Return-Path: 
 <axis-user-return-77715-apmail-ws-axis-user-archive=ws.apache.org@ws.apache.org>
Delivered-To: apmail-ws-axis-user-archive@www.apache.org
Received: (qmail 46965 invoked from network); 16 Feb 2009 07:24:02 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 16 Feb 2009 07:24:02 -0000
Received: (qmail 66234 invoked by uid 500); 16 Feb 2009 07:23:55 -0000
Delivered-To: apmail-ws-axis-user-archive@ws.apache.org
Received: (qmail 65554 invoked by uid 500); 16 Feb 2009 07:23:52 -0000
Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm
Precedence: bulk
Reply-To: axis-user@ws.apache.org
list-help: <mailto:axis-user-help@ws.apache.org>
list-unsubscribe: <mailto:axis-user-unsubscribe@ws.apache.org>
List-Post: <mailto:axis-user@ws.apache.org>
List-Id: <axis-user.ws.apache.org>
Delivered-To: mailing list axis-user@ws.apache.org
Received: (qmail 65545 invoked by uid 99); 16 Feb 2009 07:23:52 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 15 Feb 2009 23:23:52 -0800
X-ASF-Spam-Status: No, hits=-4.0 required=10.0
	tests=RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [193.2.1.87] (HELO postfix.arnes.si) (193.2.1.87)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Feb 2009 07:23:42 +0000
Received: from localhost (avs3.arnes.si [193.2.1.68])
	by postfix.arnes.si (Postfix) with ESMTP id 345B3A9C0B
	for <axis-user@ws.apache.org>; Mon, 16 Feb 2009 08:23:20 +0100 (MET)
X-Virus-Scanned: amavisd-new at arnes.si
Received: from postfix.arnes.si ([193.2.1.87])
	by localhost (avs3.arnes.si [193.2.1.68]) (amavisd-new, port 10030)
	with ESMTP id MUu6RMNf6cJw for <axis-user@ws.apache.org>;
	Mon, 16 Feb 2009 08:23:19 +0100 (CET)
Received: from rzenik.arnes.si (rzenik.arnes.si [193.2.1.232])
	by postfix.arnes.si (Postfix) with ESMTP id D0BEBA9C07
	for <axis-user@ws.apache.org>; Mon, 16 Feb 2009 08:23:19 +0100 (MET)
Received: from localhost (avs3.arnes.si [193.2.1.68])
	by rzenik.arnes.si (Postfix) with ESMTP id A3875ABE24
	for <axis-user@ws.apache.org>; Mon, 16 Feb 2009 08:23:19 +0100 (MET)
X-Virus-Scanned: amavisd-new at arnes.si
Received: from rzenik.arnes.si ([193.2.1.232])
	by localhost (avs3.arnes.si [193.2.1.68]) (amavisd-new, port 10028)
	with ESMTP id 0dSyz0zq5OQ7 for <axis-user@ws.apache.org>;
	Mon, 16 Feb 2009 08:23:19 +0100 (CET)
Received: from [193.2.1.179] (jalovec.arnes.si [193.2.1.179])
	by rzenik.arnes.si (Postfix) with ESMTP id 433A3ABE1B
	for <axis-user@ws.apache.org>; Mon, 16 Feb 2009 08:23:19 +0100 (MET)
Message-ID: <49991467.2060200@arnes.si>
Date: Mon, 16 Feb 2009 08:23:19 +0100
From: TomazM <tomaz.majerhold@arnes.si>
Organization: ARNES
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: axis-user@ws.apache.org
Subject: Re: axis & rampart fault response as XML
References: <49969766.3060707@arnes.si>
 <9e2fff830902151527v18c2da28ta1acd1fe288b355f@mail.gmail.com>
In-Reply-To: <9e2fff830902151527v18c2da28ta1acd1fe288b355f@mail.gmail.com>
X-Enigmail-Version: 0.95.7
Content-Type: multipart/mixed;
 boundary="------------050100060403080302040601"
X-Virus-Checked: Checked by ClamAV on apache.org

This is a multi-part message in MIME format.
--------------050100060403080302040601
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

I use rampart 1.4 sample policy/sample02 and deployed in Tomcat and run client.

Stack:
2009-02-14 11:02:24,819 [http-8080-1] INFO  org.apache.xml.security.signature.Reference  - Verification successful for URI "#Id-33320514"
2009-02-14 11:02:24,819 [http-8080-1] INFO  org.apache.xml.security.signature.Reference  - Verification successful for URI "#Timestamp-9838079"
2009-02-14 11:02:24,866 [http-8080-1] ERROR org.apache.axis2.engine.AxisEngine  - The certificate used for the signature is not trusted
org.apache.axis2.AxisFault: The certificate used for the signature is not trusted
	at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
	at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
	at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
	at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Thread.java:619)
Caused by: org.apache.rampart.RampartException: The certificate used for the signature is not trusted
	at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:174)
	at org.apache.rampart.RampartEngine.process(RampartEngine.java:204)
	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
	... 19 more
2009-02-14 11:02:24,897 [http-8080-1] INFO  org.apache.axis2.transport.http.AxisServlet  - org.apache.axis2.AxisFault: Error in extracting message
properties
2009-02-14 11:06:47,945 [http-8080-1] INFO  org.apache.xml.security.signature.Reference  - Verification successful for URI "#Id-33320514"
2009-02-14 11:06:47,945 [http-8080-1] INFO  org.apache.xml.security.signature.Reference  - Verification successful for URI "#Timestamp-9838079"


service.xml
<service name="SignedHeaderBody">
	<description>
        Podpisemo header in body, ni pa kriptiran
    </description>
	<operation name="echo">
		<messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
	</operation>
	<operation name="sestej">
        <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
    </operation>
	<parameter name="ServiceClass" locked="false">rampart1_4.sample02.service.PojoService</parameter>
	
	<module ref="rampart" />
	<module ref="addressing" />

policy ...

