You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by at4david <at...@gmail.com> on 2007/08/06 13:52:44 UTC
RE: Rampart: how to use UsernameToken, Signature and Encrypt
together, use different username.
Hi, I achieved to separate user from usernametoken and user from signature
with different names but the problem is that when the server received the
SOAP message doesn`t verify the USERNAMETOKEN and only verifies the
signature from the client passing of USERNAMETOKEN.
I hope this help you
--
View this message in context: http://www.nabble.com/Rampart%3A-how-to-use-UsernameToken%2C-Signature-and-Encrypt-together%2C-use-different-username.-tf3275410.html#a12014927
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: Rampart error with MustUnderstand
Posted by "Ford, Jennifer M." <JE...@SOUTHERNCO.COM>.
I did finally get the code in sample02 to work, although not with Tomcat
5.5.23. Switching to Tomcat 5.0.28 works for me though (and eliminates
the error below). I'm sure it's some kind of library issue, but once I
got it working I decided not to pursue finding a definitive cause.
-----Original Message-----
From: Jon Hanshew [mailto:jhanshew@visa.com]
Sent: Friday, September 07, 2007 4:58 PM
To: axis-user@ws.apache.org
Subject: RE: Rampart error with MustUnderstand
Check out policy sample02 in Rampart 1.3. The policy/service.xml files
work there.
I have also gotten it to work for my own wsdl app.
However I am having trouble adding a UsernameToken to the mix.
Ford, Jennifer M. wrote:
>
> Well, it has stopped giving me errors for Must Understand, but still
> no luck on actually authenticating. It appears to get past the
Timestamp
> processing, and then fails. Has anyone gotten a Rampart policy with
> AsymmetricBinding/Signature only to work properly? I would be
> interested in seeing your policy file.
>
> I am seeing the following error in the logs:
> 2007-08-08 15:51:56,983 DEBUG org.apache.ws.security.WSSecurityEngine
> - Unknown Element: BinarySecurityToken
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-sec
> ex
> t-1.0.xsd
>
> That seems like probable cause for this to fail. I looked up that
> error on Google, and I see a lot of references to XML Pretty Printing
> (which I now have disabled in my client axis2.xml, although it does
> not appear to have made a difference in the output) and most of those
> messages were using Axis 1.3, not Axis2 as I am using.
>
> The other thing I am struggling with are the X509 token types and the
> decryption algorithm. Is it possible to find that information on the
> certificate itself? I was unable to find it, but I am thinking if I
> were wrong that would be another reason why my signature validation
> would fail.
>
>
> -----Original Message-----
> From: Michael.Davis@servicecanada.gc.ca
> [mailto:Michael.Davis@servicecanada.gc.ca]
> Sent: Wednesday, August 08, 2007 8:07 AM
> To: axis-user@ws.apache.org
> Subject: RE: Rampart error with MustUnderstand
>
> Hi,
>
> It looks like your client is set up to add a timestamp and signature,
> but the server has not been configured to expect them. I got the same
> error when I configured rampart on my client but not on my server.
>
> The Must Understand flag means: If the server doesn't understand this
> header element, then it must report an error rather than continue
> processing.
>
> cheers,
> Michael
> from sunny Ottawa
>
>
>> -----Original Message-----
>> From: Ford, Jennifer M. [mailto:JENNFORD@SOUTHERNCO.COM]
>> Sent: Tuesday, August 07, 2007 6:17 PM
>> To: axis-user@ws.apache.org
>> Subject: Rampart error with MustUnderstand
>>
>>
>> I have spent the last couple days trying to add Rampart to an
>> existing
>
>> web service with Policy/Sample02 as a model. I feel like I'm close,
>> but I can't seem to get past the most recent error:
>>
>> 2007-08-07 16:43:12,066 DEBUG
>> org.apache.axis2.transport.http.AxisServlet -
>> org.apache.axis2.AxisFault: Must Understand check failed for header
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> rity-secex
> t-1.0.xsd : Security
>
> Perhaps a stupid question, but what does the Must Understand check do
> exactly? And, more importantly, what might cause this problem?
>
> Thanks,
> Jennifer
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
>
--
View this message in context:
http://www.nabble.com/Rampart%3A-how-to-use-UsernameToken%2C-Signature-a
nd-Encrypt-together%2C-use-different-username.-tf3275410.html#a12564010
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: Rampart error with MustUnderstand
Posted by Jon Hanshew <jh...@visa.com>.
Check out policy sample02 in Rampart 1.3. The policy/service.xml files work
there.
I have also gotten it to work for my own wsdl app.
However I am having trouble adding a UsernameToken to the mix.
Ford, Jennifer M. wrote:
>
> Well, it has stopped giving me errors for Must Understand, but still no
> luck on actually authenticating. It appears to get past the Timestamp
> processing, and then fails. Has anyone gotten a Rampart policy with
> AsymmetricBinding/Signature only to work properly? I would be
> interested in seeing your policy file.
>
> I am seeing the following error in the logs:
> 2007-08-08 15:51:56,983 DEBUG org.apache.ws.security.WSSecurityEngine -
> Unknown Element: BinarySecurityToken
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> t-1.0.xsd
>
> That seems like probable cause for this to fail. I looked up that error
> on Google, and I see a lot of references to XML Pretty Printing (which I
> now have disabled in my client axis2.xml, although it does not appear to
> have made a difference in the output) and most of those messages were
> using Axis 1.3, not Axis2 as I am using.
>
> The other thing I am struggling with are the X509 token types and the
> decryption algorithm. Is it possible to find that information on the
> certificate itself? I was unable to find it, but I am thinking if I
> were wrong that would be another reason why my signature validation
> would fail.
