axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kalakhr <kala...@yahoo.com>
Subject Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault Messages
Date Wed, 06 Feb 2008 21:18:16 GMT

Any luck with this issue?  I just tried a client using Axis2-1.3 and rampart
from SVN trunk and the problem is still occuring.  I can't get rampart to
handle valid fault messages from a service.

Response:
----------
<?xml version='1.0' encoding='utf-8'?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
	<s:Header>
		<o:Security
		
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
			s:mustUnderstand="1">
			<u:Timestamp u:Id="_0">
				<u:Created>2008-02-06T21:16:00.531Z</u:Created>
				<u:Expires>2008-02-06T21:21:00.531Z</u:Expires>
			</u:Timestamp>
		</o:Security>
	</s:Header>
	<s:Body>
		<s:Fault>
			<faultcode>FCode1</faultcode>
			<faultstring xml:lang="en-US">
				Unable to successfully complete requested action. 
			</faultstring>
			<faultactor>Actor1</faultactor>
			<detail>
				<axis2ns1:MsgFault
					xmlns:axis2ns1="http://abc.com/xyz/2006/xsd">
				</axis2ns1:MsgFault>
			</detail>
		</s:Fault>
	</s:Body>
</s:Envelope>


Stack Trace:
------------
org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
	at
org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86)
	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135)
	at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336)
	at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
	at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
	at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)

