You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by kalakhr <ka...@yahoo.com> on 2008/02/06 22:18:16 UTC
Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
Messages
Any luck with this issue? I just tried a client using Axis2-1.3 and rampart
from SVN trunk and the problem is still occuring. I can't get rampart to
handle valid fault messages from a service.
Response:
----------
<?xml version='1.0' encoding='utf-8'?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
s:mustUnderstand="1">
<u:Timestamp u:Id="_0">
<u:Created>2008-02-06T21:16:00.531Z</u:Created>
<u:Expires>2008-02-06T21:21:00.531Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<s:Fault>
<faultcode>FCode1</faultcode>
<faultstring xml:lang="en-US">
Unable to successfully complete requested action.
</faultstring>
<faultactor>Actor1</faultactor>
<detail>
<axis2ns1:MsgFault
xmlns:axis2ns1="http://abc.com/xyz/2006/xsd">
</axis2ns1:MsgFault>
</detail>
</s:Fault>
</s:Body>
</s:Envelope>
Stack Trace:
------------
org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
at
org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
Thanks,
Khaled
Ruchith Fernando wrote:
>
> Hi Tim,
>
> This is not fixed yet in the latest build ... Please keep an eye on
> the JIRA [1] we'll update it as soon as we fix it and the fix will be
> available in the latest build of the trunk.
>
> Thanks,
> Ruchith
>
> 1. https://issues.apache.org/jira/browse/RAMPART-90
>
> On 10/29/07, Tim Munro (myDIALS) <ti...@mydials.com> wrote:
>> Thanks for following up Ruchith, really appreciated. I look forward to
>> this
>> fix - will this appear in the latest builds, or will it only appear in
>> the
>> next "release" build.
>>
>> Best,
>> Tim.
>> -----Original Message-----
>> From: Ruchith Fernando [mailto:ruchith.fernando@gmail.com]
>> Sent: Monday, 29 October 2007 10:53 AM
>> To: axis-dev@ws.apache.org
>> Cc: tim.munro@mydials.com
>> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
>> Messages
>>
>> Hi,
>>
>> This is an issue in Rampart because it doesn't processes the security
>> header
>> of fault messages.
>>
>> https://issues.apache.org/jira/browse/RAMPART-90
>>
>> This will be fixed in the next release of Apache Rampart.
>>
>> Thanks,
>> Ruchith
>>
>> On 10/12/07, Tim Munro (myDIALS) <ti...@mydials.com> wrote:
>> > Hi All,
>> >
>> > I have developed an Axis2-1.3 client (with Rampart 1.3, using an
>> > xmlbeans
>> > proxy) that calls methods on a secured .NET web service service. I can
>> > successfully communicate with the .NET service, however when the .NET
>> > server returns a valid fault message the xmlbeans proxy client never
>> > receives the returned fault string; instead all the client receives is
>> > the following
>> > message:
>> > Must Understand check failed for header
>> >
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
>> > 0.xsd : Security
>> >
>> > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy
>> > received the correct/expected error string.
>> >
>> > So, for example, if I call a method on the .NET web service with an
>> > invalid parameter in the request document, the .NET web service
>> > returns an informative message containing details of the problem.
>> > Below is an example of the xml response message received from the .NET
>> > server, and to me it appears to be a valid response:
>> > <?xml version='1.0' encoding='utf-8'?> <s:Envelope
>> > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
>> > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
>> > urity-
>> > utility-1.0.xsd">
>> > <s:Header>
>> > <o:Security
>> > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
>> > urity-
>> > secext-1.0.xsd" s:mustUnderstand="1">
>> > <u:Timestamp u:Id="_0">
>> >
>> > <u:Created>2007-10-12T01:02:16.796Z</u:Created>
>> >
>> > <u:Expires>2007-10-12T01:07:16.796Z</u:Expires>
>> > </u:Timestamp>
>> > </o:Security>
>> > </s:Header>
>> > <s:Body>
>> > <s:Fault>
>> > <faultcode>s:UnexpectedFault</faultcode>
>> > <faultstring xml:lang="en-US">An unexpected
>> > error has occurred in the service.
>> > System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva
>> > lidReq
>> > uestFault]: The dimension member 'Midlands' was included in a
>> > dimension reference for the 'Products' dimension, but is not valid.
