You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-c-dev@ws.apache.org by "Dave Meier (JIRA)" <ji...@apache.org> on 2008/02/23 02:47:19 UTC
[jira] Created: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Rampart does not work unless the operation name is in the URL
-------------------------------------------------------------
Key: RAMPARTC-71
URL: https://issues.apache.org/jira/browse/RAMPARTC-71
Project: Rampart/C
Issue Type: Bug
Components: Rampart-core
Affects Versions: 1.1.0
Environment: Windows XP
Reporter: Dave Meier
Assignee: Glen Daniels
Priority: Critical
Fix For: Current
Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "Dave Meier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573602#action_12573602 ]
Dave Meier commented on RAMPARTC-71:
------------------------------------
Thanks for your comments. I thought the change I made would be safe because it still checks at the operation level if an operation is provided in the URL or the action, but it is true that this opens a security hole for the case where the service does not specify policy at the service level. It could be workable if there was a server side switch to say that there is no policy attached at the operation level, since then it would be safe to just look at the service level.
-Dave.
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
> Attachments: rampart_engine_c_diff.txt
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "S.Uthaiyashankar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12572766#action_12572766 ]
S.Uthaiyashankar commented on RAMPARTC-71:
------------------------------------------
This is because, rampart checks the policy according to operation. So, either you have to give the operation in the URL or you have to give mapping of action -> operation in service.xml file.
If you give the mapping, then url can be http://localhost:9090/axis2/services/myservicename . In this case the mapping will be as follows, where "myactionstring" is the wsa:Action of the request
<operation name="myoperation">
<parameter name="wsamapping">myactionstring</parameter>
</operation>
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "S.Uthaiyashankar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
S.Uthaiyashankar reassigned RAMPARTC-71:
----------------------------------------
Assignee: S.Uthaiyashankar (was: Glen Daniels)
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "Dave Meier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573560#action_12573560 ]
Dave Meier commented on RAMPARTC-71:
------------------------------------
I don't want to have to specify an action for each web service call. I modified rampart_engine.c to fall back to using the service if there is no operation and that works for me. What do you think about making this change. I'll attach the diff file.
Thanks,
-Dave.
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
> Attachments: rampart_engine_c_diff.txt
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "Malinda Kaushalye Kapuruge (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Malinda Kaushalye Kapuruge resolved RAMPARTC-71.
------------------------------------------------
Resolution: Invalid
Invalid... please close the issue
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
> Attachments: rampart_engine_c_diff.txt
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "Manjula Peiris (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12572804#action_12572804 ]
Manjula Peiris commented on RAMPARTC-71:
----------------------------------------
If you engage addressing you don't need to have the operation in the url. It is in the Addressing action.
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "Dave Meier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12572596#action_12572596 ]
Dave Meier commented on RAMPARTC-71:
------------------------------------
I haven't heard from anyone on this. Can this be fixed? It is not symmetrical with the regular SOAP call case as I do not need to specify the operation name in the URL for those calls.
-Dave.
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: Glen Daniels
> Priority: Critical
> Fix For: Current
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (RAMPARTC-71) Rampart does not work
unless the operation name is in the URL
Posted by "S.Uthaiyashankar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573575#action_12573575 ]
shankar edited comment on RAMPARTC-71 at 2/28/08 7:29 PM:
-------------------------------------------------------------------
I have a question. If your service is having two operations and they are having different policies, then if you don't include either operation(in url) or mapping(in service.xml), how do we find correct policy to check? Your proposed method will work if policy is given at service level, not at operation level. When we have operation level policy, then it will fail. For rampart, addressing is a must IMHO.
was (Author: shankar):
I have a question. If your service is having two operations and they are having different policies, then if you don't include either operation(in url) or mapping(in service.xml), how do we find correct policy to check? In your proposed method will work with policy is given for service, not at operation level. When we have operation level policy, then it will fail. For rampart, addressing is a must IMHO.
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
> Attachments: rampart_engine_c_diff.txt
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "S.Uthaiyashankar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573575#action_12573575 ]
S.Uthaiyashankar commented on RAMPARTC-71:
------------------------------------------
I have a question. If your service is having two operations and they are having different policies, then if you don't include either operation(in url) or mapping(in service.xml), how do we find correct policy to check? In your proposed method will work with policy is given for service, not at operation level. When we have operation level policy, then it will fail. For rampart, addressing is a must IMHO.
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
> Attachments: rampart_engine_c_diff.txt
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "Manjula Peiris (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573590#action_12573590 ]
Manjula Peiris commented on RAMPARTC-71:
----------------------------------------
Yes Uthiyashankar is right. Your fix does not pick policies attached at operation level. Policy can be attached at message level also. Actually Axis2/C finds the operation from one of the following 3 dispatching.
1. Using the url
2.Using Addressing Action
3. Using the body
Actually for security messages the option 3 cannot be used. Because the body can be encrypted. In that case we need to invoke security handlers before body based dispatcher. But security handlers cannot be invoked until we resolves policies . In that case we need operation. So this is like a chicken egg problem. So for Rampart/C ws-Addressing is a must in the receiving side. If not you need to specify the operation in the url. Since Axis2/C fully supports WS-Addressing I don't think this is a big issue.
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
> Attachments: rampart_engine_c_diff.txt
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPARTC-71) Rampart does not work unless the
operation name is in the URL
Posted by "Dave Meier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dave Meier updated RAMPARTC-71:
-------------------------------
Attachment: rampart_engine_c_diff.txt
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
> Attachments: rampart_engine_c_diff.txt
>
>
> Using regular SOAP calls without rampart I can use http://localhost:9090/axis2/services/myservicename as the URL and axis2/c gets the operation name out of the XML. With rampart, it only works if I add the operation name to the end of the URL (e.g. http://localhost:9090/axis2/services/myservicename/myoperation). This adds a lot of complexity to the client as I have to use a different URL for each operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.