Axis2 + Rampart WebService İmzalama ve Şifreleme

Question

Bir web servisiyle müşterisi arasındaki güvenlik konusunda bir sorunum var. Web servisimi aşağıdan oluşturmak ve istemci tarafından oluşturulan wsdl'den oluşturmak için Axis2 ve Rampart'ı kullanıyorum. Size kodumu ve somut problemi gösteriyorum.

Client.java

package de.security.tutorial; 

import java.io.InputStream; 
import java.rmi.RemoteException; 

import javax.xml.stream.XMLStreamException; 
import org.apache.axiom.om.impl.builder.StAXOMBuilder; 
import org.apache.axis2.client.Options; 
import org.apache.axis2.client.ServiceClient; 
import org.apache.axis2.context.ConfigurationContext; 
import org.apache.axis2.context.ConfigurationContextFactory; 
import org.apache.neethi.Policy; 
import org.apache.neethi.PolicyEngine; 
import org.apache.rampart.RampartMessageData; 

import de.security.tutorial.ServerStub.GetWelcomeResponse; 

public class Client { 

    /** 
    * Load policy file from classpath. 
    */ 
    private static Policy loadPolicy(String name) throws XMLStreamException { 
     ClassLoader loader = new ClassLoader() {}; 
     InputStream resource = loader.getResourceAsStream(name); 
     StAXOMBuilder builder = new StAXOMBuilder(resource); 
     return PolicyEngine.getPolicy(builder.getDocumentElement()); 
    } 

    public static void main(String[] arg) throws RemoteException{ 
     String url = "http://localhost:8080/axis2/services/Server"; 
     try { 
      // get Modulrepository 
      ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("WebContent/WEB-INF/", null); 

      // create new Stub 
      ServerStub stub = new ServerStub(ctx, url); 

      // configure and engage Rampart 
      ServiceClient client = stub._getServiceClient(); 
      Options options = client.getOptions(); 

      Policy policy = loadPolicy("policy.xml"); 
//   client.getAxisService().getPolicySubject().attachPolicy(policy); 
      options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy); 
      options.setUserName("libuser"); 
      options.setPassword("books"); 

      client.setOptions(options);   
      client.engageModule("addressing");   
      client.engageModule("rampart"); 
      stub._setServiceClient(client); 

      // send request 
      GetWelcomeResponse response = stub.getWelcome(); 

      // print response to console 
      if(response.local_returnTracker){ 
       String string = response.get_return(); 
       System.out.println(string); 
      } 

     } catch(Exception e) { 
      System.out.println("Exception: " + e.getMessage()); 
     } 

    } 

} 

PasswordCallbackHandler.java

package de.security.tutorial; 

import org.apache.ws.security.WSPasswordCallback; 

import javax.security.auth.callback.Callback; 
import javax.security.auth.callback.CallbackHandler; 

import java.io.IOException; 

/** 
* Simple password callback handler. This just checks if the password for the private key 
* is being requested, and if so sets that value. 
*/ 
public class PWCBHandler implements CallbackHandler 
{ 
    public void handle(Callback[] callbacks) throws IOException { 
     for (int i = 0; i < callbacks.length; i++) { 
      WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; 
      String id = pwcb.getIdentifer(); 
      int usage = pwcb.getUsage(); 
      if (usage == WSPasswordCallback.DECRYPT || usage == WSPasswordCallback.SIGNATURE) { 

       // used to retrieve password for private key 
       if ("clientkey".equals(id)) { 
        pwcb.setPassword("clientpass"); 
       } 

      } 
     } 
    } 
} 

policy.xml

<?xml version="1.0" encoding="UTF-8"?> 

<wsp:Policy wsu:Id="SigEncr" 
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> 
    <wsp:ExactlyOne> 
     <wsp:All> 
      <sp:AsymmetricBinding 
       xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
       <wsp:Policy> 
        <sp:InitiatorToken> 
         <wsp:Policy> 
          <sp:X509Token 
           sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> 
           <wsp:Policy> 
            <sp:RequireThumbprintReference /> 
            <sp:WssX509V1Token10 /> 
           </wsp:Policy> 
          </sp:X509Token> 
         </wsp:Policy> 
        </sp:InitiatorToken> 
        <sp:RecipientToken> 
         <wsp:Policy> 
          <sp:X509Token 
           sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> 
           <wsp:Policy> 
            <sp:RequireThumbprintReference /> 
            <sp:WssX509V3Token10 /> 
           </wsp:Policy> 
          </sp:X509Token> 
         </wsp:Policy> 
        </sp:RecipientToken> 
        <sp:AlgorithmSuite> 
         <wsp:Policy> 
          <sp:TripleDesRsa15 /> 
         </wsp:Policy> 
        </sp:AlgorithmSuite> 
        <sp:Layout> 
         <wsp:Policy> 
          <sp:Strict /> 
         </wsp:Policy> 
        </sp:Layout> 
        <sp:IncludeTimestamp /> 
        <sp:OnlySignEntireHeadersAndBody /> 
       </wsp:Policy> 
      </sp:AsymmetricBinding> 
      <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
       <wsp:Policy> 
        <sp:MustSupportRefKeyIdentifier /> 
        <sp:MustSupportRefIssuerSerial /> 
       </wsp:Policy> 
      </sp:Wss10> 
      <sp:SignedParts 
       xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
       <sp:Body /> 
      </sp:SignedParts> 
      <sp:EncryptedParts 
       xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> 
       <sp:Body /> 
      </sp:EncryptedParts> 
      <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
       <ramp:user>clientkey</ramp:user> 
       <ramp:encryptionUser>serverkey</ramp:encryptionUser> 
       <ramp:passwordCallbackClass>de.security.tutorial.PWCBHandler 
       </ramp:passwordCallbackClass> 
       <ramp:signatureCypto> 
        <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> 
         <ramp:property 
          name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> 
         <ramp:property name="org.apache.ws.security.crypto.merlin.file">D:/keystore/client.keystore 
         </ramp:property> 
         <ramp:property 
          name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property> 
        </ramp:crypto> 
       </ramp:signatureCypto> 

       <ramp:encryptionCypto> 
        <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> 
         <ramp:property 
          name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> 
         <ramp:property name="org.apache.ws.security.crypto.merlin.file">D:/keystore/client.keystore 
         </ramp:property> 
         <ramp:property 
          name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property> 
        </ramp:crypto> 
       </ramp:encryptionCypto> 

      </ramp:RampartConfig> 

     </wsp:All> 
    </wsp:ExactlyOne> 
</wsp:Policy> 

Tamam . Basit bir String döndüren tek bir işlev "getWelcome" ile "Server" adlı bir WebService var. İthalatçı sadece güvenliktir.

Sorun: i müvekkilimi yürütmek durumunda, o bir NullPointerException döndü ve o hizmetle bağlandı yapmadım. Bu hat istisna atar:

GetWelcomeResponse response = stub.getWelcome(); 

Ama sur modülün devre dışı bırakırsanız, o zaman ben servisle bağlantı olsun ama güvenlik başlığını özledim. Sorun şu çizgi:

client.engageModule("rampart"); 

Herkes bana yardımcı olabilir mi?

Answer 1

Aşağıdaki koddan, yorumlanmış çıkış satırını eklemeniz ve bunun altındaki diğer 5'i açıklamanız gerektiğini söyleyebilirim.

//  client.getAxisService().getPolicySubject().attachPolicy(policy); 
     options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy); 
     options.setUserName("libuser"); 
     options.setPassword("books"); 

     client.setOptions(options);   
     client.engageModule("addressing");