>> > (Fault Detail is equal to
>> MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring>
>> > </s:Fault>
>> > </s:Body>
>> > </s:Envelope>
>> >
>> > When I interact with this returned message (through the xmlbeans
>> > proxy), the error message I see is the "Must Understand check failed
>> for
>> header ..."
>> > rather than the value contained in the faultstring elemrnt of the
>> > returned document.
>> >
>> > The issue appears to be that the received message header contains a
>> > (valid) timestamp, as indicated above, however the Axis2 response
>> > handler never seems to to process this timestamp in the header,
>> > meaning that when the
>> > AxisEngine.checkMustUnderstand() performs the
>> > headerBlock.isProcessed() test, the result is false and so the "Must
>> understand check failed ..."
>> > exception is thrown and my xmlbeans proxy never sees the real
>> > faultstring message.
>> >
>> > I am struggling to understand what is going wrong here ... any
>> > guidance on what to fault-find next would be greatly appreciated as
>> > after a few days looking at this I am unsure if it is a problem in
>> > returned document, or my policy.xml.
>> >
>> > Thanks,
>> > Tim Munro
>> > ===================
>> >
>> > Below is my policy.xml document:
>> > <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly"
>> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
>> > ecurit y-utility-1.0.xsd"
>> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>> > <wsp:ExactlyOne>
>> > <wsp:All>
>> > <sp:TransportBinding
>> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > <wsp:Policy>
>> > <sp:TransportToken>
>> > <wsp:Policy>
>> > <sp:HttpsToken
>> > RequireClientCertificate="false"/>
>> > </wsp:Policy>
>> > </sp:TransportToken>
>> > <sp:AlgorithmSuite>
>> > <wsp:Policy>
>> > <sp:Basic256/>
>> > </wsp:Policy>
>> > </sp:AlgorithmSuite>
>> > <sp:Layout>
>> > <wsp:Policy>
>> > <sp:Lax/>
>> > </wsp:Policy>
>> > </sp:Layout>
>> > <sp:IncludeTimestamp/>
>> > </wsp:Policy>
>> > </sp:TransportBinding>
>> > <sp:EndorsingSupportingTokens
>> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > <wsp:Policy>
>> > <sp:X509Token
>> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
>> > Includ
>> > eToken/AlwaysToRecipient">
>> > <wsp:Policy>
>> >
>> > <sp:WssX509V3Token10/>
>> > </wsp:Policy>
>> > </sp:X509Token>
>> > </wsp:Policy>
>> > </sp:EndorsingSupportingTokens>
>> > <sp:Wss10
>> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> > <wsp:Policy>
>> >
>> <sp:MustSupportRefKeyIdentifier/>
>> >
>> <sp:MustSupportRefIssuerSerial/>
>> > </wsp:Policy>
>> > </sp:Wss10>
>> >
>> > <ramp:RampartConfig
>> > xmlns:ramp="http://ws.apache.org/rampart/policy">
>> >
>> > <ramp:timestampTTL>300</ramp:timestampTTL>
>> >
>> > <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew>
>> >
>> > <ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6
>> > e69109
>> > 3f9d</ramp:user>
>> > <!-- passwordCallbackClass is set in
>> > mydials config -->
>> > <!--
>> > <ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:pas
>> > swordC
>> > allbackClass> -->
>> >
>> > <ramp:signatureCrypto>
>> > <ramp:crypto
>> > provider="org.apache.ws.security.components.crypto.Merlin">
>> > <ramp:property
>> > name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp
>> > :prope
>> > rty>
>> > <ramp:property
>> > name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp
>> > :prope
>> > rty>
>> > <ramp:property
>> > name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:p
>> > ropert
>> > y>
>> > </ramp:crypto>
>> > </ramp:signatureCrypto>
>> > </ramp:RampartConfig>
>> >
>> > </wsp:All>
>> > </wsp:ExactlyOne>
>> > </wsp:Policy>
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> > For additional commands, e-mail: axis-dev-help@ws.apache.org
>> >
>> >
>>
>>
>> --
>> http://blog.ruchith.org
>> http://wso2.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-dev-help@ws.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-dev-help@ws.apache.org
>>
>>
>
>
> --
> http://blog.ruchith.org
> http://wso2.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned-Fault-Messages-tp13167907p15312797.html
Sent from the Axis - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
Messages
Posted by kalakhr <ka...@yahoo.com>.
