axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ellecer Valencia <elle...@gmail.com>
Subject Re: Error page returned instead of Soap Exception when WS-Security Authentication fails in Rampart
Date Thu, 22 Oct 2009 16:20:38 GMT
But this is where we seem to be doing different things. I'm getting
the error, but only if I have a rampart entry in axis2.xml. Once I
remove it, I don't get the HTML error page anymore. I get the Soap
Faults I was expecting. It looks like WS-Security is actually enabled,
even without the axis2.xml entry.

I find the instructions a bit ambiguous on this:

"Since rampart module inserts handlers in the system specific
pre-dispatch phase, it must be engaged globally. But it is possible to
activate rampart module for the inflow or the outflow when required by
the service or the clients."

Now what does this actually mean? Should the module reference always
be present in axis2.xml or not?  The second sentence seems to imply
that it doesn't. Later on, the instructions say:

"At the server it is possible to provide security on a per service
basis. The configuration parameters should be set in the service.xml
file of the service. The client side config parameters should be set
in the axis2.xml of the client's Axis2 repository."

So isn't this saying if you are a *client* of a WS-Security enabled
service, you need the entry in your axis2.xml, but if you are running
a service, you can either have rampart enabled globally in the
axis2.xml, or inside individual services, in their service.xml?  Could
we get some feedback from people involved in Rampart (and rewrite some
parts of that page if needed)?

As I showed in my previous post, I was able to get a Soap Fault from
sample03 service when authentication failed. I didn't have an entry
for rampart in axis2.xml. I only had it in the service.xml file for
sample03.  The fact that the auth details were processed means Rampart
*is* enabled.


