Hyland Connect

mirkob · ‎03-05-2009

Hi, I have a problem running the WcfCmisTest example.

I downloaded the last "alfresco-labs-sdk-3Stable", where I found the source code of the example, and the last "alfresco-labs-tomcat-3Stable" for the server side.

I configured Tomcat to accept connection whith the "https" protocol (WcfCmisTest seems not support "http" protocol). To do this I followed the intruction on the Apache site:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

My "server.xml" is:


<?xml version='1.0' encoding='utf-8'?>

<Server port="8005" shutdown="SHUTDOWN">
   <Listener className="org.apache.catalina.core.JasperListener" />
   <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
   <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

   <GlobalNamingResources>
      <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
   </GlobalNamingResources>

   <Service name="Catalina">
      <Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
         connectionTimeout="20000" 
         redirectPort="8443" />

      <Connector protocol="org.apache.coyote.http11.Http11Protocol"
         port="8443" minSpareThreads="5" maxSpareThreads="75"
         enableLookups="true" disableUploadTimeout="true" 
         acceptCount="100"  maxThreads="200"
         scheme="https" secure="true" SSLEnabled="true"
         keystoreFile="${user.home}/.keystore" keystorePass="changeit"
         clientAuth="false" sslProtocol="TLS"/>

      <Engine name="Catalina" defaultHost="localhost">
         <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
            resourceName="UserDatabase"/>

         <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">
         </Host>
      </Engine>
   </Service>
</Server>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

At this point I tried to run the example, but i obtained the following exception:


System.ServiceModel.Security.SecurityAccessDeniedException was unhandled
  Message="The security token could not be authenticated or authorized"
  Source="mscorlib"
  StackTrace:
    Server stack trace: 
       in System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
       in System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
       in System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       in System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
       in System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       in System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
    Exception rethrown at [0]: 
       in System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       in System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       in RepositoryServicePort.getRootFolder(String filter)
       in RepositoryServicePortClient.getRootFolder(String filter) in D:\Downloads\Alfresco\alfresco-labs-sdk-3Stable\src\remote-api-src\sample\WcfCmisTest\src\RepositoryService.cs:riga 1698
       in CmisTest.Program.Main(String[] args) in D:\Downloads\Alfresco\alfresco-labs-sdk-3Stable\src\remote-api-src\sample\WcfCmisTest\src\Program.cs:riga 40
       in System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)
       in System.AppDomain.nExecuteAssembly(Assembly assembly, String[] args)
       in System.Runtime.Hosting.ManifestRunner.Run(Boolean checkAptModel)
       in System.Runtime.Hosting.ManifestRunner.ExecuteAsAssembly()
       in System.Runtime.Hosting.ApplicationActivator.CreateInstance(ActivationContext activationContext, String[] activationCustomData)
       in System.Runtime.Hosting.ApplicationActivator.CreateInstance(ActivationContext activationContext)
       in System.Activator.CreateInstance(ActivationContext activationContext)
       in Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssemblyDebugInZone()
       in System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       in System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       in System.Threading.ThreadHelper.ThreadStart()
  InnerException: 
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Enablig the log for Alfresco


log4j.logger.org.apache.axis=debug
log4j.logger.org.apache.ws=debug

log4j.logger.org.apache.cxf=debug

log4j.logger.org.alfresco.repo.webservice=debug
log4j.logger.org.alfresco.cmis=debug
‍‍‍‍‍‍‍‍‍

I can show those messages from Alfresco


08:20:40,974  DEBUG [transport.servlet.ServletController] Service http request on thread: Thread[http-8443-1,5,main]
08:20:41,068  DEBUG [transport.http.AbstractHTTPDestination] Request Headers: {content-length=[911], connection=[Keep-Alive], host=[localhost:8443], expect=[100
-continue], content-type=[text/xml; charset=utf-8], soapaction=[""]}

…

—————————-
Encoding: UTF-8
Headers: {content-length=[911], connection=[Keep-Alive], host=[localhost:8443], expect=[100-continue], content-type=[text/xml; charset=utf-8], soapaction=[""]}
Messages:
Message:

Payload: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0
.xsd"><s:Header><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><u:Timestamp u:Id="
_0"><u:Created>2009-03-05T07:20:40.389Z</u:Created><u:Expires>2009-03-05T07:25:40.389Z</u:Expires></u:Timestamp><o:UsernameToken u:Id="uuid-a48ba50d-f864-453e-9
69c-393d5f242895-1"><o:Username>admin</o:Username><o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Passwor
dText">admin</o:Password></o:UsernameToken></o:Security></s:Header><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/20
01/XMLSchema"><getRootFolder xmlns="http://www.cmis.org/ns/1.0"><filter>*</filter></getRootFolder></s:Body></s:Envelope>
————————————–

