[prev in list] [next in list] [prev in thread] [next in thread]
List: rampart-dev
Subject: [jira] Resolved: (RAMPART-193) Missing signature in SOAP fault
From: "Nandana Mihindukulasooriya (JIRA)" <jira () apache ! org>
Date: 2009-08-31 19:19:33
Message-ID: 740989680.1251746373102.JavaMail.jira () brutus
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Nandana Mihindukulasooriya resolved RAMPART-193.
------------------------------------------------
Resolution: Fixed
This issue is fixed in Rampart 1.5 and now Rampart integration test has tests for \
negative scenarios to make sure this is not broken again.
regards,
Nandana
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Nandana Mihindukulasooriya
> Priority: Blocker
> Fix For: 1.5
>
> Attachments: RampartMessageData.class, RampartMessageData.java, \
> RampartMessageData.patch
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the \
> following issue: Whenever an Axis fault is generated on the server's side, the \
> SOAP fault message send back to the client is not signed. It results in an error \
> since the client is expecting a signed SOAP enveloppe. I'm working with AXIS2 1.4 \
> and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart \
> web site. According to the following reports \
> (http://issues.apache.org/jira/browse/RAMPART-18 and \
> http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been \
> fixed in version 1.4 of Rampart so I'm wondering if I'm doing something wrong or \
> if somehow the issue persists. Any clue will be very welcome. Thanks for the help. \
> This is a normal message when there is no faults: [INFO] Deploying module: \
> addressing-1.4 - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - \
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - \
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR \
> TEST</soapenv:Text> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is \
> the same policy on both ends (service and client). \
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" \
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> \
> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> \
> ressources\keys\ws.jks </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> \
> changeit</ramp:property> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> \
> JKS</ramp:property>
> <ramp:property \
> name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks \
> </ramp:property> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> \
> changeit</ramp:property> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic