You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Sanjay Vivek <Sa...@newcastle.ac.uk> on 2008/03/03 14:40:57 UTC
"Missing wsse:Security header in request" exception.
Hi everyone,
I've a policy based service that returns the UsernameToken information
of an authenticated user. This service is based on the latest Rampart
and Axis2 SNAPSHOT version as suggested in the forum. However, when I
tried to call this service with a client, I got the following exception:
Exception in thread "main" org.apache.axis2.AxisFault: Expected
transport is "https" but incoming transport found : "http"
So I proceeded to put the service behind https. Now however, I get a new
exception:
Exception in thread "main" org.apache.axis2.AxisFault: Missing
wsse:Security header in request
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:9
2)
at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(Out
InAxisOperation.java:336)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOper
ation.java:389)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInA
xisOperation.java:211)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163
)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528
)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:508
)
at
org.apache.rampart.policy.CommandLineClient.main(CommandLineClient.java:
69)
Caused by: org.apache.rampart.RampartException: Missing wsse:Security
header in request
at
org.apache.rampart.RampartEngine.process(RampartEngine.java:106)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:8
5)
... 10 more
I don't get these errors when I use the rampart-1.3 distribution. My
client can successfully call the service via http or https. Both my
client and service installation is exactly the same as the
rampart-snapshot distribution (i.e. my services.xml and policy.xml are
exactly the same). And does Rampart-SNAPSHOT insist upon the service
being behind https?
Do I have to edit anything else to the services.xml or policy.xml to get
it working for the rampart-snapshot distro? Both my services.xml and
policy.xml are given below for reference. Cheers.
Regards
Sanjay
policy.xml:
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>bob</ramp:user>
<ramp:passwordCallbackClass>org.apache.rampart.policy.PWHandlerClient</r
amp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
services.xml:
<service>
<operation name="echo">
<messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</operation>
<parameter name="ServiceClass"
locked="false">org.apache.rampart.policy.PolicyEchoService</parameter>
<module ref="rampart" />
<module ref="addressing" />
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:passwordCallbackClass>org.apache.rampart.policy.PWHandlerServer</r
amp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
RE: "Missing wsse:Security header in request" exception.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi Martin,
There isn't an <encryptionParts> element in my axis2.xml file. Do I have
to add this element? And where exactly do I insert this element within
the axis2.xml?
>From what I've Googled so far, <encryptionParts> seems to be part of
Apache WSS4J. Is this indeed the case? Cheers.
Regards
Sanjay
>-----Original Message-----
>From: Martin Gainty [mailto:mgainty@hotmail.com]
>Sent: 03 March 2008 14:26
>To: rampart-dev@ws.apache.org
>Subject: Re: "Missing wsse:Security header in request" exception.
>
>Nearest I can tell the encryptionParts child element must have
>this format ( /WEB-INF/conf/axis2.xml) <axisconfig name="AxisJava2.0">
> <parameter name="hotdeployment" locked="false">true</parameter>
> <parameter name="hotupdate" locked="false">true</parameter>
> <messageReceiver mep="INOUT"
>class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
> <!-- Scenario 2: Client's Configuration:START-->
> <parameter name="OutflowSecurity">
> <action>
>
><encryptionParts>{Element}{http://docs.oasis-open.org/wss/2004/
01/oasis-2004
>01-wss-wssecurity-secext-1.0.xsd}UsernameToken</encryptionParts>
>
>Anyone else?
Re: "Missing wsse:Security header in request" exception.
Posted by Martin Gainty <mg...@hotmail.com>.
Nearest I can tell the encryptionParts child element must have this format
( /WEB-INF/conf/axis2.xml)
<axisconfig name="AxisJava2.0">
<parameter name="hotdeployment" locked="false">true</parameter>
<parameter name="hotupdate" locked="false">true</parameter>
<messageReceiver mep="INOUT"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
<!-- Scenario 2: Client's Configuration:START-->
<parameter name="OutflowSecurity">
<action>
<encryptionParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-2004
01-wss-wssecurity-secext-1.0.xsd}UsernameToken</encryptionParts>
Anyone else?
Martin--
----- Original Message -----
From: "Sanjay Vivek" <Sa...@newcastle.ac.uk>
To: <ra...@ws.apache.org>
Sent: Monday, March 03, 2008 8:40 AM
Subject: "Missing wsse:Security header in request" exception.
Hi everyone,
I've a policy based service that returns the UsernameToken information
of an authenticated user. This service is based on the latest Rampart
and Axis2 SNAPSHOT version as suggested in the forum. However, when I
tried to call this service with a client, I got the following exception:
Exception in thread "main" org.apache.axis2.AxisFault: Expected
transport is "https" but incoming transport found : "http"
So I proceeded to put the service behind https. Now however, I get a new
exception:
Exception in thread "main" org.apache.axis2.AxisFault: Missing
wsse:Security header in request
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:9
2)
at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(Out
InAxisOperation.java:336)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOper
ation.java:389)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInA
xisOperation.java:211)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163
)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528
)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:508
)
at
org.apache.rampart.policy.CommandLineClient.main(CommandLineClient.java:
69)
Caused by: org.apache.rampart.RampartException: Missing wsse:Security
header in request
at
org.apache.rampart.RampartEngine.process(RampartEngine.java:106)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:8
5)
.. 10 more
I don't get these errors when I use the rampart-1.3 distribution. My
client can successfully call the service via http or https. Both my
client and service installation is exactly the same as the
rampart-snapshot distribution (i.e. my services.xml and policy.xml are
exactly the same). And does Rampart-SNAPSHOT insist upon the service
being behind https?