Thanks,
Khaled


Ruchith Fernando wrote:
> 
> Hi Tim,
> 
> This is not fixed yet in the latest build ... Please keep an eye on
> the JIRA [1] we'll update it as soon as we fix it and the fix will be
> available in the latest build of the trunk.
> 
> Thanks,
> Ruchith
> 
> 1.  https://issues.apache.org/jira/browse/RAMPART-90
> 
> On 10/29/07, Tim Munro (myDIALS) <tim.munro@mydials.com> wrote:
>> Thanks for following up Ruchith, really appreciated. I look forward to
>> this
>> fix - will this appear in the latest builds, or will it only appear in
>> the
>> next "release" build.
>>
>> Best,
>> Tim.
>> -----Original Message-----
>> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
>> Sent: Monday, 29 October 2007 10:53 AM
>> To: axis-dev@ws.apache.org
>> Cc: tim.munro@mydials.com
>> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
>> Messages
>>
>> Hi,
>>
>> This is an issue in Rampart because it doesn't processes the security
>> header
>> of fault messages.
>>
>> https://issues.apache.org/jira/browse/RAMPART-90
>>
>> This will be fixed in the next release of Apache Rampart.
>>
>> Thanks,
>> Ruchith
>>
>> On 10/12/07, Tim Munro (myDIALS) <tim.munro@mydials.com> wrote:
>> > Hi All,
>> >
>> > I have developed an Axis2-1.3 client (with Rampart 1.3, using an
>> > xmlbeans
>> > proxy) that calls methods on a secured .NET web service service. I can
>> > successfully communicate with the .NET service, however when the .NET
>> > server returns a valid fault message the xmlbeans proxy client never
>> > receives the returned fault string; instead all the client receives is
>> > the following
>> > message:
>> > Must Understand check failed for header
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
>> > 0.xsd : Security
>> >
>> > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy
>> > received the correct/expected error string.
>> >
>> > So, for example, if I call a method on the .NET web service with an
>> > invalid parameter in the request document, the .NET web service
>> > returns an informative message containing details of the problem.
>> > Below is an example of the xml response message received from the .NET
>> > server, and to me it appears to be a valid response:
>> > <?xml version='1.0' encoding='utf-8'?> <s:Envelope
>> > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
>> > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
>> > urity-
>> > utility-1.0.xsd">
>> >         <s:Header>
>> >                 <o:Security
>> > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
>> > urity-
>> > secext-1.0.xsd" s:mustUnderstand="1">
>> >                         <u:Timestamp u:Id="_0">
>> >
>> > <u:Created>2007-10-12T01:02:16.796Z</u:Created>
>> >
>> > <u:Expires>2007-10-12T01:07:16.796Z</u:Expires>
>> >                         </u:Timestamp>
>> >                 </o:Security>
>> >         </s:Header>
>> >         <s:Body>
>> >                 <s:Fault>
>> >                         <faultcode>s:UnexpectedFault</faultcode>
>> >                         <faultstring xml:lang="en-US">An unexpected
>> > error has occurred in the service.
>> > System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva
>> > lidReq
>> > uestFault]: The dimension member 'Midlands' was included in a
>> > dimension reference for the 'Products' dimension, but is not valid.
>> > (Fault Detail is equal to
>> MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring>
>> >                 </s:Fault>
>> >         </s:Body>
>> > </s:Envelope>
>> >
>> > When I interact with this returned message (through the xmlbeans
>> > proxy), the error message I see is the "Must Understand check failed
>> for
>> header ..."
>> > rather than the value contained in the faultstring elemrnt of the
>> > returned document.
>> >
>> > The issue appears to be that the received message header contains a
>> > (valid) timestamp, as indicated above, however the Axis2 response
>> > handler never seems to to process this timestamp in the header,
>> > meaning that when the
>> > AxisEngine.checkMustUnderstand() performs the
>> > headerBlock.isProcessed() test, the result is false and so the "Must
>> understand check failed ..."
>> > exception is thrown and my xmlbeans proxy never sees the real
>> > faultstring message.
>> >
>> > I am struggling to understand what is going wrong here ... any
>> > guidance on what to fault-find next would be greatly appreciated as
>> > after a few days looking at this I am unsure if it is a problem in
>> > returned document, or my policy.xml.
>> >
>> > Thanks,
>> > Tim Munro
>> > ===================
>> >
>> > Below is my policy.xml document:
>> > <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly"
>> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
>> > ecurit y-utility-1.0.xsd"
>> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>> >         <wsp:ExactlyOne>
>> >                 <wsp:All>
>> >                         <sp:TransportBinding
>> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> >                                 <wsp:Policy>
>> >                                         <sp:TransportToken>
>> >                                                 <wsp:Policy>
>> >                                                         <sp:HttpsToken
>> > RequireClientCertificate="false"/>
>> >                                                 </wsp:Policy>
>> >                                         </sp:TransportToken>
>> >                                         <sp:AlgorithmSuite>
>> >                                                 <wsp:Policy>
>> >                                                         <sp:Basic256/>
>> >                                                 </wsp:Policy>
>> >                                         </sp:AlgorithmSuite>
>> >                                         <sp:Layout>
>> >                                                 <wsp:Policy>
>> >                                                         <sp:Lax/>
>> >                                                 </wsp:Policy>
>> >                                         </sp:Layout>
>> >                                         <sp:IncludeTimestamp/>
>> >                                 </wsp:Policy>
>> >                         </sp:TransportBinding>
>> >                         <sp:EndorsingSupportingTokens
>> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> >                                 <wsp:Policy>
>> >                                         <sp:X509Token
>> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
>> > Includ
>> > eToken/AlwaysToRecipient">
>> >                                                 <wsp:Policy>
>> >
>> > <sp:WssX509V3Token10/>
>> >                                                 </wsp:Policy>
>> >                                         </sp:X509Token>
>> >                                 </wsp:Policy>
>> >                         </sp:EndorsingSupportingTokens>
>> >                         <sp:Wss10
>> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> >                                 <wsp:Policy>
>> >                                        
>> <sp:MustSupportRefKeyIdentifier/>
>> >                                        
>> <sp:MustSupportRefIssuerSerial/>
>> >                                 </wsp:Policy>
>> >                         </sp:Wss10>
>> >
>> >                         <ramp:RampartConfig
>> > xmlns:ramp="http://ws.apache.org/rampart/policy">
>> >
>> > <ramp:timestampTTL>300</ramp:timestampTTL>
>> >
>> > <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew>
>> >
>> > <ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6
>> > e69109
>> > 3f9d</ramp:user>
>> >                                 <!-- passwordCallbackClass is set in
>> > mydials config -->
>> >                                 <!--
>> > <ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:pas
>> > swordC
>> > allbackClass> -->
>> >
>> >                                 <ramp:signatureCrypto>
>> >                                         <ramp:crypto
>> > provider="org.apache.ws.security.components.crypto.Merlin">
>> >                                                 <ramp:property
>> > name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp
>> > :prope
>> > rty>
>> >                                                 <ramp:property
>> > name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp
>> > :prope
>> > rty>
>> >                                                 <ramp:property
>> > name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:p
>> > ropert
>> > y>
>> >                                         </ramp:crypto>
>> >                                 </ramp:signatureCrypto>
>> >                         </ramp:RampartConfig>
>> >
>> >                 </wsp:All>
>> >         </wsp:ExactlyOne>
>> > </wsp:Policy>
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> > For additional commands, e-mail: axis-dev-help@ws.apache.org
>> >
>> >
>>
>>
>> --
>> http://blog.ruchith.org
>> http://wso2.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-dev-help@ws.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-dev-help@ws.apache.org
>>
>>
> 
> 
> -- 
> http://blog.ruchith.org
> http://wso2.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned-Fault-Messages-tp13167907p15312797.html
Sent from the Axis - Dev mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message