Return-Path: Delivered-To: apmail-ws-axis-dev-archive@www.apache.org Received: (qmail 72001 invoked from network); 6 Feb 2008 21:18:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 6 Feb 2008 21:18:59 -0000 Received: (qmail 27140 invoked by uid 500); 6 Feb 2008 21:18:43 -0000 Delivered-To: apmail-ws-axis-dev-archive@ws.apache.org Received: (qmail 27094 invoked by uid 500); 6 Feb 2008 21:18:43 -0000 Mailing-List: contact axis-dev-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-dev@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-dev@ws.apache.org Received: (qmail 26926 invoked by uid 99); 6 Feb 2008 21:18:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Feb 2008 13:18:42 -0800 X-ASF-Spam-Status: No, hits=4.0 required=10.0 tests=DNS_FROM_OPENWHOIS,FORGED_YAHOO_RCVD,SPF_HELO_PASS,SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Feb 2008 21:18:09 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1JMreq-0008Id-Us for axis-dev@ws.apache.org; Wed, 06 Feb 2008 13:18:16 -0800 Message-ID: <15312797.post@talk.nabble.com> Date: Wed, 6 Feb 2008 13:18:16 -0800 (PST) From: kalakhr To: axis-dev@ws.apache.org Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault Messages In-Reply-To: <559c463d0710291927n19b1cf45g72bd030194918f7f@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: kalakhr@yahoo.com References: <001301c80c71$a58b80c0$39073d0a@timmunro> <559c463d0710281752x626b0cddq666638470bf08d0a@mail.gmail.com> <001901c81a0f$64654850$0402a8c0@timmunro> <559c463d0710291927n19b1cf45g72bd030194918f7f@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org Any luck with this issue? I just tried a client using Axis2-1.3 and rampart from SVN trunk and the problem is still occuring. I can't get rampart to handle valid fault messages from a service. Response: ---------- 2008-02-06T21:16:00.531Z 2008-02-06T21:21:00.531Z FCode1 Unable to successfully complete requested action. Actor1 Stack Trace: ------------ org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) Thanks, Khaled Ruchith Fernando wrote: > > Hi Tim, > > This is not fixed yet in the latest build ... Please keep an eye on > the JIRA [1] we'll update it as soon as we fix it and the fix will be > available in the latest build of the trunk. > > Thanks, > Ruchith > > 1. https://issues.apache.org/jira/browse/RAMPART-90 > > On 10/29/07, Tim Munro (myDIALS) wrote: >> Thanks for following up Ruchith, really appreciated. I look forward to >> this >> fix - will this appear in the latest builds, or will it only appear in >> the >> next "release" build. >> >> Best, >> Tim. >> -----Original Message----- >> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com] >> Sent: Monday, 29 October 2007 10:53 AM >> To: axis-dev@ws.apache.org >> Cc: tim.munro@mydials.com >> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault >> Messages >> >> Hi, >> >> This is an issue in Rampart because it doesn't processes the security >> header >> of fault messages. >> >> https://issues.apache.org/jira/browse/RAMPART-90 >> >> This will be fixed in the next release of Apache Rampart. >> >> Thanks, >> Ruchith >> >> On 10/12/07, Tim Munro (myDIALS) wrote: >> > Hi All, >> > >> > I have developed an Axis2-1.3 client (with Rampart 1.3, using an >> > xmlbeans >> > proxy) that calls methods on a secured .NET web service service. I can >> > successfully communicate with the .NET service, however when the .NET >> > server returns a valid fault message the xmlbeans proxy client never >> > receives the returned fault string; instead all the client receives is >> > the following >> > message: >> > Must Understand check failed for header >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1. >> > 0.xsd : Security >> > >> > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy >> > received the correct/expected error string. >> > >> > So, for example, if I call a method on the .NET web service with an >> > invalid parameter in the request document, the .NET web service >> > returns an informative message containing details of the problem. >> > Below is an example of the xml response message received from the .NET >> > server, and to me it appears to be a valid response: >> > > > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" >> > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec >> > urity- >> > utility-1.0.xsd"> >> > >> > > > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec >> > urity- >> > secext-1.0.xsd" s:mustUnderstand="1"> >> > >> > >> > 2007-10-12T01:02:16.796Z >> > >> > 2007-10-12T01:07:16.796Z >> > >> > >> > >> > >> > >> > s:UnexpectedFault >> > An unexpected >> > error has occurred in the service. >> > System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva >> > lidReq >> > uestFault]: The dimension member 'Midlands' was included in a >> > dimension reference for the 'Products' dimension, but is not valid. >> > (Fault Detail is equal to >> MyDials.Common.ServiceFaults.InvalidRequestFault). >> > >> > >> > >> > >> > When I interact with this returned message (through the xmlbeans >> > proxy), the error message I see is the "Must Understand check failed >> for >> header ..." >> > rather than the value contained in the faultstring elemrnt of the >> > returned document. >> > >> > The issue appears to be that the received message header contains a >> > (valid) timestamp, as indicated above, however the Axis2 response >> > handler never seems to to process this timestamp in the header, >> > meaning that when the >> > AxisEngine.checkMustUnderstand() performs the >> > headerBlock.isProcessed() test, the result is false and so the "Must >> understand check failed ..." >> > exception is thrown and my xmlbeans proxy never sees the real >> > faultstring message. >> > >> > I am struggling to understand what is going wrong here ... any >> > guidance on what to fault-find next would be greatly appreciated as >> > after a few days looking at this I am unsure if it is a problem in >> > returned document, or my policy.xml. >> > >> > Thanks, >> > Tim Munro >> > =================== >> > >> > Below is my policy.xml document: >> > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss >> > ecurit y-utility-1.0.xsd" >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> >> > >> > >> > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> >> > >> > >> > >> > > > RequireClientCertificate="false"/> >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> >> > >> > > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ >> > Includ >> > eToken/AlwaysToRecipient"> >> > >> > >> > >> > >> > >> > >> > >> > > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> >> > >> > >> >> > >> >> > >> > >> > >> > > > xmlns:ramp="http://ws.apache.org/rampart/policy"> >> > >> > 300 >> > >> > 300 >> > >> > cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6 >> > e69109 >> > 3f9d >> > >> > >> > >> > >> > > > provider="org.apache.ws.security.components.crypto.Merlin"> >> > > > name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12> > :prope >> > rty> >> > > > name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx> > :prope >> > rty> >> > > > name="org.apache.ws.security.crypto.merlin.keystore.password">> > ropert >> > y> >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org >> > For additional commands, e-mail: axis-dev-help@ws.apache.org >> > >> > >> >> >> -- >> http://blog.ruchith.org >> http://wso2.org >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org >> For additional commands, e-mail: axis-dev-help@ws.apache.org >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org >> For additional commands, e-mail: axis-dev-help@ws.apache.org >> >> > > > -- > http://blog.ruchith.org > http://wso2.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org > For additional commands, e-mail: axis-dev-help@ws.apache.org > > > -- View this message in context: http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned-Fault-Messages-tp13167907p15312797.html Sent from the Axis - Dev mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org For additional commands, e-mail: axis-dev-help@ws.apache.org