You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Edem Alipui (JIRA)" <ji...@apache.org> on 2008/08/29 21:51:44 UTC
[jira] Created: (RAMPART-193) Missing signature in SOAP fault
messages
Missing signature in SOAP fault messages
----------------------------------------
Key: RAMPART-193
URL: https://issues.apache.org/jira/browse/RAMPART-193
Project: Rampart
Issue Type: Bug
Affects Versions: 1.4
Environment: Windows Vista
Apache Tomcat 5.5.26
Axis2 1.4
Rampart 1.4
Java JRE: 1.5.0.14
Reporter: Edem Alipui
Assignee: Ruchith Udayanga Fernando
Fix For: 1.4
Hi,
I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
(http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
This is a normal message when there is no faults:
[INFO] Deploying module: addressing-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
[INFO] Deploying module: rahas-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
[INFO] Deploying module: rampart-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
[INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
1.4-impl.jar
[INFO] Verification successful for URI "#Id-30303804"
[INFO] Verification successful for URI "#id-20457766"
[INFO] Verification successful for URI "#id-1412294"
[INFO] Verification successful for URI "#Timestamp-2746929"
Voici le resultat de l'appel:
1721
==========================================================
This is the message I'm getting when a fault is generated.
==========================================================
[INFO] Deploying module: addressing-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
[INFO] Deploying module: rahas-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
[INFO] Deploying module: rampart-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
[INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
1.4-impl.jar
[ERROR] Missing wsse:Security header in request
org.apache.axis2.AxisFault: Missing wsse:Security header in request
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
==============================================
This is the soap enveloppe sent to the Client.
==============================================
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code>
<soapenv:Value>soapenv:Receiver</soapenv:Value>
</soapenv:Code>
<soapenv:Reason>
<soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
</soapenv:Reason>
<soapenv:Detail/>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
===================================================================================================================================
This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
===================================================================================================================================
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<!--
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body /> </sp:EncryptedParts>
-->
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
<sp:MustSupportRefThumbprint />
<sp:MustSupportRefEncryptedKey />
<sp:MustSupportSignatureConfirmation />
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>test</ramp:user>
<ramp:encryptionUser>test</ramp:encryptionUser>
<ramp:passwordCallbackClass>
org.example.www.essaisdeploiementwebservice2.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
===================================================================================
This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
===================================================================================
<phaseOrder type="OutFaultFlow">
<!-- user can add his own phases to this area -->
<phase name="soapmonitorPhase"/>
<phase name="OperationOutFaultPhase"/>
<phase name="MessageOut"/>
<phase name="RMPhase"/>
<phase name="PolicyDetermination"/>
<phase name="Security"/>
</phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Bob Jacoby (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bob Jacoby updated RAMPART-193:
-------------------------------
Attachment: RampartMessageData.class
Attached compiled version of RampartMessageData as generated by IBM 1.5 JDK.
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
> Attachments: RampartMessageData.class, RampartMessageData.java, RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-193.
------------------------------------------------
Resolution: Fixed
This issue is fixed in Rampart 1.5 and now Rampart integration test has tests for negative scenarios to make sure this is not broken again.
regards,
Nandana
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Nandana Mihindukulasooriya
> Priority: Blocker
> Fix For: 1.5
>
> Attachments: RampartMessageData.class, RampartMessageData.java, RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya updated RAMPART-193:
-----------------------------------------------
Fix Version/s: (was: 1.4)
1.5
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Nandana Mihindukulasooriya
> Priority: Blocker
> Fix For: 1.5
>
> Attachments: RampartMessageData.class, RampartMessageData.java, RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
AW: [jira] Updated: (RAMPART-193) Missing signature in SOAP fault messages
Posted by nc Software AG - Christian Mielke <cm...@nc-ag.de>.
Hello,
could it be that this a similiar problem like I have with my RAMPART 1.3? My
service fault is signed but it seems to be signed wrong because the clients
(JAVA abd .NET) calculate always a different hash for the signed body then
the delivered hash in the security header from the server.
