axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Munro \(myDIALS\)" <tim.mu...@mydials.com>
Subject RE: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault Messages
Date Wed, 17 Oct 2007 10:00:45 GMT
Hello - can anyone please help me to fault-find this further?? 

-----Original Message-----
From: Tim Munro (myDIALS) [mailto:tim.munro@mydials.com] 
Sent: Tuesday, 16 October 2007 6:01 AM
To: axis-dev@ws.apache.org
Subject: RE: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
Messages

No, I have not yet resolved this issue & am eagerly awaiting guidance from
this list regarding how I can fault-find it further.

Best,
Tim. 

-----Original Message-----
From: balaji hari [mailto:to.haribalaji@gmail.com]
Sent: Tuesday, 16 October 2007 4:12 AM
To: axis-dev@ws.apache.org
Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
Messages


I am facing the same problem too..Did u have a chance to get any information
regarding this issue?

Balaji

Tim Munro (myDIALS) wrote:
> 
> Hi All,
>  
> I have developed an Axis2-1.3 client (with Rampart 1.3, using an 
> xmlbeans
> proxy) that calls methods on a secured .NET web service service. I can 
> successfully communicate with the .NET service, however when the .NET 
> server returns a valid fault message the xmlbeans proxy client never 
> receives the returned fault string; instead all the client receives is 
> the following
> message:
> Must Understand check failed for header 
>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
> 0.xsd : Security
> 
> Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy 
> received the correct/expected error string.
> 
> So, for example, if I call a method on the .NET web service with an 
> invalid parameter in the request document, the .NET web service 
> returns an informative message containing details of the problem. 
> Below is an example of the xml response message received from the .NET 
> server, and to me it appears to be a valid response:
> <?xml version='1.0' encoding='utf-8'?> <s:Envelope 
> xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> urity-
> utility-1.0.xsd">
> 	<s:Header>
> 		<o:Security
> xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> urity-
> secext-1.0.xsd" s:mustUnderstand="1">
> 			<u:Timestamp u:Id="_0">
> 	
> <u:Created>2007-10-12T01:02:16.796Z</u:Created>
> 	
> <u:Expires>2007-10-12T01:07:16.796Z</u:Expires>
> 			</u:Timestamp>
> 		</o:Security>
> 	</s:Header>
> 	<s:Body>
> 		<s:Fault>
> 			<faultcode>s:UnexpectedFault</faultcode>
> 			<faultstring xml:lang="en-US">An unexpected error
has occurred in 
> the service.
> System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva
> lidReq
> uestFault]: The dimension member 'Midlands' was included in a 
> dimension reference for the 'Products' dimension, but is not valid. 
> (Fault Detail is equal to
MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring>
> 		</s:Fault>
> 	</s:Body>
> </s:Envelope>
> 
> When I interact with this returned message (through the xmlbeans 
> proxy), the error message I see is the "Must Understand check failed 
> for header ..."
> rather than the value contained in the faultstring elemrnt of the 
> returned document.
> 
> The issue appears to be that the received message header contains a
> (valid)
> timestamp, as indicated above, however the Axis2 response handler 
> never seems to to process this timestamp in the header, meaning that 
> when the
> AxisEngine.checkMustUnderstand() performs the 
> headerBlock.isProcessed() test, the result is false and so the "Must
understand check failed ..."
> exception is thrown and my xmlbeans proxy never sees the real 
> faultstring message.
> 
> I am struggling to understand what is going wrong here ... any 
> guidance on what to fault-find next would be greatly appreciated as 
> after a few days looking at this I am unsure if it is a problem in 
> returned document, or my policy.xml.
> 
> Thanks,
> Tim Munro
> ===================
> 
> Below is my policy.xml document:
> <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> ecurit
> y-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> 	<wsp:ExactlyOne>
> 		<wsp:All>
> 			<sp:TransportBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<wsp:Policy>
> 					<sp:TransportToken>
> 						<wsp:Policy>
> 							<sp:HttpsToken
> RequireClientCertificate="false"/>
> 						</wsp:Policy>
> 					</sp:TransportToken>
> 					<sp:AlgorithmSuite>
> 						<wsp:Policy>
> 							<sp:Basic256/>
> 						</wsp:Policy>
> 					</sp:AlgorithmSuite>
> 					<sp:Layout>
> 						<wsp:Policy>
> 							<sp:Lax/>
> 						</wsp:Policy>
> 					</sp:Layout>
> 					<sp:IncludeTimestamp/>
> 				</wsp:Policy>
> 			</sp:TransportBinding>
> 			<sp:EndorsingSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<wsp:Policy>
> 					<sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> Includ
> eToken/AlwaysToRecipient">
> 						<wsp:Policy>
> 	
> <sp:WssX509V3Token10/>
> 						</wsp:Policy>
> 					</sp:X509Token>
> 				</wsp:Policy>
> 			</sp:EndorsingSupportingTokens>
> 			<sp:Wss10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> 				<wsp:Policy>
> 					<sp:MustSupportRefKeyIdentifier/>
> 					<sp:MustSupportRefIssuerSerial/>
> 				</wsp:Policy>
> 			</sp:Wss10>
> 			
> 			<ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy"> 
> 				<ramp:timestampTTL>300</ramp:timestampTTL>
> 	
> <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew>
> 	
> <ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6
> e69109
> 3f9d</ramp:user>
> 				<!-- passwordCallbackClass is set in mydials
config -->
> 				<!--
> <ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:pas
> swordC
> allbackClass> -->
> 	
> 				<ramp:signatureCrypto>
> 					<ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> 						<ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp
> :prope
> rty>
> 						<ramp:property
> name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp
> :prope
> rty>
> 						<ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:p
> ropert
> y>
> 					</ramp:crypto>
> 				</ramp:signatureCrypto>
> 			</ramp:RampartConfig>
> 
> 		</wsp:All>
> 	</wsp:ExactlyOne>
> </wsp:Policy>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
> 
> 
> 

--
View this message in context:
http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned-
Fault-Messages-tf4610994.html#a13218447
Sent from the Axis - Dev mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message