axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Samisa Abeysinghe (JIRA)" <j...@apache.org>
Subject [jira] Updated: (RAMPART-281) Axis2/Java client throws exception with mustUnderstand=1
Date Wed, 22 Dec 2010 11:06:17 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Samisa Abeysinghe updated RAMPART-281:
--------------------------------------

    Assignee:     (was: Ruchith Udayanga Fernando)

> Axis2/Java client throws exception with mustUnderstand=1
> --------------------------------------------------------
>
>                 Key: RAMPART-281
>                 URL: https://issues.apache.org/jira/browse/RAMPART-281
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.4
>         Environment: Server: Linux, Axis2/C
> Client: Windows, Axis2/Java
>            Reporter: Russell Tempero
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> We have implemented our service with the following security policy:
> <wsp:Policy wsu:Id="SyncPolicy"
>     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
>     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>     <wsp:ExactlyOne>
>         <wsp:All>
>             <sp:TransportBinding>
>                 <wsp:Policy>
>                     <sp:TransportToken>
>                         <wsp:Policy>
>                             <sp:HttpsToken/>
>                         </wsp:Policy>
>                     </sp:TransportToken>
>                     <sp:AlgorithmSuite>
>                         <wsp:Policy>
>                             <sp:Basic256/>
>                         </wsp:Policy>
>                     </sp:AlgorithmSuite>
>                     <sp:Layout>
>                         <wsp:Policy>
>                             <sp:Lax/>
>                         </wsp:Policy>
>                     </sp:Layout>
>                 </wsp:Policy>
>             </sp:TransportBinding>
>             <sp:SignedSupportingTokens>
>                 <wsp:Policy>
>                     <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
>                         <wsp:Policy>
>                             <sp:WssUsernameToken10/>
>                         </wsp:Policy>
>                     </sp:UsernameToken>
>                 </wsp:Policy>
>             </sp:SignedSupportingTokens>
>         </wsp:All>
>     </wsp:ExactlyOne>
> </wsp:Policy>
> On the client, we are able to use Rampart to send out the correct security headers as
expected by the server:
>   <soapenv:Header>
>     <wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
soapenv:mustUnderstand='1'>
>       <wsse:UsernameToken xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='UsernameToken-12864392'>
>         <wsse:Username>admin</wsse:Username>
>         <wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>admin</wsse:Password>
>       </wsse:UsernameToken>
>     </wsse:Security>
>   </soapenv:Header>
> However, in the response, the server send back a blank security header:
> <soapenv:Header>
>     <wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
soapenv:mustUnderstand='1'></wsse:Security>
>   </soapenv:Header>
> When the client receives this blank security header, it throws the following exception:
> Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
> Is the blank security header required/allowed in the response according to the WS-Security
specification? If so, the Rampart implementation on the client needs to be changed to be able
to accept this header. If the blank header is not allowed, the server needs to be changed
to not send it.
> Note: we came up with the following workaround on the client:
>     .
>     .
>     .
> 		ConfigurationContext configurationContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem("C:\\Program
Files\\axis2-1.5.1\\repository", null);
> 		AxisConfiguration ac = configurationContext.getAxisConfiguration();
> 		((Phase)ac.getInFlowPhases().get(0)).addHandler(new BasicCreate.SecurityHandler());
>     .
>     .
>     .
>     public static class SecurityHandler extends AbstractHandler
>     {
>         @Override
>         public InvocationResponse invoke(MessageContext msgContext) throws AxisFault
>         {
>             org.apache.axiom.soap.SOAPEnvelope envelope = msgContext.getEnvelope();
>             if (envelope.getHeader() == null)
>             {
>                 return InvocationResponse.CONTINUE;
>             }
>             // Get all the headers targeted to us
>             Iterator headerBlocks = envelope.getHeader().getHeadersToProcess((RolePlayer)msgContext.getConfigurationContext().getAxisConfiguration().getParameterValue("rolePlayer"));
>             while (headerBlocks.hasNext())
>             {
>                 SOAPHeaderBlock headerBlock = (SOAPHeaderBlock) headerBlocks.next();
>                 QName headerName = headerBlock.getQName();
>                 if(headerName.getLocalPart().equals("Security"))
>                 {
>                     headerBlock.setProcessed();
>                 }
>             }
>             return InvocationResponse.CONTINUE;
>         }
>     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message