Thank you for the responses, I just tried rampart-SNAPSHOT wih
axis2-SNAPSHOT and it works fine, I get back the exception expected from the
service.
Thanks,
Khaled
--
View this message in context: http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned-Fault-Messages-tp13167907p15359264.html
Sent from the Axis - Dev mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault Messages
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi,
You can download the latest build ( but this not a RC ) from
http://people.apache.org/~nandana/rampart/distribution/rampart-dist-SNAPSHOT-bin.zip
regards,
/nandana
On Feb 7, 2008 3:14 AM, <mg...@hotmail.com> wrote:
> zooming to the last entry for the bug:
> Jan 10 08 Fixed in revision 610736. We have to add the security phase to in
> the axis2.xml to use Rampart from now on. Will include a note about this in
> the READ_ME file.
>
> should be checked into trunk
> anyone to generate the RC and update the mirrors the last one I see is from
> sept 07?
> http://ftp.wayne.edu/apache/ws/rampart/1_3/
>
> Thanks
> M-
> ----- Original Message -----
> Wrom: EXCAXZOWCONEUQZAAFXISHJEXXIMQ
> To: <ax...@ws.apache.org>
> Sent: Wednesday, February 06, 2008 4:18 PM
> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
> Messages
>
>
> >
>
> > Any luck with this issue? I just tried a client using Axis2-1.3 and
> rampart
> > from SVN trunk and the problem is still occuring. I can't get rampart to
> > handle valid fault messages from a service.
> >
> > Response:
> > ----------
> > <?xml version='1.0' encoding='utf-8'?>
> > <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
> >
> >
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
> utility-1.0.xsd">
> > <s:Header>
> > <o:Security
> >
> >
> xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
> secext-1.0.xsd"
> > s:mustUnderstand="1">
> > <u:Timestamp u:Id="_0">
> > <u:Created>2008-02-06T21:16:00.531Z</u:Created>
> > <u:Expires>2008-02-06T21:21:00.531Z</u:Expires>
> > </u:Timestamp>
> > </o:Security>
> > </s:Header>
> > <s:Body>
> > <s:Fault>
> > <faultcode>FCode1</faultcode>
> > <faultstring xml:lang="en-US">
> > Unable to successfully complete requested action.
> > </faultstring>
> > <faultactor>Actor1</faultactor>
> > <detail>
> > <axis2ns1:MsgFault
> > xmlns:axis2ns1="http://abc.com/xyz/2006/xsd">
> > </axis2ns1:MsgFault>
> > </detail>
> > </s:Fault>
> > </s:Body>
> > </s:Envelope>
> >
> >
> > Stack Trace:
> > ------------
> > org.apache.axis2.AxisFault: Must Understand check failed for header
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
> 0.xsd
> > : Security
> > at
> > org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86)
> > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135)
> > at
> >
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAx
> isOperation.java:336)
> > at
> >
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio
> n.java:389)
> > at
> >
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisO
> peration.java:211)
> > at
> > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> >
> > Thanks,
> > Khaled
> >
> >
> > Ruchith Fernando wrote:
> > >
> > > Hi Tim,
> > >
> > > This is not fixed yet in the latest build ... Please keep an eye on
> > > the JIRA [1] we'll update it as soon as we fix it and the fix will be
> > > available in the latest build of the trunk.
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > 1. https://issues.apache.org/jira/browse/RAMPART-90
> > >
> > > On 10/29/07, Tim Munro (myDIALS) <ti...@mydials.com> wrote:
> > >> Thanks for following up Ruchith, really appreciated. I look forward to
> > >> this
> > >> fix - will this appear in the latest builds, or will it only appear in
> > >> the
> > >> next "release" build.
> > >>
> > >> Best,
> > >> Tim.
> > >> -----Original Message-----
>
> > >> Wrom: ZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGG
> > >> Sent: Monday, 29 October 2007 10:53 AM
> > >> To: axis-dev@ws.apache.org
> > >> Cc: tim.munro@mydials.com
> > >> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
> > >> Messages
> > >>
> > >> Hi,
> > >>
> > >> This is an issue in Rampart because it doesn't processes the security
> > >> header
> > >> of fault messages.
> > >>
> > >> https://issues.apache.org/jira/browse/RAMPART-90
> > >>
> > >> This will be fixed in the next release of Apache Rampart.
