axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mgai...@hotmail.com
Subject Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault Messages
Date Wed, 06 Feb 2008 21:44:35 GMT
zooming to the last entry for the bug:
Jan 10 08 Fixed in revision 610736. We have to add the security phase to in
the axis2.xml to use Rampart from now on. Will include a note about this in
the READ_ME file.

should be checked into trunk
anyone to generate the RC and update the mirrors the last one I see is from
sept 07?
http://ftp.wayne.edu/apache/ws/rampart/1_3/

Thanks
M-
----- Original Message -----
Wrom: EXCAXZOWCONEUQZAAFXISHJEXXIMQ
To: <axis-dev@ws.apache.org>
Sent: Wednesday, February 06, 2008 4:18 PM
Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
Messages


>
> Any luck with this issue?  I just tried a client using Axis2-1.3 and
rampart
> from SVN trunk and the problem is still occuring.  I can't get rampart to
> handle valid fault messages from a service.
>
> Response:
> ----------
> <?xml version='1.0' encoding='utf-8'?>
> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
>
>
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
utility-1.0.xsd">
> <s:Header>
> <o:Security
>
>
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd"
> s:mustUnderstand="1">
> <u:Timestamp u:Id="_0">
> <u:Created>2008-02-06T21:16:00.531Z</u:Created>
> <u:Expires>2008-02-06T21:21:00.531Z</u:Expires>
> </u:Timestamp>
> </o:Security>
> </s:Header>
> <s:Body>
> <s:Fault>
> <faultcode>FCode1</faultcode>
> <faultstring xml:lang="en-US">
> Unable to successfully complete requested action.
> </faultstring>
> <faultactor>Actor1</faultactor>
> <detail>
> <axis2ns1:MsgFault
> xmlns:axis2ns1="http://abc.com/xyz/2006/xsd">
> </axis2ns1:MsgFault>
> </detail>
> </s:Fault>
> </s:Body>
> </s:Envelope>
>
>
> Stack Trace:
> ------------
> org.apache.axis2.AxisFault: Must Understand check failed for header
>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.xsd
> : Security
> at
> org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135)
> at
>
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAx
isOperation.java:336)
> at
>
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio
n.java:389)
> at
>
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisO
peration.java:211)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>
> Thanks,
> Khaled
>
>
> Ruchith Fernando wrote:
> >
> > Hi Tim,
> >
> > This is not fixed yet in the latest build ... Please keep an eye on
> > the JIRA [1] we'll update it as soon as we fix it and the fix will be
> > available in the latest build of the trunk.
> >
> > Thanks,
> > Ruchith
> >
> > 1.  https://issues.apache.org/jira/browse/RAMPART-90
> >
> > On 10/29/07, Tim Munro (myDIALS) <tim.munro@mydials.com> wrote:
> >> Thanks for following up Ruchith, really appreciated. I look forward to
> >> this
> >> fix - will this appear in the latest builds, or will it only appear in
> >> the
> >> next "release" build.
> >>
> >> Best,
> >> Tim.
> >> -----Original Message-----
> >> Wrom: ZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGG
> >> Sent: Monday, 29 October 2007 10:53 AM
> >> To: axis-dev@ws.apache.org
> >> Cc: tim.munro@mydials.com
> >> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
> >> Messages
> >>
> >> Hi,
> >>
> >> This is an issue in Rampart because it doesn't processes the security
> >> header
> >> of fault messages.
> >>
> >> https://issues.apache.org/jira/browse/RAMPART-90
> >>
> >> This will be fixed in the next release of Apache Rampart.
> >>
> >> Thanks,
> >> Ruchith
> >>
> >> On 10/12/07, Tim Munro (myDIALS) <tim.munro@mydials.com> wrote:
> >> > Hi All,
> >> >
> >> > I have developed an Axis2-1.3 client (with Rampart 1.3, using an
> >> > xmlbeans
> >> > proxy) that calls methods on a secured .NET web service service. I
can
> >> > successfully communicate with the .NET service, however when the .NET
> >> > server returns a valid fault message the xmlbeans proxy client never
> >> > receives the returned fault string; instead all the client receives
is
> >> > the following
> >> > message:
> >> > Must Understand check failed for header
> >> >
> >>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
> >> > 0.xsd : Security
> >> >
> >> > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy
> >> > received the correct/expected error string.
> >> >
> >> > So, for example, if I call a method on the .NET web service with an
> >> > invalid parameter in the request document, the .NET web service
> >> > returns an informative message containing details of the problem.
> >> > Below is an example of the xml response message received from the
NET
> >> > server, and to me it appears to be a valid response:
> >> > <?xml version='1.0' encoding='utf-8'?> <s:Envelope
> >> > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
> >> >
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> >> > urity-
> >> > utility-1.0.xsd">
> >> >         <s:Header>
> >> >                 <o:Security
> >> >
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> >> > urity-
> >> > secext-1.0.xsd" s:mustUnderstand="1">
> >> >                         <u:Timestamp u:Id="_0">
> >> >
> >> > <u:Created>2007-10-12T01:02:16.796Z</u:Created>
> >> >
> >> > <u:Expires>2007-10-12T01:07:16.796Z</u:Expires>
> >> >                         </u:Timestamp>
> >> >                 </o:Security>
> >> >         </s:Header>
> >> >         <s:Body>
> >> >                 <s:Fault>
> >> >                         <faultcode>s:UnexpectedFault</faultcode>
> >> >                         <faultstring xml:lang="en-US">An unexpected
> >> > error has occurred in the service.
> >> >
System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva
> >> > lidReq
> >> > uestFault]: The dimension member 'Midlands' was included in a
> >> > dimension reference for the 'Products' dimension, but is not valid.
> >> > (Fault Detail is equal to
> >> MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring>
> >> >                 </s:Fault>
> >> >         </s:Body>
> >> > </s:Envelope>
> >> >