>
>
> -----Original Message-----
> From: Michael.Davis@servicecanada.gc.ca
> [mailto:Michael.Davis@servicecanada.gc.ca]
> Sent: Wednesday, August 08, 2007 8:07 AM
> To: axis-user@ws.apache.org
> Subject: RE: Rampart error with MustUnderstand
>
> Hi,
>
> It looks like your client is set up to add a timestamp and signature,
> but the server has not been configured to expect them. I got the same
> error when I configured rampart on my client but not on my server.
>
> The Must Understand flag means: If the server doesn't understand this
> header element, then it must report an error rather than continue
> processing.
>
> cheers,
> Michael
> from sunny Ottawa
>
>
>> -----Original Message-----
>> From: Ford, Jennifer M. [mailto:JENNFORD@SOUTHERNCO.COM]
>> Sent: Tuesday, August 07, 2007 6:17 PM
>> To: axis-user@ws.apache.org
>> Subject: Rampart error with MustUnderstand
>>
>>
>> I have spent the last couple days trying to add Rampart to an existing
>
>> web service with Policy/Sample02 as a model. I feel like I'm close,
>> but I can't seem to get past the most recent error:
>>
>> 2007-08-07 16:43:12,066 DEBUG
>> org.apache.axis2.transport.http.AxisServlet -
>> org.apache.axis2.AxisFault: Must Understand check failed for header
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> rity-secex
> t-1.0.xsd : Security
>
> Perhaps a stupid question, but what does the Must Understand check do
> exactly? And, more importantly, what might cause this problem?
>
> Thanks,
> Jennifer
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Rampart%3A-how-to-use-UsernameToken%2C-Signature-and-Encrypt-together%2C-use-different-username.-tf3275410.html#a12564010
Sent from the Axis - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
RE: Rampart error with MustUnderstand
Posted by "Ford, Jennifer M." <JE...@SOUTHERNCO.COM>.
Well, it has stopped giving me errors for Must Understand, but still no
luck on actually authenticating. It appears to get past the Timestamp
processing, and then fails. Has anyone gotten a Rampart policy with
AsymmetricBinding/Signature only to work properly? I would be
interested in seeing your policy file.
I am seeing the following error in the logs:
2007-08-08 15:51:56,983 DEBUG org.apache.ws.security.WSSecurityEngine -
Unknown Element: BinarySecurityToken
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
t-1.0.xsd
That seems like probable cause for this to fail. I looked up that error
on Google, and I see a lot of references to XML Pretty Printing (which I
now have disabled in my client axis2.xml, although it does not appear to
have made a difference in the output) and most of those messages were
using Axis 1.3, not Axis2 as I am using.
The other thing I am struggling with are the X509 token types and the
decryption algorithm. Is it possible to find that information on the
certificate itself? I was unable to find it, but I am thinking if I
were wrong that would be another reason why my signature validation
would fail.
-----Original Message-----
From: Michael.Davis@servicecanada.gc.ca
[mailto:Michael.Davis@servicecanada.gc.ca]
Sent: Wednesday, August 08, 2007 8:07 AM
To: axis-user@ws.apache.org
Subject: RE: Rampart error with MustUnderstand
Hi,
It looks like your client is set up to add a timestamp and signature,
but the server has not been configured to expect them. I got the same
error when I configured rampart on my client but not on my server.
The Must Understand flag means: If the server doesn't understand this
header element, then it must report an error rather than continue
processing.
cheers,
Michael
from sunny Ottawa
> -----Original Message-----
> From: Ford, Jennifer M. [mailto:JENNFORD@SOUTHERNCO.COM]
> Sent: Tuesday, August 07, 2007 6:17 PM
> To: axis-user@ws.apache.org
> Subject: Rampart error with MustUnderstand
>
>
> I have spent the last couple days trying to add Rampart to an existing
> web service with Policy/Sample02 as a model. I feel like I'm close,
> but I can't seem to get past the most recent error:
>
> 2007-08-07 16:43:12,066 DEBUG
> org.apache.axis2.transport.http.AxisServlet -
> org.apache.axis2.AxisFault: Must Understand check failed for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
rity-secex
t-1.0.xsd : Security
Perhaps a stupid question, but what does the Must Understand check do
exactly? And, more importantly, what might cause this problem?
Thanks,
Jennifer
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Email marking
Posted by Demetris G <de...@ece.neu.edu>.
Just a question outside the Axis content -
I get emails from various lists and most of them mark their title with
the mailing list name - [jxta], [owl-s] etc. I noticed that Axis mailing
lists sometimes have this sometimes they don't - I get emails that have
all the signs of spam / malicious and they turn out to be someone asking
for help about a bug (and trust me, the titles some of you choose to
describe your problem crack me up as they are all but friendly ;) )
So - is there something that the Axis mailing administrators can do to
help with this one so that we can configure our spam filters to help us
a bit more with filtering out garbage ?
Much appreciated.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Rampart error with MustUnderstand
Posted by Pavan Madiraju <ma...@gmail.com>.
Thanks Ruchit for your Help,
Is there any way that we can configure the client and service policy without
coding the PWCBHandler so that I can keep all the security information in
the policy.
<ramp:passwordCallbackClass>
org.apache.rampart.samples.policy.sample02.PWCBHandler
</ramp:passwordCallbackClass>
Thanks
Pavan
On 8/9/07, Ruchith Fernando <ru...@gmail.com> wrote:
>
> Argh ... seems like the certs expired on July 21st :(
>
> Please create the client and service keystores as described here :
> http://wso2.org/library/174
>
> Thanks,
> Ruchith
>
> On 8/10/07, Pavan Madiraju <ma...@gmail.com> wrote:
> > I am trying to get samples\policy\sample2 working but getting the
> following
> > error. Is anyone able to get the sample2 working ?