> > >>
> > >> Thanks,
> > >> Ruchith
> > >>
> > >> On 10/12/07, Tim Munro (myDIALS) <ti...@mydials.com> wrote:
> > >> > Hi All,
> > >> >
> > >> > I have developed an Axis2-1.3 client (with Rampart 1.3, using an
> > >> > xmlbeans
> > >> > proxy) that calls methods on a secured .NET web service service. I
> can
> > >> > successfully communicate with the .NET service, however when the .NET
> > >> > server returns a valid fault message the xmlbeans proxy client never
> > >> > receives the returned fault string; instead all the client receives
> is
> > >> > the following
> > >> > message:
> > >> > Must Understand check failed for header
> > >> >
> > >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
> > >> > 0.xsd : Security
> > >> >
> > >> > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy
> > >> > received the correct/expected error string.
> > >> >
> > >> > So, for example, if I call a method on the .NET web service with an
> > >> > invalid parameter in the request document, the .NET web service
> > >> > returns an informative message containing details of the problem.
> > >> > Below is an example of the xml response message received from the
> NET
> > >> > server, and to me it appears to be a valid response:
> > >> > <?xml version='1.0' encoding='utf-8'?> <s:Envelope
> > >> > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
> > >> >
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> > >> > urity-
> > >> > utility-1.0.xsd">
> > >> > <s:Header>
> > >> > <o:Security
> > >> >
> xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> > >> > urity-
> > >> > secext-1.0.xsd" s:mustUnderstand="1">
> > >> > <u:Timestamp u:Id="_0">
> > >> >
> > >> > <u:Created>2007-10-12T01:02:16.796Z</u:Created>
> > >> >
> > >> > <u:Expires>2007-10-12T01:07:16.796Z</u:Expires>
> > >> > </u:Timestamp>
> > >> > </o:Security>
> > >> > </s:Header>
> > >> > <s:Body>
> > >> > <s:Fault>
> > >> > <faultcode>s:UnexpectedFault</faultcode>
> > >> > <faultstring xml:lang="en-US">An unexpected
> > >> > error has occurred in the service.
> > >> >
> System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva
> > >> > lidReq
> > >> > uestFault]: The dimension member 'Midlands' was included in a
> > >> > dimension reference for the 'Products' dimension, but is not valid.
> > >> > (Fault Detail is equal to
> > >> MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring>
> > >> > </s:Fault>
> > >> > </s:Body>
> > >> > </s:Envelope>
> > >> >
> > >> > When I interact with this returned message (through the xmlbeans
> > >> > proxy), the error message I see is the "Must Understand check failed
> > >> for
> > >> header ..."
> > >> > rather than the value contained in the faultstring elemrnt of the
> > >> > returned document.
> > >> >
> > >> > The issue appears to be that the received message header contains a
> > >> > (valid) timestamp, as indicated above, however the Axis2 response
> > >> > handler never seems to to process this timestamp in the header,
> > >> > meaning that when the
> > >> > AxisEngine.checkMustUnderstand() performs the
> > >> > headerBlock.isProcessed() test, the result is false and so the "Must
> > >> understand check failed ..."
> > >> > exception is thrown and my xmlbeans proxy never sees the real
> > >> > faultstring message.
> > >> >
> > >> > I am struggling to understand what is going wrong here ... any
> > >> > guidance on what to fault-find next would be greatly appreciated as
> > >> > after a few days looking at this I am unsure if it is a problem in
> > >> > returned document, or my policy.xml.