</service>

policy config:

<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
	<wsp:ExactlyOne>
		<wsp:All>
			<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
				<wsp:Policy>
					<sp:InitiatorToken>
						<wsp:Policy>
							<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
								<wsp:Policy>
								    <sp:RequireThumbprintReference/>
									<sp:WssX509V3Token10/>
								</wsp:Policy>
							</sp:X509Token>
						</wsp:Policy>
					</sp:InitiatorToken>
					<sp:RecipientToken>
						<wsp:Policy>
							<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
								<wsp:Policy>
								    <sp:RequireThumbprintReference/>
									<sp:WssX509V3Token10/>
								</wsp:Policy>
							</sp:X509Token>
						</wsp:Policy>
					</sp:RecipientToken>
					<sp:AlgorithmSuite>
						<wsp:Policy>
							<sp:TripleDesRsa15/>
						</wsp:Policy>
					</sp:AlgorithmSuite>
					<sp:Layout>
						<wsp:Policy>
							<sp:Strict/>
						</wsp:Policy>
					</sp:Layout>
					<sp:IncludeTimestamp/>
					<sp:OnlySignEntireHeadersAndBody/>
				</wsp:Policy>
			</sp:AsymmetricBinding>
			<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
				<wsp:Policy>
					<sp:MustSupportRefKeyIdentifier/>
					<sp:MustSupportRefIssuerSerial/>
				</wsp:Policy>
			</sp:Wss10>
			<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
				<sp:Body/>
			</sp:SignedParts>			
			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
				<ramp:user>client</ramp:user>
				<ramp:encryptionUser>service</ramp:encryptionUser>
				<ramp:passwordCallbackClass>rampart1_4.sample02.client.SecurityHandler</ramp:passwordCallbackClass>
				
				<ramp:signatureCrypto>
					<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
						<ramp:property
name="org.apache.ws.security.crypto.merlin.file">E:/IDE/eclipse-BIRT/eclipse/workspace/Axis2/client_conf_02/client.jks</ramp:property>
						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
					</ramp:crypto>
				</ramp:signatureCrypto>
			</ramp:RampartConfig>
			<!-- pass=apache -->
		</wsp:All>
	</wsp:ExactlyOne>
</wsp:Policy>

Is there any additional configuration in axis2 for rampart, I only include module <module ref="rampart"/>


Regards, Tomaz



Nandana Mihindukulasooriya wrote:
> Can you post the full tomcat stack trace ? Expected behavior is to send
> a SOAP Fault in this scenario. Seems something goes wrong in the fault flow.
> 
> thanks,
> nandana
> 
> 2009/2/14 TomazM <tomaz.majerhold@arnes.si
> <mailto:tomaz.majerhold@arnes.si>>
> 
>     I want it to return an XML that shows the SOAP Fault returned, so
>     the client understand,  how can I achieve this?
> 
>     I have situation:
>     java 1.6_10
>     Tomcat 6.0.18
>     axis2_1_4
>     rampart 1.4
> 
>     Client send soap message with wrong signed key and rampart return
>     the response is html, more precisely I get Tomcat response:
> 
>     HTTP Status 500
>     The server encountered an internal error () that prevented it from
>     fulfilling this request.
> 
> 
>     In axis2 log:
> 
>     ERROR org.apache.axis2.engine.AxisEngine  - The certificate used for
>     the signature is not trusted
> 
> 
>     Is there any configuration of service or rampart to return SOAP xml
>     message with fault response:'The certificate used for the signature
>     is not
>     trusted' or fault_code so the client could read this message?
> 
> 
>     Regards, Tomaz
> 
> 
> 
> 
> 
> 
> -- 
> Nandana Mihindukulasooriya  
> WSO2 inc.
> 
> http://nandana83.blogspot.com/
> http://www.wso2.org


--------------050100060403080302040601
Content-Type: text/x-vcard; charset=utf-8;
 name="tomaz_majerhold.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="tomaz_majerhold.vcf"

begin:vcard
fn:Tomaz Majerhold
n:Majerhold;Tomaz
org:ARNES, Slovenian NREN;Development team
adr:;;Jamova 39;Ljubljana;Ljubljana;1000;Slovenia
email;internet:tomaz.majerhold@arnes.si
title:Developer
tel;work:+386 14798930
tel;fax:+386 1 479 88 99
tel;home:+386 1425 38 01
tel;cell:+386 40757229
url:http://www.arnes.si/
version:2.1
end:vcard


--------------050100060403080302040601--