You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by Erhard Siegl <Er...@at.unisys.com> on 2010/01/11 11:23:40 UTC
Problems with servicemix-camel (faults and security)
Hi,
Recently I bumped into a few problems in servicemix-camel in connection with
fault-handling and security together with ServiceMix 3.2.2 and 3.3. They
are:
1) Setting fault, but message is not a fault
2) NullPointerException in SoapWriter.java:339
3) User not authenticated
Problem 1 occurs only in 3.2.2, problems 2 and 3 occur in both versions.
We use ServiceMix to route a simple webservice: Webservice
Client->servicemix-http(Consumer)-> servicemix-camel(Routing)->
servicemix-http(Provider)->External Webservice
The Camel-route is very simple:
public void configure() {
from("jbi:endpoint:http://cxf.nova.vaeb.at/NovaService/RouteEndpoint")
.to("jbi:service:http://cxf.nova.vaeb.at/NovaServiceDao");
}
Problem 1: Setting fault, but message is not a fault
When the external webservice sents a fault-message, ServiceMix respondes
with an exception:
java.lang.RuntimeException: javax.jbi.messaging.MessagingException: Setting
fault, but message is not a fault
at
org.apache.servicemix.camel.JbiExchange.createMessage(JbiExchange.java:167)
at
org.apache.servicemix.camel.JbiExchange.createFaultMessage(JbiExchange.java:154)
at
org.apache.servicemix.camel.JbiExchange.createFaultMessage(JbiExchange.java:35)
This seems to be
http://cwiki.apache.org/SM/discussion-forums.html#nabble-td19590901 SM-1589
, which apearently is not (completely) fixed. However in ServiceMix 3.3. I
couldn’t reproduce it.
Problem 2: NullPointerException in SoapWriter.java:339
When the external webservice sents a fault-message in the form:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>Wrong input data: 1111111111</faultstring>
<detail>
<ns1:NovaServiceException
xmlns:ns1="http://cxf.nova.vaeb.at/"></ns1:NovaServiceException>
</detail>
</soap:Fault>
</soap:Body>
</soap:Envelope>
Servicemix throws a NullPointerException:
java.lang.NullPointerException
at
org.apache.servicemix.soap.marshalers.SoapWriter.writeDetails(SoapWriter.java:339)
at
org.apache.servicemix.soap.marshalers.SoapWriter.writeSoap12Fault(SoapWriter.java:328)
at
org.apache.servicemix.soap.marshalers.SoapWriter.writeFault(SoapWriter.java:228)
at
org.apache.servicemix.soap.marshalers.SoapWriter.writeSoapEnvelope(SoapWriter.java:209)
at
org.apache.servicemix.soap.marshalers.SoapWriter.writeSimpleMessage(SoapWriter.java:113)
at
org.apache.servicemix.soap.marshalers.SoapWriter.write(SoapWriter.java:92)
at
org.apache.servicemix.http.processors.ConsumerProcessor.sendFault(ConsumerProcessor.java:308)
…
Looking at SoapWriter.java:
private void writeDetails(XMLStreamWriter writer, Source details) throws
ParserConfigurationException, IOException, SAXException,
TransformerException, XMLStreamException {
SourceTransformer st = new SourceTransformer();
DOMSource domDetails = st.toDOMSource(details);
Node detailsNode = domDetails.getNode().getFirstChild();
339 --> if (
SoapMarshaler.MULTIPLE_DETAILS_NODE_WRAPPER.equals(detailsNode.getNodeName())
) {
NodeList children = detailsNode.getChildNodes();
…
Since the detail (ns1:NovaServiceException) is empty, detailsNode is
probably NULL, which causes the exception. Removing the detail or providing
a value solves the issue.
I don’t know wether this form of fault-message is valid, but it would be
nice if ServiceMix could cope with it.
Problem 2: User not authenticated
When we secure the services with <sm:authorizationEntry service="*:*"
roles="admin" />, we get a “java.lang.SecurityException: User not
authenticated” fom the provider-component(!), not from the
consumer-component. This doesn’t occur, if we remove the camel-component and
route directly between consumer und provider. In the logfile we see:
It starts with:
Content-Type: application/soap+xml;charset=UTF-8
User-Agent: Jakarta Commons-HttpClient/3.1
Host: bvalx01d:7196
Content-Length: 283
Authorization: Basic c214OnNteA==
DEBUG - HttpComponent - Created correlation id:
ID:10.163.32.85-1261cc038d6-9:2
DEBUG - DeliveryChannelImpl - Send
ID:10.163.32.85-1261cc038d6-9:2 in DeliveryChannel{servicemix-http}
DEBUG - SecuredBroker - send exchange with secure broker
DEBUG - SecuredBroker - service name
:{http://cxf.nova.vaeb.at}NovaService
DEBUG - SecuredBroker - operation name
:{http://cxf.nova.vaeb.at/}pruefen
DEBUG - SecuredBroker - authorization for Subject:
Principal: smx
Principal: admin
So the authentication works.