> >
> > Error:
> >
> > [java] org.apache.ws.security.WSSecur ityException: The signature
> > verification failed (The provided certificate is invalid).
> >
> > I am using the service.jks and client.jks that is shipped with the
> samples.
> >
> > Here is the whole error log
> >
> > Service log
> >
> > C:\Development\axis\rampart-1.2\samples\policy>ant service.02
> > Buildfile: build.xml
> >
> > check.dependency:
> >
> > service.02:
> > [copy] Copying 1 file to C:\Development\axis\rampart-
> > 1.2\samples\policy\bui
> > ld\service_repositories\sample02\modules
> > [copy] Copying 1 file to
> > C:\Development\axis\rampart-1.2\samples\policy\bui
> > ld\service_repositories\sample02\modules
> > [copy] Copying 1 file to C:\Development\axis\rampart-
> > 1.2\samples\policy\bui
> > ld\service_repositories\sample02\modules
> > [mkdir] Created dir:
> > C:\Development\axis\rampart-1.2\samples\policy\build\te
> > mp
> > [mkdir] Created dir:
> > C:\Development\axis\rampart-1.2\samples\policy\build\te
> > mp\META-INF
> > [javac] Compiling 2 source files to
> > C:\Development\axis\rampart-1.2\samples\
> > policy\build\temp
> > [copy] Copying 1 file to
> > C:\Development\axis\rampart-1.2\samples\policy\bui
> > ld\temp\META-INF
> > [copy] Copying 1 file to
> > C:\Development\axis\rampart-1.2\samples\policy\bui
> > ld\temp
> > [copy] Copying 1 file to
> > C:\Development\axis\rampart-1.2\samples\policy\bui
> > ld\temp
> > [jar] Building jar: C:\Development\axis\rampart-
> > 1.2\samples\policy\build\s
> > ervice_repositories\sample02\services\sample02.aar
> > [delete] Deleting directory
> > C:\Development\axis\rampart-1.2\samples\policy\bu
> > ild\temp
> > [java] [SimpleHTTPServer] Starting
> > [java] [SimpleHTTPServer] Using the Axis2 Repository
> > C:\Development\axis\ra
> > mpart-1.2\samples\policy\build\service_repositories\sample02
> > [java] [SimpleHTTPServer] Listening on port 8080
> > [java] Aug 9, 2007 2:17:27 PM
> > org.apache.axis2.deployment.ModuleDeployer de
> > ploy
> > [java] INFO: Deploying module: addressing-1.2
> > [java] Aug 9, 2007 2:17:28 PM
> > org.apache.axis2.deployment.ModuleDeployer de
> > ploy
> > [java] INFO: Deploying module: rahas-1.2
> > [java] Aug 9, 2007 2:17:29 PM
> > org.apache.axis2.deployment.ModuleDeployer de
> > ploy
> > [java] INFO: Deploying module: rampart-1.2
> > [java] Aug 9, 2007 2:17:29 PM
> > org.apache.axis2.deployment.ServiceDeployer d
> > eploy
> > [java] INFO: Deploying Web service: sample02.aar
> > [java] [SimpleHTTPServer] Started
> > [java] Aug 9, 2007 2:17:29 PM
> > org.apache.axis2.transport.http.server.Defaul
> > tConnectionListener run
> > [java] INFO: Listening on port 8080
> > [java] org.apache.ws.security.WSSecurityException: The
> > signature verificati
> > on failed (The provided certificate is invalid)
> > [java] at
> > org.apache.ws.security.processor.SignatureProcessor.verifyXML
> > Signature(SignatureProcessor.java:259)
> > [java] at
> > org.apache.ws.security.processor.SignatureProcessor.handleTok
> > en(SignatureProcessor.java:80)
> > [java] at
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> > (WSSecurityEngine.java:279)
> > [java] at
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> > (WSSecurityEngine.java:201)
> > [java] at
> > org.apache.rampart.RampartEngine.process(RampartEngine.java
> > :7
> > 1)
> > [java] at
> > org.apache.rampart.handler.RampartReceiver.invoke(RampartRece
> > iver.java:71)
> > [java] at
> > org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> > [java] at
> > org.apache.axis2.engine.AxisEngine.invoke
> > (AxisEngine.java:203
> > )
> > [java] at
> > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:13
> > 1)
> > [java] at
> > org.apache.axis2.transport.http.HTTPTransportUtils.processHTT
> > PPostRequest(HTTPTransportUtils.java :279)
> > [java] at
> > org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker
> > .java:216)
> > [java] at
> > org.apache.axis2.transport.http.server.AxisHttpService.doServ
> > ice(AxisHttpService.java:275)
> > [java] at
> > org.apache.axis2.transport.http.server.AxisHttpService.handle
> > Request(AxisHttpService.java:184)
> > [java] at
> > org.apache.axis2.transport.http.server.HttpServiceProcessor.r
> > un(HttpServiceProcessor.java :74)
> > [java] at
> > edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExec
> > utor$Worker.runTask(ThreadPoolExecutor.java:665)
> > [java] at
> > edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExec
> > utor$Worker.run(ThreadPoolExecutor.java:690)
> > [java] at java.lang.Thread.run(Thread.java:797)
> >
> >
> > client log
> >
> >
> > C:\Development\axis\rampart-1.2\samples\policy>ant client.02
> > Buildfile: build.xml
> >
> > check.dependency:
> >
> > client.02:
> > [copy] Copying 1 file to
> > C:\Development\axis\rampart-1.2\samples\policy\bui
> > ld\client_repositories\sample02\modules
> > [copy] Copying 1 file to C:\Development\axis\rampart-
> > 1.2\samples\policy\bui
> > ld\client_repositories\sample02\modules
> > [copy] Copying 1 file to
> > C:\Development\axis\rampart-1.2\samples\policy\bui
> > ld\temp_client
> > [copy] Copying 1 file to C:\Development\axis\rampart-
> > 1.2\samples\policy\bui
> > ld\temp_client
> > [java] Aug 9, 2007 2:17:37 PM
> > org.apache.axis2.deployment.DeploymentEngine
> > prepareRepository
> > [java] INFO: No services directory was found under
> > C:\Development\axis\ramp
> > art-1.2\samples\policy\build\client_repositories\sample02.
