axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amila Jayasekara (JIRA)" <j...@apache.org>
Subject [jira] Commented: (RAMPART-324) Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignE nvelope: Element to encrypt/sign not found: {http://ws.apache.org/axis2}args0)
Date Mon, 07 Mar 2011 02:26:59 GMT

    [ https://issues.apache.org/jira/browse/RAMPART-324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13003240#comment-13003240
] 

Amila Jayasekara commented on RAMPART-324:
------------------------------------------

Hi Thilina, Abhinav,

I also faced a similar issue when running some rampart samples. Therefore I tried to reproduce
this issue in the trunk. So here are my findings,

It seems rampart does not take into account the namespaces specified in the policy for EncryptedElements.
So if you add following assertion to policy

<sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" 
                                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:serns="http://ws.apache.org/axis2"> 
                <sp:XPath>soapenv:Body/serns:mul/serns:args0</sp:XPath>

</sp:EncryptedElements>

rampart would not recognize prefix “ serns”.

But if you add following assertion,
<sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" 
                                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns1="http://ws.apache.org/axis2"> 
                <sp:XPath>soapenv:Body/ns1:mul/ns1:args0</sp:XPath>

</sp:EncryptedElements>

rampart will not complain about the namespace. In other words inorder to work this you must
have namespace prefix “ns1”. The reason for “ns1” to work is that it is the default
namespace prefix given when message generation. Here I am pasting a part of a message which
is generated before encrypting elements,
….
….
</ds:KeyInfo>

</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body><ns1:add
xmlns:ns1="http://service.wso2.org"><a>3</a><b>4</b></ns1:add></soapenv:Body></soapenv:Envelope>

As you can see ns1 is the default namespace given when message generation. But even you are
able to get through with namespace issue, rampart will not sign nor encrypt the message elements
you specified in the policy. This is in return a result of not reading elements from the policy
(I think).

We will further investigate on this and will work on a patch.

Thanks
AmilaJ

> Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignE
nvelope: Element to encrypt/sign not found: {http://ws.apache.org/axis2}args0)
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: RAMPART-324
>                 URL: https://issues.apache.org/jira/browse/RAMPART-324
>             Project: Rampart
>          Issue Type: Question
>          Components: rampart-core, rampart-policy
>    Affects Versions: 1.4
>         Environment: Windows XP, Rampart 1.4,JDK1.5_06,Axis2 1.5
>            Reporter: Abhinav Mishra
>            Assignee: Thilina Buddhika
>            Priority: Blocker
>              Labels: security
>         Attachments: Client.java, Multiplication4.java, Multiplication4CallbackHandler.java,
Multiplication4Stub.java, PWCBHandler.java, PWCBHandler.java, client.jks, service.jks, services.xml
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> Here I am trying to run a multiplication service in which I pass 2 parameters. In these
two parameters I am trying to encrypt and sign only single element. For this I am using <SignedElements>
and <EncryptedElements> assertions. I am calling the service using Client stub in which
the namaspace generated  is xmlns:ns1="http://ws.apache.org/axis2". I amt trying to use Xpath
for that element as <sp:XPath>/soapenv:Envelope/soapenv:Body/ns1:mul/ns1:args0</sp:XPath>
where soapenv is xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope">.
> When this got error i changed Xpath to:
> <sp:XPath>descendant::ns1:args0</sp:XPath>
>  But i am getting an error which is 
> Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignE
nvelope: Element to encrypt/sign not found: {http://ws.apache.org/axis2}args0)
> Abhinav
> Abhinav Mishra
> Exception in thread "main" org.apache.axis2.AxisFault: Error during encryption
>         at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
>         at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
>         at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
>         at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
>         at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
>         at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java
> :229)
>         at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
>         at org.apache.ws.axis2.Multiplication4Stub.mul(Multiplication4Stub.java:187)
>         at org.apache.ws.axis2.Client.main(Client.java:38)
> Caused by: org.apache.rampart.RampartException: Error during encryption
>         at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding
> Builder.java:544)
>         at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:9
> 3)
>         at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
>         at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
>         ... 8 more
> Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignE
> nvelope: Element to encrypt/sign not found: {http://ws.apache.org/axis2}args0)
>         at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:496)
>         at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:454)
>         at org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecEncrypt.java:351)
>         at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding
> Builder.java:530)
>         ... 11 more
> So,please help me to solve this issue.
> Here i am attaching my code and services.xml file.
> Thanks in advance!!!

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message