synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Anderson (JIRA)" <j...@apache.org>
Subject [jira] Closed: (SYNAPSE-151) Can't stop and return error for POX request without using Makefault. But with Makefault, SOAP envelope is returned to the client, and also headers - including Basic Authorization!
Date Wed, 17 Oct 2007 08:53:50 GMT

     [ https://issues.apache.org/jira/browse/SYNAPSE-151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Paul Anderson closed SYNAPSE-151.
---------------------------------

    Resolution: Invalid

Thanks a lot for the explanation. Indeed, it's a POX payload even though it's in the SOAP
namespace.
It might be worth documenting. Also to document that when you turn RESPONSE="true" it turns
an In message directly into an Out message, with all its headers.

> Can't stop and return error for POX request without using Makefault. But with Makefault,
SOAP envelope is returned to the client, and also headers - including Basic Authorization!
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SYNAPSE-151
>                 URL: https://issues.apache.org/jira/browse/SYNAPSE-151
>             Project: Synapse
>          Issue Type: Bug
>    Affects Versions: 1.0
>         Environment: JDK6 on RHEL3
>            Reporter: Paul Anderson
>            Priority: Minor
>
> I can't stop and return error for a POX request (here, on BASIC auth failure) without
using Makefault (see config below).
> But with Makefault, the fault in its SOAP envelope is returned to the client, and also
the http request headers - including Basic Authorization! Not very secure.
> As a workaround, I strip out the Authorization header manually.
> If there is no fault, no SOAP envelope is returned - just the POX payload. This is correct.
> <sequence name="myfault">
>           <makefault>
>             <code value="tns:Receiver" xmlns:tns="http://www.w3.org/2003/05/soap-envelope"/>
>             <reason value="Authorization failed!"/>
>           </makefault>
>           <log level="full"/>
>           <property name="RESPONSE" value="true" />
>           <property name="Authorization" action="remove" scope="transport"/>
>           <send/>
> </sequence>
> <filter source="get-property('To')" regex=".*/AService">
>         <log level="full"/>
>         <property name="SOAPAction" action="set" expression="'doIt'" scope="transport"/>
>         <sequence name="basic" onError="myfault">
>         <class name="de.subnatural.synapse.BasicAuthenticationMediator">
>           <property name="reqUsername" value="***"/>
>           <property name="reqPassword" value="***"/>
>         </class>
> <send>
>                    <endpoint>
>                         <address uri="http://***" format="soap">
>                         </address>
>                     </endpoint>
> </send>
>         </sequence>
> </filter>
> <out>
> <header name="wsse:Security" action="remove"
>                 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
/>
>         <log level="full"/>
> <send/>
> </out>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: synapse-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: synapse-dev-help@ws.apache.org


Mime
View raw message