You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Bob Jacoby (JIRA)" <ji...@apache.org> on 2008/10/27 19:04:44 UTC
[jira] Commented: (RAMPART-193) Missing signature in SOAP fault
messages
[ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12642985#action_12642985 ]
Bob Jacoby commented on RAMPART-193:
------------------------------------
Unless I'm missing something this issue makes it impossible to use custom soap faults in a secured service. I'm using Axis 1.4.1 and Rampart 1.4.
The reason the messages are not being signed appears to be due to the policy not being found during the OutFaultFlow. In tracing the flow through the RampartMessageData constructor during the OutFaultFlow, none of the attempts to load the servicePolicy from different locations results in the policy being loaded.
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
> the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.