…

08:20:41,723  DEBUG [security.wss4j.WSS4JInInterceptor] WSS4JInInterceptor: enter handleMessage()
08:20:41,990  DEBUG [ws.security.WSSConfig] The provider JuiCE could not be added: org.apache.security.juice.provider.JuiCEProviderOpenSSL
08:20:41,997  DEBUG [ws.security.WSSecurityEngine] enter processSecurityHeader()
08:20:42,008  DEBUG [ws.security.WSSecurityEngine] Processing WS-Security header for '' actor.
08:20:42,013  DEBUG [security.processor.TimestampProcessor] Found Timestamp list element
08:20:42,026  DEBUG [security.processor.TimestampProcessor] Preparing to verify the timestamp
08:20:42,030  DEBUG [security.processor.TimestampProcessor] Current time: 2009-03-05T07:20:42.030Z
08:20:42,039  DEBUG [security.processor.TimestampProcessor] Timestamp created: 2009-03-05T07:20:40.389Z
08:20:42,042  DEBUG [security.processor.TimestampProcessor] Timestamp expires: 2009-03-05T07:25:40.389Z
08:20:42,048  DEBUG [security.processor.UsernameTokenProcessor] Found UsernameToken list element
08:20:42,057  DEBUG [security.processor.UsernameTokenProcessor] UsernameToken user admin
08:20:42,062  DEBUG [security.processor.UsernameTokenProcessor] UsernameToken password admin
08:20:42,067  DEBUG [security.processor.UsernameTokenProcessor] Authentication failed as handleCustomUsernameTokenTypes is false
08:20:42,078  WARN  [security.wss4j.WSS4JInInterceptor]
org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:139)
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:53)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:153)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:65)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:78)
        at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:92)
        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:283)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:166)
        at org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:174)
        at org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:152)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:595)
08:20:42,166  INFO  [cxf.phase.PhaseInterceptorChain] Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The security token could not be authenticated or authorized
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:396)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:247)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:65)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:78)
        at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:92)
        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:283)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:166)
        at org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:174)
        at org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:152)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
        at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:139)
        at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:53)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:153)
        … 22 more

…

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Can you help me?
Thank you in advance.

mirkob · ‎03-05-2009

An upgrade to the previous post.

I tried to compare the two versions of the example: .Net vs Java.

I used the same server, but the Java version uses the "http" protocol (this example does not support "https")

I ran the test:


cmis-test.bat http://localhost:8080 admin admin
‍‍‍

and it worked perfectly.

The Java version uses the "PasswordDigest" password type, the .Net "PasswordText". To compare the two exemples I changed the Java password type to "PasswordText".

I compared the two envelope:

.NET


<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
   <u:Timestamp u:Id="_0">
      <u:Created>2009-03-04T12:35:29.863Z</u:Created>
      <u:Expires>2009-03-04T12:40:29.863Z</u:Expires>
   </u:Timestamp>
   <o:UsernameToken u:Id="uuid-bc221500-1123-423b-9b11-ffad75ed252d-1">
      <o:Username>admin</o:Username>
      <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</o:Password>
   </o:UsernameToken>
</o:Security>
</s:Header>
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
   <getRootFolder xmlns="http://www.cmis.org/ns/1.0"><filter>*</filter></getRootFolder>
</s:Body>
</s:Envelope>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Java


<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
   <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
      <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-9742914">
         <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-03-04T12:42:13.304Z</wsu:Created>
         <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-03-04T12:47:13.304Z</wsu:Expires>
      </wsu:Timestamp>
      <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
                          xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
         wsu:Id="UsernameToken-8593864">
         
         <wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">admin</wsse:Username>
         <wsse:Password xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
            Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
      </wsse:UsernameToken>
   </wsse:Security>
</soap:Header>
<soap:Body>
   <ns1:getRepositories xmlns:ns1="http://www.cmis.org/2008/05" />
</soap:Body>
</soap:Envelope>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

The envelopes are very similar, this suggests that the problem is not in the message, but in some other place.

mirkob · ‎03-05-2009

I discovered the cause of the problem:

.Net generate an envelope like this:


<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
   <u:Timestamp u:Id="_0">
      <u:Created>2009-03-04T12:35:29.863Z</u:Created>
      <u:Expires>2009-03-04T12:40:29.863Z</u:Expires>
   </u:Timestamp>
   <o:UsernameToken u:Id="uuid-bc221500-1123-423b-9b11-ffad75ed252d-1">
      <o:Username>admin</o:Username>
      <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</o:Password>
   </o:UsernameToken>
</o:Security>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍

in particular:

<o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</o:Password>‍

has the attribute "Type" with the namespace.

This violates the definition of the tag "UsernameToken" as described in:
http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf

See also:
http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200810.mbox/%3C1928235844.1224139846575.JavaMa...

pie · ‎04-09-2009

When I connected to Alfresco, I used the following header in my SOAP calls:


<soapenv:Envelope xmlns:ns="http://www.cmis.org/2008/05" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsu:Timestamp wsu:Id="Timestamp-26726559" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2009-04-09T13:57:50.375Z</wsu:Created>
            <wsu:Expires>2009-04-09T14:03:50.375Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:UsernameToken wsu:Id="UsernameToken-10473606" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">p50qO4MOV/3uXRsWvZWR/CkW5yI= </wsse:Password>
            <wsse:Nonce>NonceValue</wsse:Nonce>
            <wsu:Created>2009-04-09T13:37:28.391Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
   </soapenv:Body>
</soapenv:Envelope>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I found I had to generate much of the header myself in .NET to get it to work.

-Pie

gswamy · ‎02-05-2010

I get a similar problem, my one is SOAPUI and other client java. It works fine with Java.

How I do I convert the text password to digest password?

I use rampart, axis and webservice. I get same authentication error.

-Geetha

Hyland Connect

WcfCmisTest Problem