> >> > When I interact with this returned message (through the xmlbeans
> >> > proxy), the error message I see is the "Must Understand check failed
> >> for
> >> header ..."
> >> > rather than the value contained in the faultstring elemrnt of the
> >> > returned document.
> >> >
> >> > The issue appears to be that the received message header contains a
> >> > (valid) timestamp, as indicated above, however the Axis2 response
> >> > handler never seems to to process this timestamp in the header,
> >> > meaning that when the
> >> > AxisEngine.checkMustUnderstand() performs the
> >> > headerBlock.isProcessed() test, the result is false and so the "Must
> >> understand check failed ..."
> >> > exception is thrown and my xmlbeans proxy never sees the real
> >> > faultstring message.
> >> >
> >> > I am struggling to understand what is going wrong here ... any
> >> > guidance on what to fault-find next would be greatly appreciated as
> >> > after a few days looking at this I am unsure if it is a problem in
> >> > returned document, or my policy.xml.
> >> >
> >> > Thanks,
> >> > Tim Munro
> >> > ===================
> >> >
> >> > Below is my policy.xml document:
> >> > <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly"
> >> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> >> > ecurit y-utility-1.0.xsd"
> >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> >> >         <wsp:ExactlyOne>
> >> >                 <wsp:All>
> >> >                         <sp:TransportBinding
> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >> >                                 <wsp:Policy>
> >> >                                         <sp:TransportToken>
> >> >                                                 <wsp:Policy>
> >> >
<sp:HttpsToken
> >> > RequireClientCertificate="false"/>
> >> >                                                 </wsp:Policy>
> >> >                                         </sp:TransportToken>
> >> >                                         <sp:AlgorithmSuite>
> >> >                                                 <wsp:Policy>
> >> >
<sp:Basic256/>
> >> >                                                 </wsp:Policy>
> >> >                                         </sp:AlgorithmSuite>
> >> >                                         <sp:Layout>
> >> >                                                 <wsp:Policy>
> >> >                                                         <sp:Lax/>
> >> >                                                 </wsp:Policy>
> >> >                                         </sp:Layout>
> >> >                                         <sp:IncludeTimestamp/>
> >> >                                 </wsp:Policy>
> >> >                         </sp:TransportBinding>
> >> >                         <sp:EndorsingSupportingTokens
> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >> >                                 <wsp:Policy>
> >> >                                         <sp:X509Token
> >> >
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> >> > Includ
> >> > eToken/AlwaysToRecipient">
> >> >                                                 <wsp:Policy>
> >> >
> >> > <sp:WssX509V3Token10/>
> >> >                                                 </wsp:Policy>
> >> >                                         </sp:X509Token>
> >> >                                 </wsp:Policy>
> >> >                         </sp:EndorsingSupportingTokens>
> >> >                         <sp:Wss10
> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >> >                                 <wsp:Policy>
> >> >
> >> <sp:MustSupportRefKeyIdentifier/>
> >> >
> >> <sp:MustSupportRefIssuerSerial/>
> >> >                                 </wsp:Policy>
> >> >                         </sp:Wss10>
> >> >
> >> >                         <ramp:RampartConfig
> >> > xmlns:ramp="http://ws.apache.org/rampart/policy">
> >> >
> >> > <ramp:timestampTTL>300</ramp:timestampTTL>
> >> >
> >> > <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew>
> >> >
> >> >
<ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6
> >> > e69109
> >> > 3f9d</ramp:user>
> >> >                                 <!-- passwordCallbackClass is set in
> >> > mydials config -->
> >> >                                 <!--
> >> >
<ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:pas
> >> > swordC
> >> > allbackClass> -->
> >> >
> >> >                                 <ramp:signatureCrypto>
> >> >                                         <ramp:crypto
> >> > provider="org.apache.ws.security.components.crypto.Merlin">
> >> >                                                 <ramp:property
> >> >
name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp
> >> > :prope
> >> > rty>
> >> >                                                 <ramp:property
> >> >
name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp
> >> > :prope
> >> > rty>
> >> >                                                 <ramp:property
> >> >
name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:p
> >> > ropert
> >> > y>
> >> >                                         </ramp:crypto>
> >> >                                 </ramp:signatureCrypto>
> >> >                         </ramp:RampartConfig>
> >> >
> >> >                 </wsp:All>
> >> >         </wsp:ExactlyOne>
> >> > </wsp:Policy>
> >> >
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> >> > For additional commands, e-mail: axis-dev-help@ws.apache.org
> >> >
> >> >
> >>
> >>
> >> --
> >> http://blog.ruchith.org
> >> http://wso2.org
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: axis-dev-help@ws.apache.org
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: axis-dev-help@ws.apache.org
> >>
> >>
> >
> >
> > --
> > http://blog.ruchith.org
> > http://wso2.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-dev-help@ws.apache.org
> >
> >
> >
>
> --
> View this message in context:
http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned-
Fault-Messages-tp13167907p15312797.html
> Sent from the Axis - Dev mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org


Mime
View raw message