> > [java] Aug 9, 2007 2:17:37 PM
> > org.apache.axis2.deployment.ModuleDeployer de
> > ploy
> > [java] INFO: Deploying module: addressing-1.2
> > [java] Aug 9, 2007 2:17:39 PM
> > org.apache.axis2.deployment.ModuleDeployer de
> > ploy
> > [java] INFO: Deploying module: rampart-1.2
> > [java] Exception in thread "main" org.apache.axis2.AxisFault: The
> > signature
> > verification failed (The provided certificate is invalid)
> > [java] at
> > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext
> > (Utils.java:434)
> > [java] at
> > org.apache.axis2.description.OutInAxisOperationClient.send(Ou
> > tInAxisOperation.java:373)
> > [java] at
> > org.apache.axis2.description.OutInAxisOperationClient.execute
> > (OutInAxisOperation.java:294)
> > [java] at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClie
> > nt.java:520)
> > [java] at
> > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClie
> > nt.java:500)
> > [java] at
> > org.apache.rampart.samples.policy.sample02.Client.main(Unknow
> > n Source)
> > [java] Java Result: 1
> >
> > BUILD SUCCESSFUL
> > Total time: 8 seconds
> > C:\Development\axis\rampart-1.2\samples\policy>
> >
> > Thanks,
> > Pavan
> >
> >
> > On 8/7/07, Ford, Jennifer M. <JE...@southernco.com> wrote:
> > > I have spent the last couple days trying to add Rampart to an existing
> > > web service with Policy/Sample02 as a model. I feel like I'm close,
> but
> > > I can't seem to get past the most recent error:
> > >
> > > 2007-08-07 16:43:12,066 DEBUG
> > > org.apache.axis2.transport.http.AxisServlet -
> > > org.apache.axis2.AxisFault: Must Understand check failed for header
> > >
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> > > t-1.0.xsd : Security
> > >
> > > Perhaps a stupid question, but what does the Must Understand check do
> > > exactly? And, more importantly, what might cause this problem?
> > >
> > > Thanks,
> > > Jennifer
> > >
> > >
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
Re: Rampart error with MustUnderstand
Posted by Ruchith Fernando <ru...@gmail.com>.
Argh ... seems like the certs expired on July 21st :(
Please create the client and service keystores as described here :
http://wso2.org/library/174
Thanks,
Ruchith
On 8/10/07, Pavan Madiraju <ma...@gmail.com> wrote:
> I am trying to get samples\policy\sample2 working but getting the following
> error. Is anyone able to get the sample2 working ?
>
> Error:
>
> [java] org.apache.ws.security.WSSecur ityException: The signature
> verification failed (The provided certificate is invalid).
>
> I am using the service.jks and client.jks that is shipped with the samples.
>
> Here is the whole error log
>
> Service log
>
> C:\Development\axis\rampart-1.2\samples\policy>ant service.02
> Buildfile: build.xml
>
> check.dependency:
>
> service.02:
> [copy] Copying 1 file to C:\Development\axis\rampart-
> 1.2\samples\policy\bui
> ld\service_repositories\sample02\modules
> [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\service_repositories\sample02\modules
> [copy] Copying 1 file to C:\Development\axis\rampart-
> 1.2\samples\policy\bui
> ld\service_repositories\sample02\modules
> [mkdir] Created dir:
> C:\Development\axis\rampart-1.2\samples\policy\build\te
> mp
> [mkdir] Created dir:
> C:\Development\axis\rampart-1.2\samples\policy\build\te
> mp\META-INF
> [javac] Compiling 2 source files to
> C:\Development\axis\rampart-1.2\samples\
> policy\build\temp
> [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\temp\META-INF
> [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\temp
> [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\temp
> [jar] Building jar: C:\Development\axis\rampart-
> 1.2\samples\policy\build\s
> ervice_repositories\sample02\services\sample02.aar
> [delete] Deleting directory
> C:\Development\axis\rampart-1.2\samples\policy\bu
> ild\temp
> [java] [SimpleHTTPServer] Starting
> [java] [SimpleHTTPServer] Using the Axis2 Repository
> C:\Development\axis\ra
> mpart-1.2\samples\policy\build\service_repositories\sample02
> [java] [SimpleHTTPServer] Listening on port 8080
> [java] Aug 9, 2007 2:17:27 PM
> org.apache.axis2.deployment.ModuleDeployer de
> ploy
> [java] INFO: Deploying module: addressing-1.2
> [java] Aug 9, 2007 2:17:28 PM
> org.apache.axis2.deployment.ModuleDeployer de
> ploy
> [java] INFO: Deploying module: rahas-1.2
> [java] Aug 9, 2007 2:17:29 PM
> org.apache.axis2.deployment.ModuleDeployer de
> ploy
> [java] INFO: Deploying module: rampart-1.2
> [java] Aug 9, 2007 2:17:29 PM
> org.apache.axis2.deployment.ServiceDeployer d
> eploy
> [java] INFO: Deploying Web service: sample02.aar
> [java] [SimpleHTTPServer] Started
> [java] Aug 9, 2007 2:17:29 PM
> org.apache.axis2.transport.http.server.Defaul
> tConnectionListener run
> [java] INFO: Listening on port 8080
> [java] org.apache.ws.security.WSSecurityException: The
