Possible to control the WS-Policy soap faults in inSequence of proxy in Synapse?

[J Bouck <bo...@gmail.com>]

I am looking to use Synapse as a proxy for a web service in a simlar
fashion to Synapse sample#103.
When a WS-policy violation occurs in the proxy inSequence is there a
way to return a custom fault rather than the axisFault that is
generated in the soapenv namespace?
<soapenv:Fault>
   <faultcode>soapenv:Server</faultcode>
   <faultstring>Missing wsse:Security header in request</faultstring>
   <detail />
</soapenv:Fault>
I can get my custom soap faults to be returned for the proxy by
configuring the faultSequence for the proxyService, but they aren't
returned when the WS-Policy is violated in the inSequence (e.g.
missing or invalid wsse headers).  The proxy faultSequence only seems
to be sent when the outSequence fails (e.g.endpoint server port is not
open).
I tried adding an onError attribute to inSequence for the proxyService
but that didn't work.  Any ideas?  I am willing to write a custom
mediator if need be.
I would really like to be able to strictly control the soap faults
that could ever be returned for security concerns.
~john

---------------------------------------------------------------------
To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
For additional commands, e-mail: synapse-user-help@ws.apache.org

Re: Possible to control the WS-Policy soap faults in inSequence of proxy in Synapse?

[Paul Fremantle <pz...@gmail.com>]

Maybe we need to change the way we integrate with Axis2 to ensure that
we get these faults irrespective of where they occur?

For example maybe we could have a handler right at the end of the outflow?

Paul

On 9/6/07, Ruwan Linton <ru...@gmail.com> wrote:
> Hi John,
>
> See my comments in line,
>
> On 9/6/07, J Bouck <bo...@gmail.com> wrote:
> >
> > I am looking to use Synapse as a proxy for a web service in a simlar
> > fashion to Synapse sample#103.
> > When a WS-policy violation occurs in the proxy inSequence is there a
> > way to return a custom fault rather than the axisFault that is
> > generated in the soapenv namespace?
> >
>
> Hmmm... This policy validation will be done before the message comes in to
> Synapse and hence synapse does not have control over this validation.
> Basically Apache Rampart will be handling security within Axis2 before the
> message comes inside in to Synapse proxy. So I don't think this is easy
> .....
>
> <soapenv:Fault>
> >    <faultcode>soapenv:Server</faultcode>
> >    <faultstring>Missing wsse:Security header in request</faultstring>
> >    <detail />
> > </soapenv:Fault>
> > I can get my custom soap faults to be returned for the proxy by
> > configuring the faultSequence for the proxyService, but they aren't
> > returned when the WS-Policy is violated in the inSequence (e.g.
> > missing or invalid wsse headers).  The proxy faultSequence only seems
> > to be sent when the outSequence fails (e.g.endpoint server port is not
> > open).
>
>
> No, it works fine with the inSequence as well. But what matters is in your
> case Fault is not generated by Synapse, it is before any of the Synapse
> actions. That is why the fault Sequence is not executed.
>
> I tried adding an onError attribute to inSequence for the proxyService
> > but that didn't work.  Any ideas?  I am willing to write a custom
> > mediator if need be.
>
>
> Any ideas from others?
>
> Thanks,
> Ruwan
>
> I would really like to be able to strictly control the soap faults
> > that could ever be returned for security concerns.
> > ~john
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: synapse-user-help@ws.apache.org
> >
> >
>
>
> --
> Ruwan Linton
> http://www.wso2.org - "Oxygenating the Web Services Platform"
>


-- 
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com

---------------------------------------------------------------------
To unsubscribe, e-mail: synapse-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: synapse-dev-help@ws.apache.org

Re: Possible to control the WS-Policy soap faults in inSequence of proxy in Synapse?

[Paul Fremantle <pz...@gmail.com>]

Maybe we need to change the way we integrate with Axis2 to ensure that
we get these faults irrespective of where they occur?

For example maybe we could have a handler right at the end of the outflow?

