axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Rohr (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AXIS2-5032) InvalidSecurity for first requests
Date Wed, 11 May 2011 14:13:47 GMT

     [ https://issues.apache.org/jira/browse/AXIS2-5032?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oliver Rohr updated AXIS2-5032:
-------------------------------

    Description: 
The exception in the same as in AXIS2-3999, but Im not sure if it has the same origin
org.apache.axis2.AxisFault: InvalidSecurity
	at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
	at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
	at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
	at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
...

we do have 3 services and we are using MTOM in the Clients to sent attachments. Rampart engaged
in the services.xml and a policy using a custom password handler as follows:
	<module ref="rampart" />
    <module ref="addressing" />
    
    <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsp:ExactlyOne>
          <wsp:All>
            <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
              <wsp:Policy>
                <sp:TransportToken>
                  <wsp:Policy>
 <!--                  <sp:HashPassword/> --> 
                  </wsp:Policy>
                </sp:TransportToken>
              </wsp:Policy>
            </sp:TransportBinding>
            <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
/>
              </wsp:Policy>
            </sp:SignedSupportingTokens>

  			
			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
				<ramp:passwordCallbackClass>custom.PasswordCallbackHandler</ramp:passwordCallbackClass>
			</ramp:RampartConfig>		
		  </wsp:All>
		</wsp:ExactlyOne>
	</wsp:Policy>

policy.xml in client:

<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
    "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:SupportingTokens
          xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:Policy>
          <sp:UsernameToken sp:IncludeToken=
              "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
            <wsp:Policy>
<!--                <sp:HashPassword/>-->
            </wsp:Policy>
          </sp:UsernameToken> 
        </wsp:Policy>
      </sp:SupportingTokens>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Client code:

  ServiceClient sc = stub._getServiceClient();

      sc.engageModule("addressing");
      sc.engageModule("rampart");

      Options options = sc.getOptions();
      options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("axis2repo/policies/policy.xml"));
      options.setUserName(config.getServerUser());
      options.setPassword(config.getServerPassword());
      // enale MTOM optimzation in client
      options.setProperty(Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);

      options.setTimeOutInMilliSeconds(getConnectionTimeout() * 1000);


The facts:
1) This works fine for any amount of requests that are sent in sequence.
2) This doesnt work for multiple requests (tested with 10 paralell requests) that are received
by the server right after the server startup. In this case one (or some?) of the first requests
produce the mentioned security exception.
3) If then again 10 parelell requests are sent all works fine again.

Thus I assume this is a problem with the policy loading at the beginning (lazy loading?),
e.g. something is not thread safe?

I would like to know if this a known problem and if there is a workaround for this (e.g. on
startup of the application could I just load everything that is needed to ensure Axis/rampart
policy parts are fully initialized).

Note: I also tried this with Axis 1.5.4 and rampart 1.5 but the same problem occured.






  was:
The exception in the same as in AXIS2-3999, but Im not sure if it the same origin
org.apache.axis2.AxisFault: InvalidSecurity
	at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
	at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
	at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
	at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
...

we do have 3 services and we are using MTOM in the Clients to sent attachments. Rampart engaged
in the services.xml and a policy using a custom password handler as follows:
	<module ref="rampart" />
    <module ref="addressing" />
    
    <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsp:ExactlyOne>
          <wsp:All>
            <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
              <wsp:Policy>
                <sp:TransportToken>
                  <wsp:Policy>
 <!--                  <sp:HashPassword/> --> 
                  </wsp:Policy>
                </sp:TransportToken>
              </wsp:Policy>
            </sp:TransportBinding>
            <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
/>
              </wsp:Policy>
            </sp:SignedSupportingTokens>

  			
			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
				<ramp:passwordCallbackClass>custom.PasswordCallbackHandler</ramp:passwordCallbackClass>
			</ramp:RampartConfig>		
		  </wsp:All>
		</wsp:ExactlyOne>
	</wsp:Policy>

policy.xml in client:

<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
    "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:SupportingTokens
          xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:Policy>
          <sp:UsernameToken sp:IncludeToken=
              "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
            <wsp:Policy>
<!--                <sp:HashPassword/>-->
            </wsp:Policy>
          </sp:UsernameToken> 
        </wsp:Policy>
      </sp:SupportingTokens>
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

Client code:

