Help with Password Callback Handlers

>I have setup axis2/java and rampart. I do not see any
>instructions on what I need to do in my .net web service to
>work with WS-Security and the password callback handler.

Where have you set this up? I assume your client and back end service are both .net.. so then all you need to do is:
1) attache the desired ramapart policy to your proxy service
2) make any callback handler class and/or key stores used available

You will need to attach your policy, synapse.xml and any other files, to help someone point your problem more easily

asankha

http://esbmagic.blogspot.com

yes, they are both .net

2) I do not understand where the callback handler class goes, do I need to compile it with maven then put in somewhere?

It says classpath in the documentation but I do not know what that means.

I have not touched synapse or axis2 xml files. the sec_policy was taken from a sample, for not I just want to try to get it working so I am trying to work with a basic configuration.

thanks for your help.

Well.. I do not see your proxy service saved into the synapse.xml.. usually this happens when you select the configuration tab from the webconsole and save. If you do not save your configuration, it only lives in memory and is lost when the system restarts.

Your sec policy does not seem to specify the rampart specific information expected, since we use Apache Rampart to enforce WS-Security. If you want to try security, try the security samples [1] first with the sample client and server, and also look at the policy file used "repository/conf/sample/resources/policy/policy_3.xml" etc

If your backend service expects WS-Security, you will need to create/configure a Rampart specific policy that can do it. and you may need to use a new PW callback class (which you can compile and drop into the lib/patches or lib/extensions (if a jar)) directory for the ESB to pick up - you will need to save the config and restart

asankha

[1] http://wso2.org/project/esb/java/1.7.1/docs/ESB_Samples.html#Sample100
http://esbmagic.blogspot.com

You're right, restarting the server lost my proxy settings, how do I save the configuration in synapse.xml, why does it not save when I save from https://localhost:9444/esb?

I will take a look at the sample.

when you say backend service do you mean my .net web app? currently, neither the .net web service or webapp contain any ws-security specific code. should it? I thought it was all handled by rampart and ESB.

Using the "Save" button on the configuration tab will save your changes on the graphical console to the synapse.xml on the file system

Yes, I meant your .net webapp when I said backend service. So I assume you have already got the direct connection (i.e. without WS-Security) working through the ESB?

Now, what you want is to protect your proxy with WS-Security.. you only have to follow the example #200 [1]

asankha

[1] http://wso2.org/project/esb/java/1.7.1/docs/ESB_Samples.html#Sample200

http://esbmagic.blogspot.com

I was able to get a lot farther this time I believe. Though, I do get this error now.

Yes, the direct connection, without WS-Security, works though ESB.

SOAP header missing

perhaps i am still missing something in the policy xml?

samples.userguide.PWCallback

So how does your client now generate its request message? Is it properly WS-Sec signed/encrypted as per the policy? Can you get a dump of the message with a tool like TCPMon and check

asankha

http://esbmagic.blogspot.com

I could not get TCPMon to work, I will try in the morning...my brain is dead.

I did not change any code in the client, it still sends the request the same as before I added WS-security. is that a problem?

On the client, when i submit the form that makes the soap request, instead of getting a valid response as before the ws-security was enabled, i get this...

SOAP header missing
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.Services.Protocols.SoapException: SOAP header missing

the attached file is the screen dump of ESB cmd log, if it helps.

>I did not change any code in the client, it still sends the request the same as before I added WS-security. is that a problem?

yes ofcourse this is a problem :) .. after you attach a security policy to the service - its now protected from any requests that does not conform to the policy :) Thats why your requests are rejected!

You need to now make your client WS-Security aware..

asankha

http://esbmagic.blogspot.com

Thanks for your help, I am beginning to understand all this.

This is where I am now; I have ws-security enabled on my client using WSE 3.0 from Microsoft. But I get this error now,

"Message is not signed"

The password and username are correct, and I use the PasswordOption.SendHashed as required.

one other note, I am still unclear what to do with the PasswordCallbackhandler. I have not made any changes to what I have in my policy, is this even being used in my case?

>This is where I am now; I have ws-security enabled on my client using WSE 3.0 from Microsoft. But I get this error now,
>"Message is not signed"

A .net / WS-Sec expert should probably be able to help you on this..

Basically what's done by your .net client must produce the same wire level message expected by the ESB with the policy you attach

The password callback class is mentioned in the policy and is used by rampart to find the username/password to be used when enforcing the policy

asankha
http://esbmagic.blogspot.com