> signature verificati
> on failed (The provided certificate is invalid)
> [java] at
> org.apache.ws.security.processor.SignatureProcessor.verifyXML
> Signature(SignatureProcessor.java:259)
> [java] at
> org.apache.ws.security.processor.SignatureProcessor.handleTok
> en(SignatureProcessor.java:80)
> [java] at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> (WSSecurityEngine.java:279)
> [java] at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> (WSSecurityEngine.java:201)
> [java] at
> org.apache.rampart.RampartEngine.process(RampartEngine.java
> :7
> 1)
> [java] at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartRece
> iver.java:71)
> [java] at
> org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> [java] at
> org.apache.axis2.engine.AxisEngine.invoke
> (AxisEngine.java:203
> )
> [java] at
> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:13
> 1)
> [java] at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTT
> PPostRequest(HTTPTransportUtils.java :279)
> [java] at
> org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker
> .java:216)
> [java] at
> org.apache.axis2.transport.http.server.AxisHttpService.doServ
> ice(AxisHttpService.java:275)
> [java] at
> org.apache.axis2.transport.http.server.AxisHttpService.handle
> Request(AxisHttpService.java:184)
> [java] at
> org.apache.axis2.transport.http.server.HttpServiceProcessor.r
> un(HttpServiceProcessor.java :74)
> [java] at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExec
> utor$Worker.runTask(ThreadPoolExecutor.java:665)
> [java] at
> edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExec
> utor$Worker.run(ThreadPoolExecutor.java:690)
> [java] at java.lang.Thread.run(Thread.java:797)
>
>
> client log
>
>
> C:\Development\axis\rampart-1.2\samples\policy>ant client.02
> Buildfile: build.xml
>
> check.dependency:
>
> client.02:
> [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\client_repositories\sample02\modules
> [copy] Copying 1 file to C:\Development\axis\rampart-
> 1.2\samples\policy\bui
> ld\client_repositories\sample02\modules
> [copy] Copying 1 file to
> C:\Development\axis\rampart-1.2\samples\policy\bui
> ld\temp_client
> [copy] Copying 1 file to C:\Development\axis\rampart-
> 1.2\samples\policy\bui
> ld\temp_client
> [java] Aug 9, 2007 2:17:37 PM
> org.apache.axis2.deployment.DeploymentEngine
> prepareRepository
> [java] INFO: No services directory was found under
> C:\Development\axis\ramp
> art-1.2\samples\policy\build\client_repositories\sample02.
> [java] Aug 9, 2007 2:17:37 PM
> org.apache.axis2.deployment.ModuleDeployer de
> ploy
> [java] INFO: Deploying module: addressing-1.2
> [java] Aug 9, 2007 2:17:39 PM
> org.apache.axis2.deployment.ModuleDeployer de
> ploy
> [java] INFO: Deploying module: rampart-1.2
> [java] Exception in thread "main" org.apache.axis2.AxisFault: The
> signature
> verification failed (The provided certificate is invalid)
> [java] at
> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext
> (Utils.java:434)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.send(Ou
> tInAxisOperation.java:373)
> [java] at
> org.apache.axis2.description.OutInAxisOperationClient.execute
> (OutInAxisOperation.java:294)
> [java] at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClie
> nt.java:520)
> [java] at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClie
> nt.java:500)
> [java] at
> org.apache.rampart.samples.policy.sample02.Client.main(Unknow
> n Source)
> [java] Java Result: 1
>
> BUILD SUCCESSFUL
> Total time: 8 seconds
> C:\Development\axis\rampart-1.2\samples\policy>
>
> Thanks,
> Pavan
>
>
> On 8/7/07, Ford, Jennifer M. <JE...@southernco.com> wrote:
> > I have spent the last couple days trying to add Rampart to an existing
> > web service with Policy/Sample02 as a model. I feel like I'm close, but
> > I can't seem to get past the most recent error:
> >
> > 2007-08-07 16:43:12,066 DEBUG
> > org.apache.axis2.transport.http.AxisServlet -
> > org.apache.axis2.AxisFault: Must Understand check failed for header
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> > t-1.0.xsd : Security
> >
> > Perhaps a stupid question, but what does the Must Understand check do
> > exactly? And, more importantly, what might cause this problem?
> >
> > Thanks,
> > Jennifer
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
--
www.ruchith.org
www.wso2.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: Rampart error with MustUnderstand
Posted by Pavan Madiraju <ma...@gmail.com>.
I am trying to get samples\policy\sample2 working but getting the following
error. Is anyone able to get the sample2 working ?
Error:
[java] org.apache.ws.security.WSSecurityException: The signature
verification failed (The provided certificate is invalid).
I am using the service.jks and client.jks that is shipped with the samples.