Ellecer


On Thu, Oct 22, 2009 at 6:26 PM, Chinmoy Chakraborty <cchinu@gmail.com> wrote:
> If you want to enable WS-security you need to engage RAMPART module. So
> disengaging RAMPART module is not the solution if you want WS-Security. If
> you don't need WS-Security then its fine.
>
> So it's a bug and that's why it is in JIRA. If you are getting the same
> error using latest code please comment on that JIRA entry.
>
> Chinmoy
>
> On Thu, Oct 22, 2009 at 12:06 PM, Ellecer Valencia <ellecer@gmail.com>
> wrote:
>>
>> Thanks for that Chinmoy. However, I continued to get the HTML error
>> pages, even using the latest available nightly build of Rampart. This
>> happened both on Axis2-1.4 and Axis2-1.5
>>
>> However, I seem to have stumbled upon a fix. I was able to get the
>> expected soap response messages and exceptions after I removed this
>> entry from axis2.xml:
>>
>> <module ref="rampart"/>   <--- REMOVE
>>
>> I was testing an axis webapp which contained two services:
>>
>> 1. an unsecured service - BankService, from Axis /samples/faulthandling/
>> 2. and a secured service - sample03, from Rampart /samples/basic/sample03/
>>
>> Now when the file /WEB-INF/conf/axis2.xml contained <module
>> ref="rampart"/>, I continually got a HTML error page (as described in
>> my earlier post - see bottom of email), whether it was
>>
>> 1. (BankService - unsecured) - Sending a request that would generate
>> Insufficient Funds error
>>
>> <soapenv:Envelope
>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:exam="http://example">
>>   <soapenv:Header/>
>>   <soapenv:Body>
>>      <exam:withdraw>
>>         <exam:account>88</exam:account>
>>         <exam:amount>1200</exam:amount>
>>      </exam:withdraw>
>>   </soapenv:Body>
>> </soapenv:Envelope>
>>
>> when running the /faulthandling example from command-line, this was
>> the equivalent of
>>
>> ant run.client -Durl=http://localhost:8081/axis2/services/BankService
>> -Daccount=88 -Damt=1200
>>
>>
>> OR
>>
>> 2. (sample03 - secured) Or trying to log in with incorrect login details:
>>
>> (In this sample, only "bob" is a valid Username. All others usernames
>> should throw authentication errors)
>>
>> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
>> xmlns:sam="http://sample03.samples.rampart.apache.org">
>>    <soap:Header>
>>             <wsse:Security soap:mustUnderstand="1"
>>
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>>               <wsse:UsernameToken wsu:Id="UsernameToken-1815911479"
>>
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>>                 <wsse:Username>bobx</wsse:Username>
>>                 <wsse:Password
>>
>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password>
>>              </wsse:UsernameToken>
>>            </wsse:Security>
>>         </soap:Header>
>>   <soap:Body>
>>      <sam:echo>
>>         <!--Optional:-->
>>         <sam:param0>echo this string</sam:param0>
>>      </sam:echo>
>>   </soap:Body>
>> </soap:Envelope>
>>
>>
>>
>> But after removing the rampart entry from axis2.xml, things started
>> working as expected.
>>
>> I was now getting expected results like these:
>>
>> 1. BankService
>>
>> <soapenv:Envelope
>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>>   <soapenv:Body>
>>      <soapenv:Fault>
>>         <faultcode>soapenv:Server</faultcode>
>>         <faultstring>Insufficient funds</faultstring>
>>         <detail>
>>            <ns1:InsufficientFundFault xmlns:ns1="http://example">
>>               <ns1:account>88</ns1:account>
>>               <ns1:balance>1000</ns1:balance>
>>               <ns1:requestedFund>1200</ns1:requestedFund>
>>            </ns1:InsufficientFundFault>
>>         </detail>
>>      </soapenv:Fault>
>>   </soapenv:Body>
>> </soapenv:Envelope>
>>
>>
>> 2. sample03
>>
>> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
>>   <soapenv:Body>
>>      <soapenv:Fault>
>>         <soapenv:Code>
>>            <soapenv:Value>soapenv:Receiver</soapenv:Value>
>>         </soapenv:Code>
>>         <soapenv:Reason>
>>            <soapenv:Text xml:lang="en-US">WSDoAllReceiver: security
>> processing failed</soapenv:Text>
>>         </soapenv:Reason>
>>         <soapenv:Detail/>
>>      </soapenv:Fault>
>>   </soapenv:Body>
>> </soapenv:Envelope>
>>
>> So either we have incorrect config instructions -
>> http://ws.apache.org/axis2/modules/rampart/1_0/security-module.html
>> says to put the rampart module entry in axis2.xml - OR there is a bug
>> in the way that Rampart is interacting with errors that are thrown by
>> services in Axis, even services that *don't* use rampart end up being
>> affected by it.  Bug or Not Bug?
>>
>> However, when I have a web service (written code first, not generated
>> from WSDL) that throws an Exception, I still end up getting a HTML
>> error page - but this may be related to the way Axis handles
>> exceptions by default (?). I thought Axis would wrap exceptions in a
>> SoapException, but I'm not sure. Can anyone confirm this?
>>
>>
>> Ellecer
>>
>>
>> On Wed, Oct 21, 2009 at 10:08 PM, Chinmoy Chakraborty <cchinu@gmail.com>
>> wrote:
>> > I saw this error and I suppose this is fixed in 1.5..you can look at
>> > [1].
>> >
>> > [1]. [
