You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Amila Jayasekara (JIRA)" <ji...@apache.org> on 2010/07/27 06:20:16 UTC
[jira] Created: (RAMPART-304) Secure Tokens not replicated among
axis2 cluster nodes
Secure Tokens not replicated among axis2 cluster nodes
------------------------------------------------------
Key: RAMPART-304
URL: https://issues.apache.org/jira/browse/RAMPART-304
Project: Rampart
Issue Type: Bug
Components: rampart-core
Environment: Ubuntu - unix, Java 1.6, Axis2 trunk version, clustered environment
Reporter: Amila Jayasekara
Assignee: Ruchith Udayanga Fernando
Trying to implement WS-SecureConversation in a clustered environment. WS-SecureConversation functions as expected in a un-clustered environment. But when clustering is turned on among 2 nodes, only one node will response correctly. When a request is routed to second node it fails with following exception, State persisting ability is turned on within the cluster.
[2010-07-16 20:36:39,319] ERROR - AxisEngine The signature or decryption was invalid (Unsupported key identification)
org.apache.axis2.AxisFault: The signature or decryption was invalid (Unsupported key identification)
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:403)
at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:259)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid (Unsupported key identification)
at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:332)
at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:160)
at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:111)
at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:74)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:145)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 10 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-304) Secure Tokens not replicated among
axis2 cluster nodes
Posted by "Amila Jayasekara (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12892640#action_12892640 ]
Amila Jayasekara commented on RAMPART-304:
------------------------------------------
Cause for above issue is that tokens are not distributed among nodes. Though this functionality is implemented due to 2 reasons tokens are not replicating among nodes.
Those reasons are as follows,
1. Even though rampart engine stores TokenStore in configuration context when a request comes it try to retrieve from message context. (If state persisting is enabled within clustered nodes, only configuration context and service context will get replicated. Message contexts are not replicated among nodes.)
2. The default Token store class is not made serializable. (If a object is not serializable axis engine will silently ignore replicating object among nodes.)
Once above 2 issues were fixed secure conversation was working as expected in a clustered environment.
Thankx
AmilaJ
> Secure Tokens not replicated among axis2 cluster nodes
> ------------------------------------------------------
>
> Key: RAMPART-304
> URL: https://issues.apache.org/jira/browse/RAMPART-304
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Environment: Ubuntu - unix, Java 1.6, Axis2 trunk version, clustered environment
> Reporter: Amila Jayasekara
> Assignee: Ruchith Udayanga Fernando
>
> Trying to implement WS-SecureConversation in a clustered environment. WS-SecureConversation functions as expected in a un-clustered environment. But when clustering is turned on among 2 nodes, only one node will response correctly. When a request is routed to second node it fails with following exception, State persisting ability is turned on within the cluster.
> [2010-07-16 20:36:39,319] ERROR - AxisEngine The signature or decryption was invalid (Unsupported key identification)
> org.apache.axis2.AxisFault: The signature or decryption was invalid (Unsupported key identification)
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
> at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:403)
> at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:259)
> at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid (Unsupported key identification)
> at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:332)
> at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:160)
> at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:111)
> at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:74)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:145)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
> ... 10 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPART-304) Secure Tokens not replicated among
axis2 cluster nodes
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-304.
------------------------------------------------
Resolution: Fixed
Applied the patch in revision 998793. Thanks Amila.
> Secure Tokens not replicated among axis2 cluster nodes
> ------------------------------------------------------
>
> Key: RAMPART-304
> URL: https://issues.apache.org/jira/browse/RAMPART-304
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Environment: Ubuntu - unix, Java 1.6, Axis2 trunk version, clustered environment
> Reporter: Amila Jayasekara
> Assignee: Ruchith Udayanga Fernando
> Attachments: rampart-304.diff
>
>
> Trying to implement WS-SecureConversation in a clustered environment. WS-SecureConversation functions as expected in a un-clustered environment. But when clustering is turned on among 2 nodes, only one node will response correctly. When a request is routed to second node it fails with following exception, State persisting ability is turned on within the cluster.
> [2010-07-16 20:36:39,319] ERROR - AxisEngine The signature or decryption was invalid (Unsupported key identification)
> org.apache.axis2.AxisFault: The signature or decryption was invalid (Unsupported key identification)
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
> at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:403)
> at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:259)
> at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid (Unsupported key identification)
> at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:332)
> at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:160)
> at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:111)
> at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:74)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:145)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
> ... 10 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-304) Secure Tokens not replicated among
axis2 cluster nodes
Posted by "Amila Jayasekara (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Amila Jayasekara updated RAMPART-304:
-------------------------------------
Attachment: rampart-304.diff
A patch attached.
Thankx
AmilaJ
> Secure Tokens not replicated among axis2 cluster nodes
> ------------------------------------------------------
>
> Key: RAMPART-304
> URL: https://issues.apache.org/jira/browse/RAMPART-304
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Environment: Ubuntu - unix, Java 1.6, Axis2 trunk version, clustered environment
> Reporter: Amila Jayasekara
> Assignee: Ruchith Udayanga Fernando
> Attachments: rampart-304.diff
>
>
> Trying to implement WS-SecureConversation in a clustered environment. WS-SecureConversation functions as expected in a un-clustered environment. But when clustering is turned on among 2 nodes, only one node will response correctly. When a request is routed to second node it fails with following exception, State persisting ability is turned on within the cluster.
> [2010-07-16 20:36:39,319] ERROR - AxisEngine The signature or decryption was invalid (Unsupported key identification)
> org.apache.axis2.AxisFault: The signature or decryption was invalid (Unsupported key identification)
> at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:259)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:165)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
> at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:403)
> at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:259)
> at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:58)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid (Unsupported key identification)
> at org.apache.ws.security.processor.ReferenceListProcessor.getKeyFromSecurityTokenReference(ReferenceListProcessor.java:332)
> at org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:160)
> at org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:111)
> at org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:74)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:329)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:246)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:145)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
> ... 10 more
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.