Here is the whole error log
Service log
C:\Development\axis\rampart-1.2\samples\policy>ant service.02
Buildfile: build.xml
check.dependency:
service.02:
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\service_repositories\sample02\modules
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\service_repositories\sample02\modules
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\service_repositories\sample02\modules
[mkdir] Created dir: C:\Development\axis\rampart-
1.2\samples\policy\build\te
mp
[mkdir] Created dir: C:\Development\axis\rampart-
1.2\samples\policy\build\te
mp\META-INF
[javac] Compiling 2 source files to C:\Development\axis\rampart-
1.2\samples\
policy\build\temp
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\temp\META-INF
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\temp
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\temp
[jar] Building jar: C:\Development\axis\rampart-
1.2\samples\policy\build\s
ervice_repositories\sample02\services\sample02.aar
[delete] Deleting directory C:\Development\axis\rampart-
1.2\samples\policy\bu
ild\temp
[java] [SimpleHTTPServer] Starting
[java] [SimpleHTTPServer] Using the Axis2 Repository
C:\Development\axis\ra
mpart-1.2\samples\policy\build\service_repositories\sample02
[java] [SimpleHTTPServer] Listening on port 8080
[java] Aug 9, 2007 2:17:27 PM
org.apache.axis2.deployment.ModuleDeployer de
ploy
[java] INFO: Deploying module: addressing-1.2
[java] Aug 9, 2007 2:17:28 PM
org.apache.axis2.deployment.ModuleDeployer de
ploy
[java] INFO: Deploying module: rahas-1.2
[java] Aug 9, 2007 2:17:29 PM
org.apache.axis2.deployment.ModuleDeployer de
ploy
[java] INFO: Deploying module: rampart-1.2
[java] Aug 9, 2007 2:17:29 PM
org.apache.axis2.deployment.ServiceDeployer d
eploy
[java] INFO: Deploying Web service: sample02.aar
[java] [SimpleHTTPServer] Started
[java] Aug 9, 2007 2:17:29 PM
org.apache.axis2.transport.http.server.Defaul
tConnectionListener run
[java] INFO: Listening on port 8080
[java] org.apache.ws.security.WSSecurityException: The signature
verificati
on failed (The provided certificate is invalid)
[java] at
org.apache.ws.security.processor.SignatureProcessor.verifyXML
Signature(SignatureProcessor.java:259)
[java] at
org.apache.ws.security.processor.SignatureProcessor.handleTok
en(SignatureProcessor.java:80)
[java] at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader
(WSSecurityEngine.java:279)
[java] at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader
(WSSecurityEngine.java:201)
[java] at org.apache.rampart.RampartEngine.process(
RampartEngine.java:7
1)
[java] at org.apache.rampart.handler.RampartReceiver.invoke
(RampartRece
iver.java:71)
[java] at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
[java] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java
:203
)
[java] at org.apache.axis2.engine.AxisEngine.receive(
AxisEngine.java:13
1)
[java] at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTT
PPostRequest(HTTPTransportUtils.java:279)
[java] at org.apache.axis2.transport.http.HTTPWorker.service
(HTTPWorker
.java:216)
[java] at
org.apache.axis2.transport.http.server.AxisHttpService.doServ
ice(AxisHttpService.java:275)
[java] at
org.apache.axis2.transport.http.server.AxisHttpService.handle
Request(AxisHttpService.java:184)
[java] at
org.apache.axis2.transport.http.server.HttpServiceProcessor.r
un(HttpServiceProcessor.java:74)
[java] at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExec
utor$Worker.runTask(ThreadPoolExecutor.java:665)
[java] at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExec
utor$Worker.run(ThreadPoolExecutor.java:690)
[java] at java.lang.Thread.run(Thread.java:797)
client log
C:\Development\axis\rampart-1.2\samples\policy>ant client.02
Buildfile: build.xml
check.dependency:
client.02:
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\client_repositories\sample02\modules
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\client_repositories\sample02\modules
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\temp_client
[copy] Copying 1 file to C:\Development\axis\rampart-
1.2\samples\policy\bui
ld\temp_client
[java] Aug 9, 2007 2:17:37 PM
org.apache.axis2.deployment.DeploymentEngine
prepareRepository
[java] INFO: No services directory was found under
C:\Development\axis\ramp
art-1.2\samples\policy\build\client_repositories\sample02.
[java] Aug 9, 2007 2:17:37 PM
org.apache.axis2.deployment.ModuleDeployer de
ploy
[java] INFO: Deploying module: addressing-1.2
[java] Aug 9, 2007 2:17:39 PM
org.apache.axis2.deployment.ModuleDeployer de
ploy
[java] INFO: Deploying module: rampart-1.2
[java] Exception in thread "main" org.apache.axis2.AxisFault: The
signature
verification failed (The provided certificate is invalid)
[java] at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext
(Utils.java:434)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.send(Ou
tInAxisOperation.java:373)
[java] at
org.apache.axis2.description.OutInAxisOperationClient.execute
(OutInAxisOperation.java:294)
[java] at org.apache.axis2.client.ServiceClient.sendReceive
(ServiceClie
nt.java:520)
[java] at org.apache.axis2.client.ServiceClient.sendReceive
(ServiceClie
nt.java:500)
[java] at org.apache.rampart.samples.policy.sample02.Client.main
(Unknow
n Source)
[java] Java Result: 1
BUILD SUCCESSFUL
Total time: 8 seconds
C:\Development\axis\rampart-1.2\samples\policy>
Thanks,
Pavan
On 8/7/07, Ford, Jennifer M. <JE...@southernco.com> wrote:
> I have spent the last couple days trying to add Rampart to an existing
> web service with Policy/Sample02 as a model. I feel like I'm close, but
> I can't seem to get past the most recent error:
>
> 2007-08-07 16:43:12,066 DEBUG
> org.apache.axis2.transport.http.AxisServlet -
> org.apache.axis2.AxisFault: Must Understand check failed for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
> t-1.0.xsd : Security
>
> Perhaps a stupid question, but what does the Must Understand check do
> exactly? And, more importantly, what might cause this problem?
>
> Thanks,
> Jennifer
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
RE: Rampart error with MustUnderstand
Posted by "Ford, Jennifer M." <JE...@SOUTHERNCO.COM>.
And, in case more details would help, below the packet stream from
Wireshark. I've also attached the policy.xml and server.xml files in
case that helps. The stub that is creating the envelope was
autogenerated using WSDL2Java with Axis2 1.2. The only modification I
made is in the constructor:
public
CoolComplianceAdminServicesStub(org.apache.axis2.context.ConfigurationCo
ntext configurationContext,
java.lang.String targetEndpoint)
throws org.apache.axis2.AxisFault {
//To populate AxisService
populateAxisService();
populateFaults();
_serviceClient = new org.apache.axis2.client.ServiceClient(
//configurationContext,
ConfigurationContextFactory.createConfigurationContextFromFileSystem("C:
\\", "C:\\axis2-1.2\\conf\\axis2.xml"),
_service);
_serviceClient.engageModule("addressing");
_serviceClient.engageModule("rampart");
//Creating the object
Policy clientPolicy=null;
try {
StAXOMBuilder builder = new
StAXOMBuilder("C:\\policy.xml");
clientPolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
} catch (Exception e) {
System.out.println("Couldn't load policy file");
}
//setting the object
_serviceClient.getServiceContext().setProperty(RampartMessageData.KEY_RA
MPART_POLICY, clientPolicy);
configurationContext =
_serviceClient.getServiceContext().getConfigurationContext();
_serviceClient.getOptions().setTo(new
org.apache.axis2.addressing.EndpointReference(
targetEndpoint));
}
POST /axis2/services/CoolComplianceAdminServices HTTP/1.1
Content-Type: text/xml;
charset=UTF-8
SOAPAction: "urn:PerformUserTrueUp"
User-Agent: Axis2
Host: jmfws:8080
Content-Length: 5560
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Heade
r>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
wsu:Id="Timestamp-6588728"><wsu:Created>2007-08-07T23:12:43.867Z</wsu:Cr
eated><wsu:Expires>2007-08-07T23:17:43.867Z</wsu:Expires></wsu:Timestamp
><wsse:BinarySecurityToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so
ap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3"
wsu:Id="CertId-59515089">MIIHEDCCBfigAwIBAgIKGg7WNAAAAAAADjANBgkqhkiG9w0
BAQUFADBoMRMwEQYKCZImiZPyLGQBGRYDY29tMRQwEgYKCZImiZPyLGQBGRYEZW1zczEXMBU
GCgmSJomT8ixkARkWB3dpbmRvd3MxIjAgBgNVBAMTGUVNUyBDZXJ0aWZpY2F0ZSBBdXRob3J
pdHkwHhcNMDcwODAzMTkwNzI3WhcNMDgwODAyMTkwNzI3WjBsMRMwEQYKCZImiZPyLGQBGRY
DY29tMRQwEgYKCZImiZPyLGQBGRYEZW1zczEXMBUGCgmSJomT8ixkARkWB3dpbmRvd3MxDjA
MBgNVBAMTBVVzZXJzMRYwFAYDVQQDEw1BZG1pbmlzdHJhdG9yMIIBIjANBgkqhkiG9w0BAQE
FAAOCAQ8AMIIBCgKCAQEA2x+9hVjbjuJMaPob6XtgTUY3aEMhCBbb6szw9yRrFuWpotQQ4zF
kwRGgWe/SNWPizj5Qo2NKj9sEb+0MIRB5FOQFZ0GCd0ca09z9EQF22UL4dy4ybQdusN4ps4p
6eResQMgk36MCDDGN9neyzw6+dF9CSCd8QKSiooPEPYBnpIxvp9+ohUyNyq5vEpAslvHp0i9
F4Vy9NLo/0y1zUDBIMCr8yE7/Dzjp0tRCZ98gwBqR+8VLshdoNY4Wo+bS1En7i8GdAA+bZvV
CRijr0+XhP2mry0t0LxIqhfCBgKjEC1kyQl0TPxIL/hGqJAYEh5l9HEu6KIeF9OMcUTarfUc
uCwIDAQABo4IDtjCCA7IwHQYDVR0OBBYEFJXnVtWuS9WtZbF6y8V/RIsO7MIAMB8GA1UdIwQ
YMBaAFEbb+hdq2j2C5Fvf+xA1o0/yBZR7MIIBOgYDVR0fBIIBMTCCAS0wggEpoIIBJaCCASG
Ggc5sZGFwOi8vL0NOPUVNUyUyMENlcnRpZmljYXRlJTIwQXV0aG9yaXR5LENOPUJITU1DQTA
xUCxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29
uZmlndXJhdGlvbixEQz13aW5kb3dzLERDPWVtc3MsREM9Y29tP2NlcnRpZmljYXRlUmV2b2N
hdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIZOaHR0cDo
vL2JobW1jYTAxcC53aW5kb3dzLmVtc3MuY29tL0NlcnRFbnJvbGwvRU1TJTIwQ2VydGlmaWN
hdGUlMjBBdXRob3JpdHkuY3JsMIIBUAYIKwYBBQUHAQEEggFCMIIBPjCBxAYIKwYBBQUHMAK
GgbdsZGFwOi8vL0NOPUVNUyUyMENlcnRpZmljYXRlJTIwQXV0aG9yaXR5LENOPUFJQSxDTj1
QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLER
DPXdpbmRvd3MsREM9ZW1zcyxEQz1jb20/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXN
zPWNlcnRpZmljYXRpb25BdXRob3JpdHkwdQYIKwYBBQUHMAKGaWh0dHA6Ly9iaG1tY2EwMXA
ud2luZG93cy5lbXNzLmNvbS9DZXJ0RW5yb2xsL0JITU1DQTAxUC53aW5kb3dzLmVtc3MuY29
tX0VNUyUyMENlcnRpZmljYXRlJTIwQXV0aG9yaXR5LmNydDAXBgkrBgEEAYI3FAIECh4IAFU
AcwBlAHIwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBaAwKQYDVR0lBCIwIAYKKwYBBAGCNwo
DBAYIKwYBBQUHAwQGCCsGAQUFBwMCMDkGA1UdEQQyMDCgLgYKKwYBBAGCNxQCA6AgDB5BZG1
pbmlzdHJhdG9yQHdpbmRvd3MuZW1zcy5jb20wRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0
DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMA0GCSqGSIb3DQE
BBQUAA4IBAQAqzf+ziXj3l81khY+0QZbDTHoGIJ0f0TEhOmhcZ99eG1XeKLTJmdW2eKxOhfR
3IeuAusMr1tAGTUh2xedu+b8vupAObGTykjt6vKCoHJ1ecX/b50QQ2m8BwyNUiQbJwc4gofA
OsapY5IlGM9zJq/ZIsciFblN/AncPO0NTtuBtSFiiCUkyGTOs6Z+aK9LD7Iln8fzjsTVvzhD
vjhHCnstbSWZmSTpN5VsnTRRg94aVqkdX+7LZnss7rL52dT/nVrij6L4UKE/YUKxGm257XWR
ig3aMBDaqhLK0pUZJTIzK8OWYhdgXsV/gsU6epO87PlZTAySAQPd62nfQwIOlUaBI</wsse:
BinarySecurityToken><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-33333128">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#Id-7126735">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ZZhHvgkq99OD5xDzk2H/767+vjI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-6588728">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>zkhtM1E3XnL8TTZCJK+bF5qatKI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
dWeoIqZBdB5nog28sr8SGa0No9FuweBBwXu4G0oKMYwXiv7rcs9wWJmqAsJiyWH2jKrHSEf4
abGb
8zHN63n5Cnyx4Quve/gztqeW9CFvTk06eb5IEa7bmpnFCI6VOFeT1k+q+tfidwEhseTPhrlW
mFM7
LXbeLycX/LSAtBMoYXkEPDv3QzH5cbMZlTFtDDhY1juN7/SHL6Xn3tuM/eUWD9FVmvzy7xdN
/08g
iqgvagIP0WTyW+aqflvVp3vAJ1a16x/XiymwZMZosoIY0Ct39C4t+nl2HmRvBv5UkIs2u9RK
GNOY
gxeRT+H0w00yFJkTgJAQCGtBY1dYKLkW4PCBCg==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-5099540">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd" wsu:Id="STRId-9958945"><wsse:Reference
URI="#CertId-59515089"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-
token-profile-1.0#X509v3" /></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security><wsa:To>http://jmfws:8080/axis2/services/
CoolComplianceAdminServices</wsa:To><wsa:MessageID>urn:uuid:92C360C37723
F21FD41186528363966</wsa:MessageID><wsa:Action>urn:PerformUserTrueUp</ws
a:Action></soapenv:Header><soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
urity-utility-1.0.xsd" wsu:Id="Id-7126735"><ns1:PerformUserTrueUp
xmlns:ns1="http://CoolComply-ws.southerncompany.com/"><entityName
xmlns="http://CoolComply-ws.southerncompany.com/">TBS</entityName></ns1:
PerformUserTrueUp></soapenv:Body></soapenv:Envelope>
HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=UTF-8 Transfer-Encoding: chunked Date:
Tue, 07 Aug 2007 23:12:44 GMT Connection: close 278 <?xml version='1.0'
encoding='UTF-8'?><soapenv:Envelope
xmlns:wsa="http://www.w3.org/2005/08/addressing"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Heade
r><wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Actio
n><wsa:RelatesTo>urn:uuid:92C360C37723F21FD41186528363966</wsa:RelatesTo
></soapenv:Header><soapenv:Body><soapenv:Fault><faultcode>soapenv:MustUn
derstand</faultcode><faultstring>Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
t-1.0.xsd : Security</faultstring><detail
/></soapenv:Fault></soapenv:Body></soapenv:Envelope> 0
-----Original Message-----
From: Ford, Jennifer M.
Sent: Tuesday, August 07, 2007 5:17 PM
To: axis-user@ws.apache.org
Subject: Rampart error with MustUnderstand
I have spent the last couple days trying to add Rampart to an existing
web service with Policy/Sample02 as a model. I feel like I'm close, but
I can't seem to get past the most recent error:
2007-08-07 16:43:12,066 DEBUG
org.apache.axis2.transport.http.AxisServlet -
org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
t-1.0.xsd : Security
Perhaps a stupid question, but what does the Must Understand check do
exactly? And, more importantly, what might cause this problem?
Thanks,
Jennifer
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Rampart error with MustUnderstand
Posted by "Ford, Jennifer M." <JE...@SOUTHERNCO.COM>.
I have spent the last couple days trying to add Rampart to an existing
web service with Policy/Sample02 as a model. I feel like I'm close, but
I can't seem to get past the most recent error:
2007-08-07 16:43:12,066 DEBUG
org.apache.axis2.transport.http.AxisServlet -
org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex
t-1.0.xsd : Security
Perhaps a stupid question, but what does the Must Understand check do
exactly? And, more importantly, what might cause this problem?
Thanks,
Jennifer
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org