axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TomazM <tomaz.majerh...@arnes.si>
Subject Re: axis & rampart fault response as XML
Date Mon, 16 Feb 2009 07:23:19 GMT
I use rampart 1.4 sample policy/sample02 and deployed in Tomcat and run client.

Stack:
2009-02-14 11:02:24,819 [http-8080-1] INFO  org.apache.xml.security.signature.Reference  -
Verification successful for URI "#Id-33320514"
2009-02-14 11:02:24,819 [http-8080-1] INFO  org.apache.xml.security.signature.Reference  -
Verification successful for URI "#Timestamp-9838079"
2009-02-14 11:02:24,866 [http-8080-1] ERROR org.apache.axis2.engine.AxisEngine  - The certificate
used for the signature is not trusted
org.apache.axis2.AxisFault: The certificate used for the signature is not trusted
	at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
	at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
	at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
	at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Thread.java:619)
Caused by: org.apache.rampart.RampartException: The certificate used for the signature is
not trusted
	at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:174)
	at org.apache.rampart.RampartEngine.process(RampartEngine.java:204)
	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
	... 19 more
2009-02-14 11:02:24,897 [http-8080-1] INFO  org.apache.axis2.transport.http.AxisServlet  -
org.apache.axis2.AxisFault: Error in extracting message
properties
2009-02-14 11:06:47,945 [http-8080-1] INFO  org.apache.xml.security.signature.Reference  -
Verification successful for URI "#Id-33320514"
2009-02-14 11:06:47,945 [http-8080-1] INFO  org.apache.xml.security.signature.Reference  -
Verification successful for URI "#Timestamp-9838079"


service.xml
<service name="SignedHeaderBody">
	<description>
        Podpisemo header in body, ni pa kriptiran
    </description>
	<operation name="echo">
		<messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
	</operation>
	<operation name="sestej">
        <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
    </operation>
	<parameter name="ServiceClass" locked="false">rampart1_4.sample02.service.PojoService</parameter>
	
	<module ref="rampart" />
	<module ref="addressing" />

policy ...

</service>

policy config:

<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
	<wsp:ExactlyOne>
		<wsp:All>
			<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
				<wsp:Policy>
					<sp:InitiatorToken>
						<wsp:Policy>
							<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
								<wsp:Policy>
								    <sp:RequireThumbprintReference/>
									<sp:WssX509V3Token10/>
								</wsp:Policy>
							</sp:X509Token>
						</wsp:Policy>
					</sp:InitiatorToken>
					<sp:RecipientToken>
						<wsp:Policy>
							<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
								<wsp:Policy>
								    <sp:RequireThumbprintReference/>
									<sp:WssX509V3Token10/>
								</wsp:Policy>
							</sp:X509Token>
						</wsp:Policy>
					</sp:RecipientToken>
					<sp:AlgorithmSuite>
						<wsp:Policy>
							<sp:TripleDesRsa15/>
						</wsp:Policy>
					</sp:AlgorithmSuite>
					<sp:Layout>
						<wsp:Policy>
							<sp:Strict/>
						</wsp:Policy>
					</sp:Layout>
					<sp:IncludeTimestamp/>
					<sp:OnlySignEntireHeadersAndBody/>
				</wsp:Policy>
			</sp:AsymmetricBinding>
			<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
				<wsp:Policy>
					<sp:MustSupportRefKeyIdentifier/>
					<sp:MustSupportRefIssuerSerial/>
				</wsp:Policy>
			</sp:Wss10>
			<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
				<sp:Body/>
			</sp:SignedParts>			
			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
				<ramp:user>client</ramp:user>
				<ramp:encryptionUser>service</ramp:encryptionUser>
				<ramp:passwordCallbackClass>rampart1_4.sample02.client.SecurityHandler</ramp:passwordCallbackClass>
				
				<ramp:signatureCrypto>
					<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
						<ramp:property
name="org.apache.ws.security.crypto.merlin.file">E:/IDE/eclipse-BIRT/eclipse/workspace/Axis2/client_conf_02/client.jks</ramp:property>
						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
					</ramp:crypto>
				</ramp:signatureCrypto>
			</ramp:RampartConfig>
			<!-- pass=apache -->
		</wsp:All>
	</wsp:ExactlyOne>
</wsp:Policy>

Is there any additional configuration in axis2 for rampart, I only include module <module
ref="rampart"/>


Regards, Tomaz



Nandana Mihindukulasooriya wrote:
> Can you post the full tomcat stack trace ? Expected behavior is to send
> a SOAP Fault in this scenario. Seems something goes wrong in the fault flow.
> 
> thanks,
> nandana
> 
> 2009/2/14 TomazM <tomaz.majerhold@arnes.si
> <mailto:tomaz.majerhold@arnes.si>>
> 
>     I want it to return an XML that shows the SOAP Fault returned, so
>     the client understand,  how can I achieve this?
> 
>     I have situation:
>     java 1.6_10
>     Tomcat 6.0.18
>     axis2_1_4
>     rampart 1.4
> 
>     Client send soap message with wrong signed key and rampart return
>     the response is html, more precisely I get Tomcat response:
> 
>     HTTP Status 500
>     The server encountered an internal error () that prevented it from
>     fulfilling this request.
> 
> 
>     In axis2 log:
> 
>     ERROR org.apache.axis2.engine.AxisEngine  - The certificate used for
>     the signature is not trusted
> 
> 
>     Is there any configuration of service or rampart to return SOAP xml
>     message with fault response:'The certificate used for the signature
>     is not
>     trusted' or fault_code so the client could read this message?
> 
> 
>     Regards, Tomaz
> 
> 
> 
> 
> 
> 
> -- 
> Nandana Mihindukulasooriya  
> WSO2 inc.
> 
> http://nandana83.blogspot.com/
> http://www.wso2.org


Mime
View raw message