Alice"}, new Class[]{String.class}); System.out.println((String) returnArray[0]); } catch (Exception ex) { ex.printStackTrace(); } } private static int getSecurityScenario() { int scenarioNumber = 0; while (scenarioNumber &lt; 1 || scenarioNumber &gt; 15) { System.out.print("Insert the security scenario no : "); String inputString = readOption(); try { scenarioNumber = new Integer(inputString); } catch (Exception e) { System.out.println("invalid input, insert a integer between 1 and 15"); } if(scenarioNumber &lt; 1 || scenarioNumber &gt; 15){ System.out.println("Scenario number should be between 1 and 15"); } } return scenarioNumber; } private static String readOption() { try { BufferedReader console = new BufferedReader(new InputStreamReader(System.in)); String str; while ((str = console.readLine()).equals("")) { } return str; } catch (Exception e) { return null; } } } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload