axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chinmoy Chakraborty <cch...@gmail.com>
Subject Re: Please help me to debug RAMPART issue
Date Mon, 03 Aug 2009 10:11:34 GMT
Hi Nandana,

Thanks a lot. I have created a JIRA (RAMPART-236) for the issue discussed
here.

Chinmoy




On Mon, Aug 3, 2009 at 8:29 AM, Nandana Mihindukulasooriya <
nandana.cse@gmail.com> wrote:

> Hi Chinmoy,
>             Before Rampart 1.4, Rampart didn't support securing SOAP
> Faults. This improvement [1] was only added to policy based configuration.
> So we added the Rampart policy based handlers to the Fault flows too to
> secure the faults. As you can see Fault flows only contains policy based
> handlers (PolicyBasedSecurityInHandler/PolicyBasedSecurityOutHandler) and
> not the parameter based handlers (SecurityInHandler/SecurityOutHandler). So
> this feature is not supported in parameter based configuration. So it is
> safe to the remove the snippet you have mentioned if you are sticking to
> parameter based configuation for the moment but move to policy based
> configuration as soon as possible.
>             This seems to be a bug in Rampart reciever, please create a
> JIRA for this with all the information. As far as I can see, this should be
> fixed when we fix the issue [2].
>
> thanks,
> Nandana
>
> [1] - http://issues.apache.org/jira/browse/RAMPART-90
> [2] - http://issues.apache.org/jira/browse/RAMPART-230
>
>
> On Sat, Aug 1, 2009 at 3:32 PM, Chinmoy Chakraborty <cchinu@gmail.com>wrote:
>
>> Nandana,
>>
>> Thanks a lot for reply. I am not clear what you said by "out going Fault
>> messages will not be secured". Parameter based ws-security sends normal SOAP
>> back to the client. So in case of any fault I expect SOAP fault but right
>> now it does not send SOAP fault thats why I had to comment out the portion I
>> mentioed in the mail. I guess this is a bug of 'RampartSender' right?
>>
>> At this point as I am using parameter based WS-Security stuffs and in case
>> of any fault it does not send back SOAP FAULT. So what you suggest to do at
>> this point (we can switch to policy based ws-security stuffs in future but
>> at this point we don't have option) other than commenting out the mentioned
>> portion of module.xml?
>> Chinmoy
>>
>>
>>
>> On Sat, Aug 1, 2009 at 8:19 AM, Nandana Mihindukulasooriya <
>> nandana.cse@gmail.com> wrote:
>>
>>> Hi Chinmoy,
>>>         If you comment out this part, the out going Fault messages will
>>> not be secured. Segment of the module.xml you have attached is the one which
>>> places Rampart handlers in the Out Fault Flow. It will not effect the normal
>>> flow.  I didn't see any active development in parameter based configuration
>>> since Rampart 1.3 as it is deprecated, so it doesn't expect faults to be
>>> secure too. Proelly that is why you saw the comment do not process faults in
>>> the   'WSDoAllReceiver'.
>>>
>>> thanks,
>>> Nandana
>>>
>>> On Sat, Aug 1, 2009 at 7:55 AM, Chinmoy Chakraborty <cchinu@gmail.com>wrote:
>>>
>>>> Andreas,
>>>>
>>>> Thanks a lot for your reply. You are right. "Could not find a Builder"
>>>> is not root cause of the problem. I commented out following portion
>>>> (OutFaultFlow params) in module.xml of rampart-1.4.mar and then it works
as
>>>> expected.
>>>>
>>>> <OutFaultFlow>
>>>>         <handler name="PolicyBasedSecurityOutHandler"
>>>> class="org.apache.rampart.handler.RampartSender">
>>>>             <order phase="Security" phaseLast="true"/>
>>>>         </handler>
>>>>     </OutFaultFlow>
>>>>
>>>> So I guess the problematic part is RampartSender. But I have one
>>>> question, commenting out this portion should not affect other part of app
>>>> right?
>>>>
>>>>
>>>> Chinmoy
>>>>
>>>>
>>>>
>>>> On Sat, Aug 1, 2009 at 12:29 AM, Andreas Veithen <
>>>> andreas.veithen@gmail.com> wrote:
>>>>
>>>>> Chinmoy,
>>>>>
>>>>> The "Could not find a Builder" error is because Tomcat returns an HTML
>>>>> error page and Axis2 on the client side doesn't know what to do with
>>>>> it. That is certainly not the root cause of the problem.
>>>>>
>>>>> Andreas
>>>>>
>>>>> On Fri, Jul 31, 2009 at 14:43, Chinmoy Chakraborty<cchinu@gmail.com>
>>>>> wrote:
>>>>> > Hi,
>>>>> >
>>>>> > I noticed following property was not set while sending the message
>>>>> back:
>>>>> >
>>>>> > 179781 DEBUG [http8080-Processor24]
>>>>> > org.apache.axis2.context.AbstractContext     -  Property set on
>>>>> object
>>>>> > org.apache.axis2.context.MessageContext@12f0ce9
>>>>> > 179781 DEBUG [http8080-Processor24]
>>>>> > org.apache.axis2.context.AbstractContext     -   Key =messageType
>>>>> > 179781 DEBUG [http8080-Processor24]
>>>>> > org.apache.axis2.context.AbstractContext     -   Value =text/xml
>>>>> > 179781 DEBUG [http8080-Processor24]
>>>>> > org.apache.axis2.context.AbstractContext     -   Value Class =
>>>>> > java.lang.String
>>>>> > 179781 DEBUG [http8080-Processor24]
>>>>> > org.apache.axis2.context.AbstractContext     -   Value Classloader
=
>>>>> null
>>>>> >
>>>>> > and then it produces following error:
>>>>> >
>>>>> > [http8080-Processor21] org.apache.axis2.transport.TransportUtils
>>>>> - Could
>>>>> > not find a Builder for type (text/html).  Using SOAP.
>>>>> > 194422 DEBUG [http8080-Processor21]
>>>>> >
>>>>> > httpclient.wire.content     - << "<html><head><title>Apache
>>>>> Tomcat/5.0.19 -
>>>>> > Error report</title><style><!--H1
>>>>> >
>>>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>>>>> > H2
>>>>> >
>>>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>>>>> > H3
>>>>> >
>>>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>>>>> > BODY
>>>>> >
>>>>> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B
>>>>> >
>>>>> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
>>>>> > P
>>>>> >
>>>>> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>>>>> > {color : black;}A.name {color : black;}HR {color :
>>>>> #525D76;}--></style>
>>>>> > </head><body><h1>HTTP Status 500 - </h1><HR
size="1"
>>>>> noshade><p><b>type</b>
>>>>> > Status report</p><p><b>message</b> <u></u></p><p><b>description</b>
>>>>> <u>The
>>>>> > server encountered an internal error () that prevented it from
>>>>> fulfilling
>>>>> > this request.</u></p><HR size="1" noshade><h3>Apache
>>>>> > Tomcat/5.0.19</h3></body></html>"
>>>>> > 194422
>>>>> >
>>>>> > DEBUG [http8080-Processor21]
>>>>> org.apache.axiom.om.util.StAXUtils     -
>>>>> > XMLStreamReader is com.ctc.wstx.sr.ValidatingStreamReader
>>>>> > 194422 INFO  [http8080-Processor21]
>>>>> > org.apache.axis2.builder.BuilderUtil     - OMException in
>>>>> getSOAPBuilder
>>>>> >
>>>>> >
>>>>> > Chinmoy
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> > On Fri, Jul 31, 2009 at 2:59 PM, Chinmoy Chakraborty <
>>>>> cchinu@gmail.com>
>>>>> > wrote:
>>>>> >>
>>>>> >> Hi,
>>>>> >>
>>>>> >> I turned on DEBUG and please find attached rampart_debug.log
file.
>>>>> Does
>>>>> >> 'WSDoAllReceiver' process faults if any while invoking the business
>>>>> logic? I
>>>>> >> found following commented line at line no. 161 of
>>>>> WSDoAllReceiver.java src:
>>>>> >>
>>>>> >> ...............
>>>>> >> // Do not process faults
>>>>> >>         SOAPConstants soapConstants =
>>>>> WSSecurityUtil.getSOAPConstants(doc
>>>>> >>                 .getDocumentElement());
>>>>> >>         if (WSSecurityUtil.findElement(doc.getDocumentElement(),
>>>>> "Fault",
>>>>> >>                 soapConstants.getEnvelopeURI()) != null) {
>>>>> >>             return;
>>>>> >>         }
>>>>> >> ......................
>>>>> >>
>>>>> >> In line 8254 it throws the exception from the service (in the
log
>>>>> file the
>>>>> >> service name is ABS) method. In line 8381 it shows :
>>>>> >>
>>>>> >> isReplyRedirected: FaultTo is null. Returning isReplyRedirected
>>>>> >> 194047 DEBUG [http8080-Processor24]
>>>>> >> org.apache.axis2.addressing.AddressingHelper     - [MessageContext:
>>>>> >> logID=urn:uuid:B669EB542CF5BAEF9D1249024862072] isReplyRedirected:
>>>>> ReplyTo
>>>>> >> is null. Returning false
>>>>> >>
>>>>> >> Is this the reason of not sending fault SOAP to the client if
>>>>> WSSecurity
>>>>> >> is on and use parameter based WS-Security?
>>>>> >>
>>>>> >> Chinmoy
>>>>> >>
>>>>> >>
>>>>> >
>>>>>
>>>>
>>>>
>>>
>>

Mime
View raw message