0

I try to add the rampart security to my axis2 web service using rampart module.

So here is what I have made:

  1. I have stored in a database the hashed value of "bobWWW" password and the salt

In my PWCBHandler.java class

•I select the stored in the database password and hash

•I try to hash with same algorithm pwcb.getPassword() with the same stored salt

•check if this new hashed password is equal to the stored password

But I constantly was receiving nullpointerexception so I decide to check and wrote this code

if(pwcb.getPassword()==null)
{
   try {
        throw new Exception ("passwordget pass null" +pwcb.getPassword());
        } 
        catch (Exception e) 
        {
           // TODO Auto-generated catch block
        e.printStackTrace();
         }
}

And I see that pwcb.getPassword() is empty. So here is the code of PWCBHandler.java

public void handle(Callback[] callbacks)   throws IOException,  UnsupportedCallbackException 
  {

      for (int i = 0; i < callbacks.length; i++) 
       {          
            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
            try {
              pasandsalt = getdataforChecking();



            if(pwcb.getPassword()==null)
            {

                try {
                    throw new Exception ("passwordget pass null" +pwcb.getPassword());
                } catch (Exception e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            }



            try {
                passwordforchecking = hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));


            } catch (Exception e) {

                // TODO Auto-generated catch block
                e.printStackTrace();
            }





             if((pwcb.getIdentifier().equals("bob")) && (passwordforchecking.equals(pasandsalt[0])) ) 
             {
                return;

             } 
         }

And here is my soaprequest with the sequeiry header

 var sr =  
                "<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
                "<soapenv:Envelope " + 

                 "xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" " +
                 "xmlns:nilo=\"http://nilo\">"+
                  "<soapenv:Header>"+
                  '<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" soapenv:mustUnderstand="1">'+
                  '<wsse:UsernameToken xmlns:wsu="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="123">'+
                  '<wsse:Username>bob</wsse:Username>'+
                  '<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobWWW</wsse:Password>'+
                  '</wsse:UsernameToken>'+
                  '</wsse:Security>'+
                  "</soapenv:Header>"+
                  "<soapenv:Body>" +
                  "<nilo:getdataForChecking>" +
                  '<nilo:data>'+tranXml+'</nilo:data>' +

                   ' </nilo:getdataForChecking>'+

                    '</soapenv:Body>' +



                  '</soapenv:Envelope>';
dreamcrash
  • 47,137
  • 25
  • 94
  • 117
Tania Marinova
  • 1,788
  • 8
  • 39
  • 67

1 Answers1

0

According to your soap headers i can see you are using a Plain text password instead of Password Digest. You might need to change the rampart configuration 

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobWWW</wsse:Password>

this might be helpful to you. http://wso2.com/library/240/

Chamila Adhikarinayake
  • 3,588
  • 5
  • 25
  • 32