Return-Path: Delivered-To: apmail-axis-java-dev-archive@www.apache.org Received: (qmail 59004 invoked from network); 11 Mar 2011 14:35:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 11 Mar 2011 14:35:22 -0000 Received: (qmail 72935 invoked by uid 500); 11 Mar 2011 14:35:22 -0000 Delivered-To: apmail-axis-java-dev-archive@axis.apache.org Received: (qmail 72615 invoked by uid 500); 11 Mar 2011 14:35:22 -0000 Mailing-List: contact java-dev-help@axis.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: java-dev@axis.apache.org Delivered-To: mailing list java-dev@axis.apache.org Received: (qmail 72607 invoked by uid 99); 11 Mar 2011 14:35:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Mar 2011 14:35:21 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Mar 2011 14:35:20 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 874433A35E8 for ; Fri, 11 Mar 2011 14:34:59 +0000 (UTC) Date: Fri, 11 Mar 2011 14:34:59 +0000 (UTC) From: "Rustam Abdullaev (JIRA)" To: java-dev@axis.apache.org Message-ID: <85510804.13444.1299854099550.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] Created: (RAMPART-329) Interoperability with WSIT problem: RampartException: Error in adding token into store MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Interoperability with WSIT problem: RampartException: Error in adding token into store -------------------------------------------------------------------------------------- Key: RAMPART-329 URL: https://issues.apache.org/jira/browse/RAMPART-329 Project: Rampart Issue Type: Bug Components: rampart-trust Affects Versions: 1.5 Environment: Axis2 1.5.1 Metro 2.1 Reporter: Rustam Abdullaev The combination: Axis2(Rampart) Service + Metro(WSIT) Client doesn't work when using SymmetricBinding policy. The cause is that Rampart caches all EncryptedKey's by their ID, assuming that these are UUIDs, while WSIT just assigns IDs that are unique within a single SOAP message, like "_1", "_2", etc. As the consequence, only the first request succeeds, with all subsequent requests failing with: org.apache.axis2.AxisFault: Error in adding token into store at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:429) at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:43) at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:100) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:176) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:278) at org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) at org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575) at java.lang.Thread.run(Thread.java:595) Caused by: org.apache.rampart.RampartException: Error in adding token into store at org.apache.rampart.builder.SymmetricBindingBuilder.getEncryptedKey(SymmetricBindingBuilder.java:787) at org.apache.rampart.builder.SymmetricBindingBuilder.doSignBeforeEncrypt(SymmetricBindingBuilder.java:424) at org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:90) at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144) at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64) ... 14 more (and, after patching Rampart not to swallow the root cause) Caused by: org.apache.rahas.TrustException: "The token "_5002" already exists in the store at org.apache.rahas.SimpleTokenStore.add(SimpleTokenStore.java:65) at org.apache.rampart.builder.SymmetricBindingBuilder.getEncryptedKey(SymmetricBindingBuilder.java:782) ... 18 more As can be seen, the first EncryptedKey with ID "_5002" couldn't be added to the store. That is because WSIT request looks like: {code:xml} http://localhost:8080/axis2/services/LoginService.LoginServicePortType http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
http://www.w3.org/2005/08/addressing/anonymous
 uuid:be30f6b8-a756-4ef4-a2d4-ed79579ab73d 2011-03-11T12:41:26Z 2011-03-11T12:46:26Z HYL371NzoOs2+IA24VDkBGcUFQM= U2P07ZSaepPHGlHuIHYZX9oL5Vrhy....... 0 16 XvWeqk48yU+hL9QA5+JzUeIM MIICTDCCAbUCBEbJZMQwDQ......... 0 16 dZZ0MgLmAc+T9wBBxY7y/oDS ggGI89+Ajl2PytO/7NM3TeC/...... yo9B6dCgG2r5JtJA0iOZPOQALBU= SGLHUTns15tib3gnll2H..... Nf2O8yHO2Ls1bIDN2..... {code} I believe that the problem lies on Rampart side, as according to OASIS standards SecurityKey ID's don't have to be unique across SOAP calls. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org For additional commands, e-mail: java-dev-help@axis.apache.org