> > >> >
> > >> > Thanks,
> > >> > Tim Munro
> > >> > ===================
> > >> >
> > >> > Below is my policy.xml document:
> > >> > <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly"
> > >> >
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> > >> > ecurit y-utility-1.0.xsd"
> > >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> > >> > <wsp:ExactlyOne>
> > >> > <wsp:All>
> > >> > <sp:TransportBinding
> > >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > >> > <wsp:Policy>
> > >> > <sp:TransportToken>
> > >> > <wsp:Policy>
> > >> >
> <sp:HttpsToken
> > >> > RequireClientCertificate="false"/>
> > >> > </wsp:Policy>
> > >> > </sp:TransportToken>
> > >> > <sp:AlgorithmSuite>
> > >> > <wsp:Policy>
> > >> >
> <sp:Basic256/>
> > >> > </wsp:Policy>
> > >> > </sp:AlgorithmSuite>
> > >> > <sp:Layout>
> > >> > <wsp:Policy>
> > >> > <sp:Lax/>
> > >> > </wsp:Policy>
> > >> > </sp:Layout>
> > >> > <sp:IncludeTimestamp/>
> > >> > </wsp:Policy>
> > >> > </sp:TransportBinding>
> > >> > <sp:EndorsingSupportingTokens
> > >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > >> > <wsp:Policy>
> > >> > <sp:X509Token
> > >> >
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> > >> > Includ
> > >> > eToken/AlwaysToRecipient">
> > >> > <wsp:Policy>
> > >> >
> > >> > <sp:WssX509V3Token10/>
> > >> > </wsp:Policy>
> > >> > </sp:X509Token>
> > >> > </wsp:Policy>
> > >> > </sp:EndorsingSupportingTokens>
> > >> > <sp:Wss10
> > >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > >> > <wsp:Policy>
> > >> >
> > >> <sp:MustSupportRefKeyIdentifier/>
> > >> >
> > >> <sp:MustSupportRefIssuerSerial/>
> > >> > </wsp:Policy>
> > >> > </sp:Wss10>
> > >> >
> > >> > <ramp:RampartConfig
> > >> > xmlns:ramp="http://ws.apache.org/rampart/policy">
> > >> >
> > >> > <ramp:timestampTTL>300</ramp:timestampTTL>
> > >> >
> > >> > <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew>
> > >> >
> > >> >
> <ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6
> > >> > e69109
> > >> > 3f9d</ramp:user>
> > >> > <!-- passwordCallbackClass is set in
> > >> > mydials config -->
> > >> > <!--
> > >> >
> <ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:pas
> > >> > swordC
> > >> > allbackClass> -->
> > >> >
> > >> > <ramp:signatureCrypto>
> > >> > <ramp:crypto
> > >> > provider="org.apache.ws.security.components.crypto.Merlin">
> > >> > <ramp:property
> > >> >
> name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp
> > >> > :prope
> > >> > rty>
> > >> > <ramp:property
> > >> >
> name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp
> > >> > :prope
> > >> > rty>
> > >> > <ramp:property
> > >> >
> name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:p
> > >> > ropert
> > >> > y>
> > >> > </ramp:crypto>
> > >> > </ramp:signatureCrypto>
> > >> > </ramp:RampartConfig>
> > >> >
> > >> > </wsp:All>
> > >> > </wsp:ExactlyOne>
> > >> > </wsp:Policy>
> > >> >
> > >> >
> > >> > ---------------------------------------------------------------------
> > >> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> > >> > For additional commands, e-mail: axis-dev-help@ws.apache.org
> > >> >
> > >> >
> > >>
> > >>
> > >> --
> > >> http://blog.ruchith.org
> > >> http://wso2.org
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> > >> For additional commands, e-mail: axis-dev-help@ws.apache.org
> > >>
> > >>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> > >> For additional commands, e-mail: axis-dev-help@ws.apache.org
> > >>
> > >>
> > >
> > >
> > > --
> > > http://blog.ruchith.org
> > > http://wso2.org
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-dev-help@ws.apache.org
> > >
> > >
> > >
> >
> > --
> > View this message in context:
> http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned-
> Fault-Messages-tp13167907p15312797.html
> > Sent from the Axis - Dev mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-dev-help@ws.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org
Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault Messages
Posted by mg...@hotmail.com.
zooming to the last entry for the bug:
Jan 10 08 Fixed in revision 610736. We have to add the security phase to in
the axis2.xml to use Rampart from now on. Will include a note about this in
the READ_ME file.
should be checked into trunk
anyone to generate the RC and update the mirrors the last one I see is from
sept 07?
http://ftp.wayne.edu/apache/ws/rampart/1_3/
Thanks
M-
----- Original Message -----
Wrom: EXCAXZOWCONEUQZAAFXISHJEXXIMQ
To: <ax...@ws.apache.org>
Sent: Wednesday, February 06, 2008 4:18 PM
Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
Messages
>
> Any luck with this issue? I just tried a client using Axis2-1.3 and
rampart
> from SVN trunk and the problem is still occuring. I can't get rampart to
> handle valid fault messages from a service.