DEBUG - SedaFlow - Called Flow send
DEBUG - ConsumerProcessor - Suspending continuation for
exchange: ID:10.163.32.85-1261cc038d6-9:2
DEBUG - SedaQueue -
org.apache.servicemix.jbi.nmr.flow.seda.SedaQueue$1@39df3255 dequeued
exchange: InOut[
id: ID:10.163.32.85-1261cc038d6-9:2
status: Active
role: provider
service: {http://cxf.nova.vaeb.at}NovaService
endpoint: RouteEndpoint
operation: {http://cxf.nova.vaeb.at/}pruefen
in: <?xml version="1.0" encoding="UTF-8"?><cxf:pruefen
xmlns:cxf="http://cxf.nova.vaeb.at/"
xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<input>
<svnr>1111111111</svnr>
</input>
</cxf:pruefen>
]
DEBUG - CamelJbiComponent - Received exchange: status: Active,
role: provider
DEBUG - CamelJbiComponent - Retrieved correlation id:
ID:10.163.32.85-1261cc038d6-9:2
DEBUG - CamelJbiComponent - Received exchange: InOut[
id: ID:10.163.32.85-1261cc038d6-9:2
status: Active
role: provider
service: {http://cxf.nova.vaeb.at}NovaService
endpoint: RouteEndpoint
operation: {http://cxf.nova.vaeb.at/}pruefen
in: <?xml version="1.0" encoding="UTF-8"?><cxf:pruefen
xmlns:cxf="http://cxf.nova.vaeb.at/"
xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<input>
<svnr>1111111111</svnr>
</input>
</cxf:pruefen>
]
DEBUG - CamelJbiComponent - Correlation id retrieved from
ThreadLocal: ID:10.163.32.85-1261cc038d6-9:2
DEBUG - DeliveryChannelImpl - Send
ID:10.163.32.85-1261cc038d6-2:2 in DeliveryChannel{servicemix-camel}
DEBUG - SecuredBroker - send exchange with secure broker
DEBUG - SecuredBroker - service name
:{http://cxf.nova.vaeb.at}NovaServiceDao
DEBUG - SecuredBroker - operation name
:{http://cxf.nova.vaeb.at/}pruefen
ERROR - CamelJbiComponent - Error processing exchange InOut[
id: ID:10.163.32.85-1261cc038d6-9:2
status: Active
role: provider
service: {http://cxf.nova.vaeb.at}NovaService
endpoint: RouteEndpoint
operation: {http://cxf.nova.vaeb.at/}pruefen
in: <?xml version="1.0" encoding="UTF-8"?><cxf:pruefen
xmlns:cxf="http://cxf.nova.vaeb.at/"
xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<input>
<svnr>1111111111</svnr>
</input>
</cxf:pruefen>
]
java.lang.SecurityException: User not authenticated
at
org.apache.servicemix.jbi.security.SecuredBroker.sendExchangePacket(SecuredBroker.java:78)
at
org.apache.servicemix.jbi.container.JBIContainer.sendExchange(JBIContainer.java:894)
at
org.apache.servicemix.jbi.messaging.DeliveryChannelImpl.doSend(DeliveryChannelImpl.java:395)
Looking at SecuredBroker.java:78
LOG.debug("service name :" + se.getServiceName());
LOG.debug("operation name :" + me.getOperation());
Set<Principal> acls = authorizationMap.getAcls(se,
me.getOperation());
if (!acls.contains(GroupPrincipal.ANY)) {
Subject subject =
exchange.getMessage("in").getSecuritySubject();
if (subject == null) {
throw new SecurityException("User not
authenticated");
}
LOG.debug("authorization for " + subject);
acls.retainAll(subject.getPrincipals());
if (acls.size() == 0) {
throw new SecurityException("Endpoint is not
authorized for this user");
}
}
It seems, that the message looses the Subject somewhere?
Greetings,
Erhard
--
View this message in context: http://old.nabble.com/Problems-with-servicemix-camel-%28faults-and-security%29-tp27108381p27108381.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.