I think I found the way to pass parameters to a JAX-WS client. It doesn't work still for Rampart, but it worked when secured the service using Tomcat HTTP Basic auth and SSL. Since Rampart doesn't officially support JAX-WS just yet (or so is my impression), maybe it just doesn't check there for parameters.
Basically, you cast the created port (not the Service itself) to a javax.xml.ws.BindingProvider, and then it exposes request and response contexts as Maps. The BindingProvider even provides constants for the username and password. Here's how I ended up coding my client, maybe something similar would work for Rampart too? // RecordService is the service interface, and WSDL is a String constant RecordService service = Service.create(new URL(WSDL), new QName(RecordService.NAMESPACE, RecordService.SERVICE_NAME)).getPort(new QName(RecordService.NAMESPACE, RecordService.PORT_NAME), RecordService.class); Map<String, Object> context = ((BindingProvider) service).getRequestContext(); context.put(BindingProvider.USERNAME_PROPERTY, USERNAME); context.put(BindingProvider.PASSWORD_PROPERTY, PASSWORD); HTH, Alex ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: May 9, 2008 5:04 AM To: [email protected] Subject: AW: can I use use rampart with JAX-WS style webservice HI Alex, thanks for pointing me out to the next hurdle :-) I am not using jax-ws on the client side. Not yet anyhow. That is my next task. For the time being I am using the ServiceClient directly or using the stubs generated by the WSDL2Java. cheers Tezcan -----Ursprüngliche Nachricht----- Von: Savitsky, Alex [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 8. Mai 2008 19:28 An: [email protected] Betreff: RE: can I use use rampart with JAX-WS style webservice Forgot to mention that we're using JAX-WS on the client side, too. There's no ServiceClient there. No ConfigurationContext, either. Any ideas? javax.xml.ws.Service is notoriously bad at exposing anything useful... ________________________________ From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: May 8, 2008 1:18 PM To: [email protected] Subject: Re: can I use use rampart with JAX-WS style webservice How did you set the username/password on the client side? I can't find a way to get a hold on service Options... http://wso2.org/library/3190#Step_3._Engaging_Rampart_and_setting_authentication_information -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: May 8, 2008 11:41 AM To: [email protected]<mailto:[email protected]> Subject: AW: can I use use rampart with JAX-WS style webservice Hi Alex, WOW..!!now I copied the policy.xml into axis2.xml config and the whole scenario (JAX-WS+Rampart policy) works fine. As you said it in your mail, since I only have one service running, engaging rampart globally in axis2.xml and specifying the policy in there does the trick for me. Cheers Tezcan -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Gesendet: Donnerstag, 8. Mai 2008 17:16 An: [email protected]<mailto:[email protected]> Betreff: AW: can I use use rampart with JAX-WS style webservice Hi Alex, I have pasted the policy into my wsdl for the time being and am refering to it in my service using wsdlLocation as shown below. The service is deployed in a jar file under WEB-INF\servicejars. My client engages the addressing and rampart before calling the service. If I comment out the <wsp:Policy></wsp:Policy> block in my wsdl and engage only addressing in my client the whole thing works just fine. HTH cheers Tezcan @WebService(endpointInterface = "demo.rampart.policy.sample.SimpleService", serviceName = "SecuredEcho", wsdlLocation="WEB-INF/wsdl/SecuredEcho.wsdl" ) @Addressing(enabled=true, required=true) public class SimpleServiceImpl implements SimpleService{ public String echo(String arg) { System.out.println("the server side echo==>"+arg); return arg; } } -----Ursprüngliche Nachricht----- Von: Savitsky, Alex [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Gesendet: Donnerstag, 8. Mai 2008 16:34 An: [email protected]<mailto:[email protected]> Betreff: RE: can I use use rampart with JAX-WS style webservice Not yet - I see the rampart deployment messages in the server log, and it seem to send the "must understand" headers, but no password is either sent or checked. Where did you put your policy? I've placed mine in the axis config itself. I'll keep you (and everyone here) posted. HTH, Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: May 8, 2008 10:05 AM To: [email protected]<mailto:[email protected]> Subject: AW: can I use use rampart with JAX-WS style webservice Hi Alex thnx for the tip but this gives me my original exception "Must Understand check failed for headers" found in thread [1].:-( Does this work for you at global level? cheers Tezcan [1]http://markmail.org/search/?q=list%3Aorg.apache.ws.axis-user+What+is+%22Must#query:list%3Aorg.apache.ws.axis-user%20What%20is%20%22Must+page:1+mid:jlc64h7qnvsoyfff+state:results -----Ursprüngliche Nachricht----- Von: Savitsky, Alex [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Gesendet: Donnerstag, 8. Mai 2008 15:39 An: [email protected]<mailto:[email protected]> Betreff: RE: can I use use rampart with JAX-WS style webservice Declaring the rampart in axis2.xml global config (and putting the rampart.mar in WEB-INF/modules, of course) would engage it globally for all services. If you only have one service running, this might be what you need. I haven't found a way to engage a module ona per-service basis, though. HTH, Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Sent: May 8, 2008 7:43 AM To: [email protected]<mailto:[email protected]> Subject: AW: can I use use rampart with JAX-WS style webservice Hi thanks for your answer. Unfortunately it does not seem to do the trick. I am getting the following error. [ERROR] com.sun.xml.bind.v2.runtime.IllegalAnnotationsException: 32 counts of IllegalAnnotationExceptions org.apache.axiom.attachments.lifecycle.LifecycleManager is an interface, and JAXB can't handle interfaces. I am beginning to think that it is not possible to engage Rampart with annotations. cheers Tezcan -----Ursprüngliche Nachricht----- Von: Ruchith Fernando [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>] Gesendet: Dienstag, 6. Mai 2008 09:57 An: [email protected]<mailto:[email protected]> Betreff: Re: can I use use rampart with JAX-WS style webservice I haven't tried this but I think the following solution will