Greetings
Christian
-----Ursprüngliche Nachricht-----
Von: Nandana Mihindukulasooriya (JIRA) [mailto:jira@apache.org]
Gesendet: Donnerstag, 5. März 2009 09:48
An: rampart-dev@ws.apache.org
Betreff: [jira] Updated: (RAMPART-193) Missing signature in SOAP fault
messages
[
https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.pl
ugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya updated RAMPART-193:
-----------------------------------------------
Priority: Blocker (was: Major)
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Priority: Blocker
> Fix For: 1.4
>
> Attachments: RampartMessageData.class, RampartMessageData.java,
RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I
have the following issue: Whenever an Axis fault is generated on the
server's side,
> the SOAP fault message send back to the client is not signed. It results
in an error since the client is expecting a signed SOAP enveloppe. I'm
working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking
section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and
http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have
been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the
issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
>
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa
isDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
>
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa
isDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
>
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa
isDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa
isDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
>
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa
isDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
>
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa
isDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
>
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa
isDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa
isDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(Ram
partReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST
----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
>
============================================================================
=======================================================
> This is the Policy file I'm using. Besides the locations of the Keystore,
it is the same policy on both ends (service and client).
>
============================================================================
=======================================================
> <wsp:Policy wsu:Id="SigOnly"
>
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
>
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
>
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
eToken/AlwaysToRecipient">
> <wsp:Policy>
>
<sp:WssX509V3Token10 />
>
</wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
>
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
eToken/Never">
> <wsp:Policy>
>
<sp:RequireThumbprintReference />
>
<sp:WssX509V3Token10 />
>
</wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15
/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
>
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header
Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
>
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation
/>
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
>
<ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
>
org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
>
name="org.apache.ws.security.crypto.merlin.keystore.type">
JKS</ramp:property>
> <ramp:property
name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
>
name="org.apache.ws.security.crypto.merlin.keystore.password">
changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
>
name="org.apache.ws.security.crypto.merlin.keystore.type">
JKS</ramp:property>
> <ramp:property
name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
>
name="org.apache.ws.security.crypto.merlin.keystore.password">
changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
============================================================================
=======
> This is the parts of axis2.xml where the security is enabled in the
OutFaultFlow:
>
============================================================================
=======
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya updated RAMPART-193:
-----------------------------------------------
Priority: Blocker (was: Major)
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Priority: Blocker
> Fix For: 1.4
>
> Attachments: RampartMessageData.class, RampartMessageData.java, RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Grégory Provost (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12664462#action_12664462 ]
Grégory Provost commented on RAMPART-193:
-----------------------------------------
Any news regarding this issue ? Is there a patch/new version available ? Regards
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Edem Alipui (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12756253#action_12756253 ]
Edem Alipui commented on RAMPART-193:
-------------------------------------
Thanks very much,
I'll be looking forward for the release of rampar 1.5.
Edem.
On Mon, Aug 31, 2009 at 3:19 PM, Nandana Mihindukulasooriya (JIRA) <
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Nandana Mihindukulasooriya
> Priority: Blocker
> Fix For: 1.5
>
> Attachments: RampartMessageData.class, RampartMessageData.java, RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Bob Jacoby (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12664527#action_12664527 ]
Bob Jacoby commented on RAMPART-193:
------------------------------------
I just added a patch that should resolve the issue that I discussed in Oct. All it does is add the last servicePolicy lookup I listed above (from the attachedPolicyComponents) to the end of all the other lookups in the RampartMessageData constructor. I threw this patch together based on correspondence I had with Maik who implemented this change himself. I have not tested this in my environment however.
Without stepping through the code in more detail I have a feeling this may be a fix to a symptom, but not necessarily the cure. I say this because I would think the Policy should be retrieved from one of the earlier retrieval attempts in the constructor (e.g., from MessageContext). However, this at lease resolves the issue of not getting signed faults back.
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
> Attachments: RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Bob Jacoby (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12642985#action_12642985 ]
Bob Jacoby commented on RAMPART-193:
------------------------------------
Unless I'm missing something this issue makes it impossible to use custom soap faults in a secured service. I'm using Axis 1.4.1 and Rampart 1.4.
The reason the messages are not being signed appears to be due to the policy not being found during the OutFaultFlow. In tracing the flow through the RampartMessageData constructor during the OutFaultFlow, none of the attempts to load the servicePolicy from different locations results in the policy being loaded.