Do I have to edit anything else to the services.xml or policy.xml to get
it working for the rampart-snapshot distro? Both my services.xml and
policy.xml are given below for reference. Cheers.
Regards
Sanjay
policy.xml:
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>bob</ramp:user>
<ramp:passwordCallbackClass>org.apache.rampart.policy.PWHandlerClient</r
amp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
services.xml:
<service>
<operation name="echo">
<messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</operation>
<parameter name="ServiceClass"
locked="false">org.apache.rampart.policy.PolicyEchoService</parameter>
<module ref="rampart" />
<module ref="addressing" />
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
cludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:passwordCallbackClass>org.apache.rampart.policy.PWHandlerServer</r
amp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
Re: "Missing wsse:Security header in request" exception.
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Sanjay,
Rampart SNAPSHOT insist on using "https" as the transport
medium because you have the following policy assertion.
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
If you comment out the https token, you will be able to use
http, but it is adviced to use a secure transport. Looking at the
stack trace it seems that, the response you are getting from the
server is not having a security header and looking at your policy it
is correct behavior. The response doesn't need to have a security
header. I thought we handle this scenario properly, but I will recheck
with your policy.
thanks,
/nandana
On Mon, Mar 3, 2008 at 7:10 PM, Sanjay Vivek
<Sa...@newcastle.ac.uk> wrote:
> Hi everyone,
>
> I've a policy based service that returns the UsernameToken information
> of an authenticated user. This service is based on the latest Rampart
> and Axis2 SNAPSHOT version as suggested in the forum. However, when I
> tried to call this service with a client, I got the following exception:
>
> Exception in thread "main" org.apache.axis2.AxisFault: Expected
> transport is "https" but incoming transport found : "http"
>
> So I proceeded to put the service behind https. Now however, I get a new
> exception:
>
> Exception in thread "main" org.apache.axis2.AxisFault: Missing
> wsse:Security header in request
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:9
> 2)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
> at
> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
> at
> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
> at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(Out
> InAxisOperation.java:336)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOper
> ation.java:389)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInA
> xisOperation.java:211)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163
> )
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528
> )
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:508
> )
> at
> org.apache.rampart.policy.CommandLineClient.main(CommandLineClient.java:
> 69)
> Caused by: org.apache.rampart.RampartException: Missing wsse:Security
> header in request
> at
> org.apache.rampart.RampartEngine.process(RampartEngine.java:106)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:8
> 5)
> ... 10 more
>
>
> I don't get these errors when I use the rampart-1.3 distribution. My
> client can successfully call the service via http or https. Both my
> client and service installation is exactly the same as the
> rampart-snapshot distribution (i.e. my services.xml and policy.xml are
> exactly the same). And does Rampart-SNAPSHOT insist upon the service
> being behind https?
>
> Do I have to edit anything else to the services.xml or policy.xml to get
> it working for the rampart-snapshot distro? Both my services.xml and
> policy.xml are given below for reference. Cheers.
>
> Regards
> Sanjay
>
>
> policy.xml:
>
> <wsp:Policy wsu:Id="UTOverTransport"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> urity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken
> RequireClientCertificate="false"/>
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax/>
> </wsp:Policy>
> </sp:Layout>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
> cludeToken/AlwaysToRecipient" />
> </wsp:Policy>
> </sp:SignedSupportingTokens>
>
> <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>bob</ramp:user>
>
> <ramp:passwordCallbackClass>org.apache.rampart.policy.PWHandlerClient</r
> amp:passwordCallbackClass>
> </ramp:RampartConfig>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
>
> services.xml:
>
> <service>
> <operation name="echo">
> <messageReceiver
> class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
> </operation>
> <parameter name="ServiceClass"
> locked="false">org.apache.rampart.policy.PolicyEchoService</parameter>
>
> <module ref="rampart" />
> <module ref="addressing" />
>
> <wsp:Policy wsu:Id="UTOverTransport"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> urity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken
> RequireClientCertificate="false"/>
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax/>
> </wsp:Policy>
> </sp:Layout>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
> cludeToken/AlwaysToRecipient" />
> </wsp:Policy>
> </sp:SignedSupportingTokens>
>
> <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy">
>
> <ramp:passwordCallbackClass>org.apache.rampart.policy.PWHandlerServer</r
> amp:passwordCallbackClass>
> </ramp:RampartConfig>
>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> </service>
>
--
Nandana Mihindukulasooriya
Software Engineer
WSO2 inc.
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/