synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Asankha C. Perera" <asan...@wso2.com>
Subject Re: Timestamp in returned fault message
Date Thu, 27 Sep 2007 08:44:57 GMT
Balaji

This has been confirmed as a bug/limitation 
(https://issues.apache.org/jira/browse/RAMPART-90) in Rampart 1.3 - 
which will go into Synapse 1.1

We would be able to get this fixed from the Rampart team in future and 
incorporate with Synapse 1.1 or with 1.1.x or 1.2 in future. Let me know 
if this is critical for your production deployment

asankha

Asankha C. Perera wrote:
> Hi Balaji
>
> This difference is that in the first case, Synapse has accepted the 
> message and creates a fault, and uses the WS-Security policy for the 
> reply - which makes the response timestamped. Now for the second case, 
> the rejection takes place before Synapse gets the message - as the 
> message has failed the WS-Security policy specified. Thus the 
> CallbackHandler has error and Apache Rampart has sent this response 
> back without knowledge of Synapse.
>
> I remember that this situation has been discussed a few days ago as 
> well.. not sure if it was on the Synapse list - but I will check with 
> the Rampart guys to see if they could make this consistent.
>
> asankha
>
> balaji hari wrote:
>> In case of errors returned by mediator using "makefault", the 
>> returned soap
>> fault is timestamped if username token authentication with timestamp
>> security feature is configured.
>>
>> But when password callback class throws UnsupportedCallbackException the
>> generated AxisFault doesn't have a timestamped header.
>> http://www.nabble.com/file/p12889206/websvc_raterank_validate.xml
>> websvc_raterank_validate.xml 
>> http://www.nabble.com/file/p12889206/websvc_policy.xml 
>> websvc_policy.xml Response from Synapse:
>> 1.  by Custom Mediator similar to schema validation error messages:
>>
>> <soapenv:Envelope 
>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>>    <soapenv:Header>
>>       <wsse:Security soapenv:mustUnderstand="1"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

>>
>>          <wsu:Timestamp wsu:Id="Timestamp-27735295"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

>>
>>             <wsu:Created>2007-09-25T21:32:30.912Z</wsu:Created>
>>             <wsu:Expires>2007-09-25T21:37:30.912Z</wsu:Expires>
>>          </wsu:Timestamp>
>>       </wsse:Security>
>>    </soapenv:Header>
>>    <soapenv:Body>
>>       <soapenv:Fault>
>>          <faultcode
>> xmlns:tns="http://www.w3.org/2003/05/soap-envelope">tns:Receiver</faultcode>

>>
>>          <faultstring>User bob not allowed to access web
>> service</faultstring>
>>          <detail/>
>>       </soapenv:Fault>
>>    </soapenv:Body>
>> </soapenv:Envelope>
>>
>> 2. by CallbackHandler
>>
>> <soapenv:Envelope 
>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>>    <soapenv:Body>
>>       <soapenv:Fault>
>>          <faultcode>soapenv:Server</faultcode>
>>          <faultstring>The security token could not be authenticated or
>> authorized</faultstring>
>>          <detail/>
>>       </soapenv:Fault>
>>    </soapenv:Body>
>> </soapenv:Envelope>
>>
>> I have attached the synapse configuration files. Is it possible to 
>> make this
>> behavior consistent?
>>
>> Balaji
>>
>>
>>   
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: synapse-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: synapse-dev-help@ws.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: synapse-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: synapse-dev-help@ws.apache.org


Mime
View raw message