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-193:
--------------------------------------------------
Assignee: Nandana Mihindukulasooriya (was: Ruchith Udayanga Fernando)
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Nandana Mihindukulasooriya
> Priority: Blocker
> Fix For: 1.5
>
> Attachments: RampartMessageData.class, RampartMessageData.java, RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Maik Hassel (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12652597#action_12652597 ]
Maik Hassel commented on RAMPART-193:
-------------------------------------
I ran into the same issue in a production system. It is quite surprising that this issue - while flagged in various JIRAs over the past 9 months - seems of rather low priority. After all, as Bob already stated, it makes it impossible to use custom soap faults in a secured service, which is a pretty rudimentary and necessary thing to do?
Is there at least a quick fix or patch I can add myself to get this working?
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "John Applebey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12632205#action_12632205 ]
John Applebey commented on RAMPART-193:
---------------------------------------
Do we have a patch for this yet?
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Grégory Provost (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12665087#action_12665087 ]
Grégory Provost commented on RAMPART-193:
-----------------------------------------
Thanks Bob. One more question, That would be very nice if you could attach the patched version of RAMPART-CORE ? Thanks Gregory
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
> Attachments: RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12738938#action_12738938 ]
Nandana Mihindukulasooriya commented on RAMPART-193:
----------------------------------------------------
Hi,
Will you be able to test this with Axis2 1.5 and latest Rampart trunk. Thilina has contributed test cases for negative scenarios (RAMPART-233) and now these negative scenarios are also checked in the integration tests of Rampart build.
regards,
Nandana
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Nandana Mihindukulasooriya
> Priority: Blocker
> Fix For: 1.5
>
> Attachments: RampartMessageData.class, RampartMessageData.java, RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Bob Jacoby (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bob Jacoby updated RAMPART-193:
-------------------------------
Attachment: RampartMessageData.patch
Patch to add additional lookup of policy
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
> Attachments: RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (RAMPART-193) Missing signature in
SOAP fault messages
Posted by "Bob Jacoby (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12643242#action_12643242 ]
jacorob edited comment on RAMPART-193 at 10/28/08 9:49 AM:
--------------------------------------------------------------
I implemented a workaround that seems to work for me. Basically, I defined a custom handler in the OutFaultFlow that implements the same lookup that the RampartMessageData currently performs (in case something is fixed that suddenly resolves this issue or there are other cases such that the policy will be found in the current methodology). If the policy isn't found, I then try to calculate the policies on the policy subject. I then set the policy in the message context, which RampartMessageData will then see.
I added the handler to a custom module in a custom phase which I inserted at the beginning of the OutFaultFlow.
-------Handler Code---------
public InvocationResponse invoke(MessageContext messageContext) throws AxisFault {
Policy effectivePolicy = getEffectivePolicy(messageContext);
if (effectivePolicy != null) {
messageContext.setProperty(RampartMessageData.KEY_RAMPART_POLICY, effectivePolicy);
}
return InvocationResponse.CONTINUE;
}
private Policy getEffectivePolicy(MessageContext msgCtx) {
Policy servicePolicy = null;
if (msgCtx.getProperty(RampartMessageData.KEY_RAMPART_POLICY) != null) {
servicePolicy = (Policy) msgCtx.getProperty(RampartMessageData.KEY_RAMPART_POLICY);
}
if (servicePolicy == null) {
servicePolicy = msgCtx.getEffectivePolicy();
}
if (servicePolicy == null) {
Parameter param = msgCtx.getParameter(RampartMessageData.KEY_RAMPART_POLICY);
if (param != null) {
OMElement policyElem = param.getParameterElement().getFirstElement();
servicePolicy = PolicyEngine.getPolicy(policyElem);
}
}
if (servicePolicy == null && msgCtx.getAxisService() != null && msgCtx.getAxisService().getPolicySubject() != null) {
Collection subjectPolicies = msgCtx.getAxisService().getPolicySubject().getAttachedPolicyComponents();
if (subjectPolicies.size() > 0) {
servicePolicy = PolicyUtil.getMergedPolicy(new ArrayList(subjectPolicies), msgCtx.getAxisService());
}
}
return servicePolicy;
}
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-193) Missing signature in SOAP fault
messages
Posted by "Bob Jacoby (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bob Jacoby updated RAMPART-193:
-------------------------------
Attachment: RampartMessageData.java
Attaching a patched version of RampartMessageData.java using patch provided earlier.
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
> Attachments: RampartMessageData.java, RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.