>
> Response:
> ----------
> <?xml version='1.0' encoding='utf-8'?>
> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
>
>
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
utility-1.0.xsd">
> <s:Header>
> <o:Security
>
>
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd"
> s:mustUnderstand="1">
> <u:Timestamp u:Id="_0">
> <u:Created>2008-02-06T21:16:00.531Z</u:Created>
> <u:Expires>2008-02-06T21:21:00.531Z</u:Expires>
> </u:Timestamp>
> </o:Security>
> </s:Header>
> <s:Body>
> <s:Fault>
> <faultcode>FCode1</faultcode>
> <faultstring xml:lang="en-US">
> Unable to successfully complete requested action.
> </faultstring>
> <faultactor>Actor1</faultactor>
> <detail>
> <axis2ns1:MsgFault
> xmlns:axis2ns1="http://abc.com/xyz/2006/xsd">
> </axis2ns1:MsgFault>
> </detail>
> </s:Fault>
> </s:Body>
> </s:Envelope>
>
>
> Stack Trace:
> ------------
> org.apache.axis2.AxisFault: Must Understand check failed for header
>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.xsd
> : Security
> at
> org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135)
> at
>
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAx
isOperation.java:336)
> at
>
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio
n.java:389)
> at
>
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisO
peration.java:211)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>
> Thanks,
> Khaled
>
>
> Ruchith Fernando wrote:
> >
> > Hi Tim,
> >
> > This is not fixed yet in the latest build ... Please keep an eye on
> > the JIRA [1] we'll update it as soon as we fix it and the fix will be
> > available in the latest build of the trunk.
> >
> > Thanks,
> > Ruchith
> >
> > 1. https://issues.apache.org/jira/browse/RAMPART-90
> >
> > On 10/29/07, Tim Munro (myDIALS) <ti...@mydials.com> wrote:
> >> Thanks for following up Ruchith, really appreciated. I look forward to
> >> this
> >> fix - will this appear in the latest builds, or will it only appear in
> >> the
> >> next "release" build.
> >>
> >> Best,
> >> Tim.
> >> -----Original Message-----
> >> Wrom: ZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGG
> >> Sent: Monday, 29 October 2007 10:53 AM
> >> To: axis-dev@ws.apache.org
> >> Cc: tim.munro@mydials.com
> >> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault
> >> Messages
> >>
> >> Hi,
> >>
> >> This is an issue in Rampart because it doesn't processes the security
> >> header
> >> of fault messages.
> >>
> >> https://issues.apache.org/jira/browse/RAMPART-90
> >>
> >> This will be fixed in the next release of Apache Rampart.
> >>
> >> Thanks,
> >> Ruchith
> >>
> >> On 10/12/07, Tim Munro (myDIALS) <ti...@mydials.com> wrote:
> >> > Hi All,
> >> >
> >> > I have developed an Axis2-1.3 client (with Rampart 1.3, using an
> >> > xmlbeans
> >> > proxy) that calls methods on a secured .NET web service service. I
can
> >> > successfully communicate with the .NET service, however when the .NET
> >> > server returns a valid fault message the xmlbeans proxy client never
> >> > receives the returned fault string; instead all the client receives
is
> >> > the following
> >> > message:
> >> > Must Understand check failed for header
> >> >
> >>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
> >> > 0.xsd : Security
> >> >
> >> > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy
> >> > received the correct/expected error string.
> >> >
> >> > So, for example, if I call a method on the .NET web service with an
> >> > invalid parameter in the request document, the .NET web service
> >> > returns an informative message containing details of the problem.
> >> > Below is an example of the xml response message received from the
NET
> >> > server, and to me it appears to be a valid response:
> >> > <?xml version='1.0' encoding='utf-8'?> <s:Envelope
> >> > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
> >> >
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> >> > urity-
> >> > utility-1.0.xsd">
> >> > <s:Header>
> >> > <o:Security
> >> >
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> >> > urity-
> >> > secext-1.0.xsd" s:mustUnderstand="1">
> >> > <u:Timestamp u:Id="_0">
> >> >
> >> > <u:Created>2007-10-12T01:02:16.796Z</u:Created>
> >> >
> >> > <u:Expires>2007-10-12T01:07:16.796Z</u:Expires>
> >> > </u:Timestamp>
> >> > </o:Security>
> >> > </s:Header>
> >> > <s:Body>
> >> > <s:Fault>
> >> > <faultcode>s:UnexpectedFault</faultcode>
> >> > <faultstring xml:lang="en-US">An unexpected
> >> > error has occurred in the service.