work: - first implement lifecycle management on the service [1] - now in the "init" method you can get hold of the AxisService instance and then you can engage the rampart module on it. - Finally you can load the policy from a file as an org.apache.neethi.Policy object and add that to the AxisService instance as well. Now you have a WS-Sec enabled service :-) HTH Thanks, Ruchith p.s. You can also try WSO2 WSAS [2] and try the WS-Sec support available as well! 1. http://ws.apache.org/axis2/1_3/api/org/apache/axis2/service/Lifecycle.html 2. http://wso2.org/downloads/wsas On Wed, Apr 30, 2008 at 8:39 PM, <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: > > > > Hi > > I have a web service developed using jax-ws style annotations. So it > does not require a services.xml, It is deployed to axis2 as jar file > under WEB-INF\servicejars directory. > > Now if I want to secure this service using rampart how do I link the > policy.xml? > > Where do I add the stuff such as <module ref="rampart"> that one > usually adds into services.xml ? > > > cheers > Tezcan -- http://blog.ruchith.org http://wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> ******************** NOTICE OF CONFIDENTIALITY This communication including any information transmitted with it is intended only for the use of the addressees and is confidential. If you are not an intended recipient or responsible for delivering the message to an intended recipient, any review, disclosure, conversion to hard copy, dissemination, reproduction or other use of any part of this communication is strictly prohibited, as is the taking or omitting of any action in reliance upon this communication. If you receive this communication in error or without authorization please notify us immediately by return e-mail or otherwise and permanently delete the entire communication from any computer, disk drive, or other storage medium. If the above disclaimer is not properly readable, it can be found at www.td.com/legal<http://www.td.com/legal> AVERTISSEMENT DE CONFIDENTIALITE Ce courriel, ainsi que tout renseignement ci-inclus, destiné uniquement aux destinataires susmentionnés, est confidentiel. Si vous n'êtes pas le destinataire prévu ou un agent responsable de la livraison de ce courriel, tout examen, divulgation, copie, impression, reproduction, distribution, ou autre utilisation d'une partie de ce courriel est strictement interdit de même que toute intervention ou abstraction à cet égard. Si vous avez reçu ce message par erreur ou sans autorisation, veuillez en aviser immédiatement l'expéditeur par retour de courriel ou par un autre moyen et supprimer immédiatement cette communication entière de tout système électronique. Si l'avis de non-responsabilité ci-dessus n'est pas lisible, vous pouvez le consulter à www.td.com/francais/legale<http://www.td.com/francais/legale> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> ******************** NOTICE OF CONFIDENTIALITY This communication including any information transmitted with it is intended only for the use of the addressees and is confidential. If you are not an intended recipient or responsible for delivering the message to an intended recipient, any review, disclosure, conversion to hard copy, dissemination, reproduction or other use of any part of this communication is strictly prohibited, as is the taking or omitting of any action in reliance upon this communication. If you receive this communication in error or without authorization please notify us immediately by return e-mail or otherwise and permanently delete the entire communication from any computer, disk drive, or other storage medium. If the above disclaimer is not properly readable, it can be found at www.td.com/legal<http://www.td.com/legal> AVERTISSEMENT DE CONFIDENTIALITE Ce courriel, ainsi que tout renseignement ci-inclus, destiné uniquement aux destinataires susmentionnés, est confidentiel. Si vous n'êtes pas le destinataire prévu ou un agent responsable de la livraison de ce courriel, tout examen, divulgation, copie, impression, reproduction, distribution, ou autre utilisation d'une partie de ce courriel est strictement interdit de même que toute intervention ou abstraction à cet égard. Si vous avez reçu ce message par erreur ou sans autorisation, veuillez en aviser immédiatement l'expéditeur par retour de courriel ou par un autre moyen et supprimer immédiatement cette communication entière de tout système électronique. Si l'avis de non-responsabilité ci-dessus n'est pas lisible, vous pouvez le consulter à www.td.com/francais/legale<http://www.td.com/francais/legale> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> ******************** NOTICE OF CONFIDENTIALITY This communication including any information transmitted with it is intended only for the use of the addressees and is confidential. If you are not an intended recipient or responsible for delivering the message to an intended recipient, any review, disclosure, conversion to hard copy, dissemination, reproduction or other use of any part of this communication is strictly prohibited, as is the taking or omitting of any action in reliance upon this communication. If you receive this communication in error or without authorization please notify us immediately by return e-mail or otherwise and permanently delete the entire communication from any computer, disk drive, or other storage medium. If the above disclaimer is not properly readable, it can be found at www.td.com/legal<http://www.td.com/legal> AVERTISSEMENT DE CONFIDENTIALITE Ce courriel, ainsi que tout renseignement ci-inclus, destiné uniquement aux destinataires susmentionnés, est confidentiel. Si vous n'êtes pas le destinataire prévu ou un agent responsable de la livraison de ce courriel, tout examen, divulgation, copie, impression, reproduction, distribution, ou autre utilisation d'une partie de ce courriel est strictement interdit de même que toute intervention ou abstraction à cet égard. Si vous avez reçu ce message par erreur ou sans autorisation, veuillez en aviser immédiatement l'expéditeur par retour de courriel ou par un autre moyen et supprimer immédiatement cette communication entière de tout système électronique. Si l'avis de non-responsabilité ci-dessus n'est pas lisible, vous pouvez le consulter à www.td.com/francais/legale<http://www.td.com/francais/legale> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>
