You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Asankha C. Perera (JIRA)" <ji...@apache.org> on 2007/09/27 10:42:51 UTC
[jira] Created: (RAMPART-90) Rampart must respond using the
applicable WS-Policy even when returning a fault
Rampart must respond using the applicable WS-Policy even when returning a fault
-------------------------------------------------------------------------------
Key: RAMPART-90
URL: https://issues.apache.org/jira/browse/RAMPART-90
Project: Rampart
Issue Type: Bug
Components: rampart-core
Affects Versions: 1.3
Reporter: Asankha C. Perera
Ref: http://mail-archives.apache.org/mod_mbox/ws-synapse-dev/200709.mbox/%3c12889206.post@talk.nabble.com%3e
When the CallbackHandler fails, the response to a timestamped request is inconsistent:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>The security token could not be authenticated or
authorized</faultstring>
<detail/>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-90) Rampart must respond using the
applicable WS-Policy even when returning a fault
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-90?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya updated RAMPART-90:
----------------------------------------------
Fix Version/s: 1.4
Set Fix version to 1.4.
> Rampart must respond using the applicable WS-Policy even when returning a fault
> -------------------------------------------------------------------------------
>
> Key: RAMPART-90
> URL: https://issues.apache.org/jira/browse/RAMPART-90
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Asankha C. Perera
> Assignee: Nandana Mihindukulasooriya
> Fix For: 1.4
>
>
> Ref: http://mail-archives.apache.org/mod_mbox/ws-synapse-dev/200709.mbox/%3c12889206.post@talk.nabble.com%3e
> When the CallbackHandler fails, the response to a timestamped request is inconsistent:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Body>
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring>The security token could not be authenticated or
> authorized</faultstring>
> <detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPART-90) Rampart must respond using the
applicable WS-Policy even when returning a fault
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-90?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-90.
-----------------------------------------------
Resolution: Fixed
Fixed in revision 610736. We have to add the security phase to in the axis2.xml to use Rampart from now on. Will include a note about this in the READ_ME file.
> Rampart must respond using the applicable WS-Policy even when returning a fault
> -------------------------------------------------------------------------------
>
> Key: RAMPART-90
> URL: https://issues.apache.org/jira/browse/RAMPART-90
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Asankha C. Perera
> Assignee: Nandana Mihindukulasooriya
>
> Ref: http://mail-archives.apache.org/mod_mbox/ws-synapse-dev/200709.mbox/%3c12889206.post@talk.nabble.com%3e
> When the CallbackHandler fails, the response to a timestamped request is inconsistent:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Body>
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring>The security token could not be authenticated or
> authorized</faultstring>
> <detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (RAMPART-90) Rampart must respond using the
applicable WS-Policy even when returning a fault
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-90?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-90:
-------------------------------------------------
Assignee: Nandana Mihindukulasooriya
> Rampart must respond using the applicable WS-Policy even when returning a fault
> -------------------------------------------------------------------------------
>
> Key: RAMPART-90
> URL: https://issues.apache.org/jira/browse/RAMPART-90
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Asankha C. Perera
> Assignee: Nandana Mihindukulasooriya
>
> Ref: http://mail-archives.apache.org/mod_mbox/ws-synapse-dev/200709.mbox/%3c12889206.post@talk.nabble.com%3e
> When the CallbackHandler fails, the response to a timestamped request is inconsistent:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Body>
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring>The security token could not be authenticated or
> authorized</faultstring>
> <detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-90) Rampart must respond using the
applicable WS-Policy even when returning a fault
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-90?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12549418 ]
Nandana Mihindukulasooriya commented on RAMPART-90:
---------------------------------------------------
This is because rampart currently doesn't secure the messages coming through OutFaultFlow and InFaultFlow. Currently axis2 doesn't have a security phase in the OutFaultFlow. Security Phase has to introduced in to <phaseOrder type="OutFaultFlow">. Rampart handlers have to registered in the InFaultFlow and OutFaultFlow.
Proposed Fix :
Service level errors will be secured using the effective policy of the message ( in the OutFaultFlow ) and will be validated for effective policy in the ( in the InFaultFlow ).
Protocol errors ( errors while processing the security header ) will not be secured using the security policy and not validated in the client side.
How security is validated in the InFaultFlow
Fault messages will be checked for security fault codes ( Errors while processing security header should be reported with correct fault codes as defined in the WSS 1.0 sections 6, Error Handling , we currently doesn't report security errors using these fault codes).
If a security fault code is not found in the fault message, it is assumed that it is a service level error and validated for effective service policy.
> Rampart must respond using the applicable WS-Policy even when returning a fault
> -------------------------------------------------------------------------------
>
> Key: RAMPART-90
> URL: https://issues.apache.org/jira/browse/RAMPART-90
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.3
> Reporter: Asankha C. Perera
>
> Ref: http://mail-archives.apache.org/mod_mbox/ws-synapse-dev/200709.mbox/%3c12889206.post@talk.nabble.com%3e
> When the CallbackHandler fails, the response to a timestamped request is inconsistent:
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Body>
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring>The security token could not be authenticated or
> authorized</faultstring>
> <detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.