  ServiceClient sc = stub._getServiceClient();

      sc.engageModule("addressing");
      sc.engageModule("rampart");

      Options options = sc.getOptions();
      options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("axis2repo/policies/policy.xml"));
      options.setUserName(config.getServerUser());
      options.setPassword(config.getServerPassword());
      // enale MTOM optimzation in client
      options.setProperty(Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);

      options.setTimeOutInMilliSeconds(getConnectionTimeout() * 1000);


The facts:
1) This works fine for any amount of requests that are sent in sequence.
2) This doesnt work for multiple requests (tested with 10 paralell requests) that are received
by the server right after the server startup. In this case one (or some?) of the first requests
produce the mentioned security exception.
3) If then again 10 parelell requests are sent all works fine again.

Thus I assume this is a problem with the policy loading at the beginning (lazy loading?),
e.g. something is not thread safe?

I would like to know if this a known problem and if there is a workaround for this (e.g. on
startup of the application could I just load everything that is needed to ensure Axis/rampart
policy parts are fully initialized).

Note: I also tried this with Axis 1.5.4 and rampart 1.5 but the same problem occured.







> InvalidSecurity for first requests
> ----------------------------------
>
>                 Key: AXIS2-5032
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5032
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.5.2
>         Environment: Axis 1.5.2, rampart 1.4
>            Reporter: Oliver Rohr
>            Priority: Critical
>
> The exception in the same as in AXIS2-3999, but Im not sure if it has the same origin
> org.apache.axis2.AxisFault: InvalidSecurity
> 	at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
> 	at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> 	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> 	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
> 	at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
> 	at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> ...
> we do have 3 services and we are using MTOM in the Clients to sent attachments. Rampart
engaged in the services.xml and a policy using a custom password handler as follows:
> 	<module ref="rampart" />
>     <module ref="addressing" />
>     
>     <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>         <wsp:ExactlyOne>
>           <wsp:All>
>             <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>               <wsp:Policy>
>                 <sp:TransportToken>
>                   <wsp:Policy>
>  <!--                  <sp:HashPassword/> --> 
>                   </wsp:Policy>
>                 </sp:TransportToken>
>               </wsp:Policy>
>             </sp:TransportBinding>
>             <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                 <wsp:Policy>
>                     <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
/>
>               </wsp:Policy>
>             </sp:SignedSupportingTokens>
>   			
> 			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
> 				<ramp:passwordCallbackClass>custom.PasswordCallbackHandler</ramp:passwordCallbackClass>
> 			</ramp:RampartConfig>		
> 		  </wsp:All>
> 		</wsp:ExactlyOne>
> 	</wsp:Policy>
> policy.xml in client:
> <wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
>     "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>   <wsp:ExactlyOne>
>     <wsp:All>
>       <sp:SupportingTokens
>           xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>         <wsp:Policy>
>           <sp:UsernameToken sp:IncludeToken=
>               "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>             <wsp:Policy>
> <!--                <sp:HashPassword/>-->
>             </wsp:Policy>
>           </sp:UsernameToken> 
>         </wsp:Policy>
>       </sp:SupportingTokens>
>     </wsp:All>
>   </wsp:ExactlyOne>
> </wsp:Policy>
> Client code:
>   ServiceClient sc = stub._getServiceClient();
>       sc.engageModule("addressing");
>       sc.engageModule("rampart");
>       Options options = sc.getOptions();
>       options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("axis2repo/policies/policy.xml"));
>       options.setUserName(config.getServerUser());
>       options.setPassword(config.getServerPassword());
>       // enale MTOM optimzation in client
>       options.setProperty(Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
>       options.setTimeOutInMilliSeconds(getConnectionTimeout() * 1000);
> The facts:
> 1) This works fine for any amount of requests that are sent in sequence.
> 2) This doesnt work for multiple requests (tested with 10 paralell requests) that are
received by the server right after the server startup. In this case one (or some?) of the
first requests produce the mentioned security exception.
> 3) If then again 10 parelell requests are sent all works fine again.
> Thus I assume this is a problem with the policy loading at the beginning (lazy loading?),
e.g. something is not thread safe?
> I would like to know if this a known problem and if there is a workaround for this (e.g.
on startup of the application could I just load everything that is needed to ensure Axis/rampart
policy parts are fully initialized).
> Note: I also tried this with Axis 1.5.4 and rampart 1.5 but the same problem occured.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message