>> >
>> > https://issues.apache.org/jira/browse/RAMPART-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12739525#action_12739525
>> > ]
>> >
>> > HTH,
>> > Chinmoy
>> >
>> >
>> >
>> > On Wed, Oct 21, 2009 at 12:17 PM, Ellecer Valencia <ellecer@gmail.com>
>> > wrote:
>> >>
>> >> Hi,
>> >>
>> >> I'm trying to set up WS-Security (just username/password-clear-text)
>> >> and I'm trying to get the service to return a Soap Exception when the
>> >> user logs in with the wrong details. Should be easy, right? However, I
>> >> keep getting HTTP 500 error pages instead of Soap Exceptions, like
>> >> this one:
>> >>
>> >> <html><head><title>Apache Tomcat/6.0.18 - Error
>> >> report</title><style><!--H1
>> >>
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>> >> H2
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>> >> H3
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>> >> BODY
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
>> >> B
>> >>
>> >> {font-family:Tahoqma,Arial,sans-serif;color:white;background-color:#525D76;}
>> >> P
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>> >> {color : black;}A.name {color : black;}HR {color :
>> >> #525D76;}--></style> </head><body><h1>HTTP Status
500 - </h1><HR
>> >> size="1" noshade="noshade"><p><b>type</b> Status
>> >> report</p><p><b>message</b> <u></u></p><p><b>description</b>
<u>The
>> >> server encountered an internal error () that prevented it from
>> >> fulfilling this request.</u></p><HR size="1"
>> >> noshade="noshade"><h3>Apache Tomcat/6.0.18</h3></body></html>
>> >>
>> >> Now I'm testing using axis 1.4.1, putting the exploded webapp in the
>> >> tomcat /webapps directory. When I started getting the error pages, I
>> >> thought removing the mappings for the HTTP 500 error in
>> >> /WEB-INF/web.xml would fix it, but it didn't. I've now removed
>> >> everything else in the Tomcat webapps directory, I've cleaned out the
>> >> Tomcat /work directory, I've even removed the /axis2-web directory in
>> >> the Axis webapp, just to eliminate the possiblity of any more JSPs -
>> >> *and the error pages still keep displaying*.
>> >>
>> >> I came across a post from July that is having a problem similar to
>> >> mine:
>> >>
>> >> http://marc.info/?l=axis-user&m=124662013625695&w=2
>> >>
>> >> However, I didn't come across any posts that resolved his problem.
>> >>
>> >> The software I'm using is:
>> >>
>> >> Axis 1.4.1
>> >> Rampart 1.4
>> >> Tomcat 6.0.18
>> >>
>> >> Has anyone encountered this problem and what fixed it? I've tried
>> >> doing it using policy.xml and via "basic" rampart config, and am
>> >> getting similar results.
>> >>
>> >> Actually, the curious thing is that when I get the error from a
>> >> service configured with "basic" rampart config, I get a stacktrace,
>> >> like this:
>> >>
>> >> m<html><head><title>Apache Tomcat/6.0.18 - Error
>> >> report</title><style><!--H1
>> >>
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>> >> H2
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>> >> H3
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>> >> BODY
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
>> >> B
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
>> >> P
>> >>
>> >> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
>> >> {color : black;}A.name {color : black;}HR {color :
>> >> #525D76;}--></style> </head><body><h1>HTTP Status
500 - </h1><HR
>> >> size="1" noshade="noshade"><p><b>type</b> Exception
>> >> report</p><p><b>message</b> <u></u></p><p><b>description</b>
<u>The
>> >> server encountered an internal error () that prevented it from
>> >> fulfilling this request.</u></p><p><b>exception</b>
>> >> <pre>java.lang.NullPointerException
>> >>
>> >>
>> >>  org.apache.rampart.RampartMessageData.&lt;init&gt;(RampartMessageData.java:308)
>> >>        org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61)
>> >>
>> >>  org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
>> >>        org.apache.axis2.engine.Phase.invoke(Phase.java:317)
>> >>        org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
>> >>
>> >>  org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:520)
>> >>
>> >>
>> >>  org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:416)
>> >>
>> >>
>> >>  org.apache.axis2.transport.http.AxisServlet.processAxisFault(AxisServlet.java:379)
>> >>
>> >>
>> >>  org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:167)
>> >>        javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>> >>        javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>> >> </pre></p><p><b>note</b> <u>The full
stack trace of the root cause is
>> >> available in the Apache Tomcat/6.0.18 logs.</u></p><HR size="1"
>> >> noshade="noshade"><h3>Apache Tomcat/6.0.18</h3></body></html>
>> >>
>> >> -- and it says "Exception report" instead of "Status report" like in
>> >> the first one. I don't know if this indicates it's a different page
>> >> that is hardcoded inside of Axis (just guessing here)?
>> >>
>> >> Thanks in advance for any ideas and help from all you wonderful
>> >> members of the mailing list.  =)
>> >>
>> >>
>> >> thanks,
>> >>
>> >> Ellecer
>> >
>> >
>
>

Mime
View raw message