|Subject:||Re: Problem in running simple security example|
|From:||M.Shyam Sundar Rao (Shya...@Sun.COM)|
|Date:||Jul 31, 2006 10:41:24 am|
sign-encrypt-client.xml - 0.9k
sign-encrypt-server.xml - 1k
I looked at your client/server keystore & trustore files and client/server config files.
The reason for getting the exception :
1) There are two entries (currentclient, xws-security-client ) in client-keystore.jks. But, in sign-encrypt-client.xml, you have not specified certificateAlias for signature. Due to which, an ambiguous state arises in the client for "which alias to use". So, if keystore / truststore contains more than one entry then we need to specify which alias to use in the config file. Otherwise, we will get the exception "No default X509Certificate was provided". If keystore / truststore contains a single entry, then its fine if we dont specify certificateAlias attribute for Signature or Encryption operation.
So, correct sign-encrypt-client.xml and sign-encrypt-server.xml are attached.
I ran xws-security/sample example using your keystore and modified config files and getting this exception "java.io.IOException: Cannot recover key". It may be because "the keystore password and the keyEntry password are different".
If you also get the same exception then make sure that you are following the correct steps for creating certificate.
Thanks - Shyam
Kashif Saleem wrote:
Hi Shyam, Attached are the client & server keystore and truststores,also I attached the sign-encrypt-client.xml and sign-encrypt-server.xml.
---------- Forwarded message ---------- From: *M.Shyam Sundar Rao* <Shya...@sun.com <mailto:Shya...@sun.com>> Date: Jul 31, 2006 11:41 AM Subject: Re: Problem in running simple security example To: use...@jwsdp.dev.java.net <mailto:use...@jwsdp.dev.java.net>
Kashif Saleem wrote:
Hi All, I just run the simple sample example that is given in $JWSDP_HOME/xws-security/samples/simple.It works fine,but when I changed it to run using the mycertificates.It has given me the following errors:
Can you please send me your keystores, so as , i could find out the exact reason for it ??
From the stack. it seems that the alias of x509 certificate is different in your keystore from what the sample is using for signature operation.
bash-2.05b$ ant run-sample Buildfile: build.xml
clean: [delete] Deleting directory /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples /simple/build [delete] Deleting directory /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples /simple/dist
tc-check: [mkdir] Created dir: /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples/simpl e/build/client/classes [mkdir] Created dir: /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples/simpl e/build/server/WEB-INF/classes [mkdir] Created dir: /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples/simpl e/dist
compile-handler-code: [echo] Compiling the handler source code [javac] Compiling 1 source file to /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security /samples/simple/build/server/WEB-INF/classes [javac] Compiling 1 source file to /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security /samples/simple/build/client/classes
create-handler-jar: [jar] Building jar: /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples/simp le/build/client/secenv-handler.jar
gen-server: [echo] Running wscompile....
compile-server: [echo] Compiling the server-side source code.... [javac] Compiling 2 source files to /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-securit y/samples/simple/build/server/WEB-INF/classes
setup-web-inf: [echo] Setting up build/server/WEB-INF... [copy] Copying 1 file to /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples/ simple/build/server/WEB-INF [copy] Copying 1 file to /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples/ simple/build/server/WEB-INF [copy] Copying 1 file to /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples/ simple/build/server/WEB-INF
raw-war: [echo] Packaging to dist/simple-portable.war.... [jar] Building jar: /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security/samples/simp le/dist/simple-portable.war
process-war: [echo] Running wsdeploy...
check-if-deployed-tom: [echo] Checking for deployed webapp at context path /securesimple
undeploy-tomcat: [echo] Undeploying existing webapp at securesimple
undeploy-tomcat-war-present: [echo] Undeploying existing webapp at securesimple [undeploy-catalina] OK - Undeployed application at context path /securesimple
deploy-tomcat: [echo] Deploying war for simple to tomcat [deploy-catalina] OK - Deployed application at context path /securesimple
gen-client: [echo] Running wscompile....
compile-client: [echo] Compiling the client source code.... [javac] Compiling 1 source file to /a/green/cs/research/medic/home0/paramedic/ucackxs/jwsdp-2.0/xws-security /samples/simple/build/client
run-sample: [echo] Running the simple.TestClient program.... [java] Service URL=http://localhost:8080/securesimple/Ping [java] 31-Jul-2006 11:03:26 com.sun.xml.wss.impl.filter.SignatureFilter process [java] SEVERE: WSS1417: Error while processing signature No default X509Certificate was provided [java] Exception in thread "main" java.rmi.RemoteException: com.sun.xml.wss.XWSSecurityException: com.sun.x ml.wss.XWSSecurityException: No default X509Certificate was provided; nested exception is: [java] javax.xml.rpc.JAXRPCException: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurity Exception: No default X509Certificate was provided [java] at simple.PingPort_Ping_Stub.ping(PingPort_Ping_Stub.java:146) [java] at simple.TestClient.main(TestClient.java:34) [java] Caused by: javax.xml.rpc.JAXRPCException: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSS ecurityException: No default X509Certificate was provided [java] at com.sun.xml.rpc.security.SecurityPluginUtil._preRequestSendingHook(SecurityPluginUtil.java:22 2) [java] at simple.PingPort_Ping_Stub._preRequestSendingHook(PingPort_Ping_Stub.java:263) [java] at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:91) [java] at simple.PingPort_Ping_Stub.ping(PingPort_Ping_Stub.java:130) [java] ... 1 more [java] Java Result: 1
BUILD SUCCESSFUL Total time: 1 minute 1 second bash-2.05b$
The only thing that I changed in the sample example is to use my certificates.I checked my client-keystore and server-truststore, client-certificate is there.Also server-certificate is present there in client-truststore and server-keystore.So I dont know the real cause of this error.Any help would highly be appreciated in this regard.Thanks.