Paul

On 9/6/07, Ruwan Linton <ru...@gmail.com> wrote:
> Hi John,
>
> See my comments in line,
>
> On 9/6/07, J Bouck <bo...@gmail.com> wrote:
> >
> > I am looking to use Synapse as a proxy for a web service in a simlar
> > fashion to Synapse sample#103.
> > When a WS-policy violation occurs in the proxy inSequence is there a
> > way to return a custom fault rather than the axisFault that is
> > generated in the soapenv namespace?
> >
>
> Hmmm... This policy validation will be done before the message comes in to
> Synapse and hence synapse does not have control over this validation.
> Basically Apache Rampart will be handling security within Axis2 before the
> message comes inside in to Synapse proxy. So I don't think this is easy
> .....
>
> <soapenv:Fault>
> >    <faultcode>soapenv:Server</faultcode>
> >    <faultstring>Missing wsse:Security header in request</faultstring>
> >    <detail />
> > </soapenv:Fault>
> > I can get my custom soap faults to be returned for the proxy by
> > configuring the faultSequence for the proxyService, but they aren't
> > returned when the WS-Policy is violated in the inSequence (e.g.
> > missing or invalid wsse headers).  The proxy faultSequence only seems
> > to be sent when the outSequence fails (e.g.endpoint server port is not
> > open).
>
>
> No, it works fine with the inSequence as well. But what matters is in your
> case Fault is not generated by Synapse, it is before any of the Synapse
> actions. That is why the fault Sequence is not executed.
>
> I tried adding an onError attribute to inSequence for the proxyService
> > but that didn't work.  Any ideas?  I am willing to write a custom
> > mediator if need be.
>
>
> Any ideas from others?
>
> Thanks,
> Ruwan
>
> I would really like to be able to strictly control the soap faults
> > that could ever be returned for security concerns.
> > ~john
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: synapse-user-help@ws.apache.org
> >
> >
>
>
> --
> Ruwan Linton
> http://www.wso2.org - "Oxygenating the Web Services Platform"
>


-- 
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair

blog: http://pzf.fremantle.org
paul@wso2.com

"Oxygenating the Web Service Platform", www.wso2.com

---------------------------------------------------------------------
To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
For additional commands, e-mail: synapse-user-help@ws.apache.org

Re: Possible to control the WS-Policy soap faults in inSequence of proxy in Synapse?

[Ruwan Linton <ru...@gmail.com>]

Hi John,

See my comments in line,

On 9/6/07, J Bouck <bo...@gmail.com> wrote:
>
> I am looking to use Synapse as a proxy for a web service in a simlar
> fashion to Synapse sample#103.
> When a WS-policy violation occurs in the proxy inSequence is there a
> way to return a custom fault rather than the axisFault that is
> generated in the soapenv namespace?
>

Hmmm... This policy validation will be done before the message comes in to
Synapse and hence synapse does not have control over this validation.
Basically Apache Rampart will be handling security within Axis2 before the
message comes inside in to Synapse proxy. So I don't think this is easy
.....

<soapenv:Fault>
>    <faultcode>soapenv:Server</faultcode>
>    <faultstring>Missing wsse:Security header in request</faultstring>
>    <detail />
> </soapenv:Fault>
> I can get my custom soap faults to be returned for the proxy by
> configuring the faultSequence for the proxyService, but they aren't
> returned when the WS-Policy is violated in the inSequence (e.g.
> missing or invalid wsse headers).  The proxy faultSequence only seems
> to be sent when the outSequence fails (e.g.endpoint server port is not
> open).


No, it works fine with the inSequence as well. But what matters is in your
case Fault is not generated by Synapse, it is before any of the Synapse
actions. That is why the fault Sequence is not executed.

I tried adding an onError attribute to inSequence for the proxyService
> but that didn't work.  Any ideas?  I am willing to write a custom
> mediator if need be.


Any ideas from others?

Thanks,
Ruwan

I would really like to be able to strictly control the soap faults
> that could ever be returned for security concerns.
> ~john
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: synapse-user-help@ws.apache.org
>
>


-- 
Ruwan Linton
http://www.wso2.org - "Oxygenating the Web Services Platform"