> >> >
System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva
> >> > lidReq
> >> > uestFault]: The dimension member 'Midlands' was included in a
> >> > dimension reference for the 'Products' dimension, but is not valid.
> >> > (Fault Detail is equal to
> >> MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring>
> >> > </s:Fault>
> >> > </s:Body>
> >> > </s:Envelope>
> >> >
> >> > When I interact with this returned message (through the xmlbeans
> >> > proxy), the error message I see is the "Must Understand check failed
> >> for
> >> header ..."
> >> > rather than the value contained in the faultstring elemrnt of the
> >> > returned document.
> >> >
> >> > The issue appears to be that the received message header contains a
> >> > (valid) timestamp, as indicated above, however the Axis2 response
> >> > handler never seems to to process this timestamp in the header,
> >> > meaning that when the
> >> > AxisEngine.checkMustUnderstand() performs the
> >> > headerBlock.isProcessed() test, the result is false and so the "Must
> >> understand check failed ..."
> >> > exception is thrown and my xmlbeans proxy never sees the real
> >> > faultstring message.
> >> >
> >> > I am struggling to understand what is going wrong here ... any
> >> > guidance on what to fault-find next would be greatly appreciated as
> >> > after a few days looking at this I am unsure if it is a problem in
> >> > returned document, or my policy.xml.
> >> >
> >> > Thanks,
> >> > Tim Munro
> >> > ===================
> >> >
> >> > Below is my policy.xml document:
> >> > <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly"
> >> >
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> >> > ecurit y-utility-1.0.xsd"
> >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> >> > <wsp:ExactlyOne>
> >> > <wsp:All>
> >> > <sp:TransportBinding
> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >> > <wsp:Policy>
> >> > <sp:TransportToken>
> >> > <wsp:Policy>
> >> >
<sp:HttpsToken
> >> > RequireClientCertificate="false"/>
> >> > </wsp:Policy>
> >> > </sp:TransportToken>
> >> > <sp:AlgorithmSuite>
> >> > <wsp:Policy>
> >> >
<sp:Basic256/>
> >> > </wsp:Policy>
> >> > </sp:AlgorithmSuite>
> >> > <sp:Layout>
> >> > <wsp:Policy>
> >> > <sp:Lax/>
> >> > </wsp:Policy>
> >> > </sp:Layout>
> >> > <sp:IncludeTimestamp/>
> >> > </wsp:Policy>
> >> > </sp:TransportBinding>
> >> > <sp:EndorsingSupportingTokens
> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >> > <wsp:Policy>
> >> > <sp:X509Token
> >> >
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> >> > Includ
> >> > eToken/AlwaysToRecipient">
> >> > <wsp:Policy>
> >> >
> >> > <sp:WssX509V3Token10/>
> >> > </wsp:Policy>
> >> > </sp:X509Token>
> >> > </wsp:Policy>
> >> > </sp:EndorsingSupportingTokens>
> >> > <sp:Wss10
> >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >> > <wsp:Policy>
> >> >
> >> <sp:MustSupportRefKeyIdentifier/>
> >> >
> >> <sp:MustSupportRefIssuerSerial/>
> >> > </wsp:Policy>
> >> > </sp:Wss10>
> >> >
> >> > <ramp:RampartConfig
> >> > xmlns:ramp="http://ws.apache.org/rampart/policy">
> >> >
> >> > <ramp:timestampTTL>300</ramp:timestampTTL>
> >> >
> >> > <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew>
> >> >
> >> >
<ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6
> >> > e69109
> >> > 3f9d</ramp:user>
> >> > <!-- passwordCallbackClass is set in
> >> > mydials config -->
> >> > <!--
> >> >
<ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:pas
> >> > swordC
> >> > allbackClass> -->
> >> >
> >> > <ramp:signatureCrypto>
> >> > <ramp:crypto
> >> > provider="org.apache.ws.security.components.crypto.Merlin">
> >> > <ramp:property
> >> >
name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp
> >> > :prope
> >> > rty>
> >> > <ramp:property
> >> >
name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp
> >> > :prope
> >> > rty>
> >> > <ramp:property
> >> >
name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:p
> >> > ropert
> >> > y>
> >> > </ramp:crypto>
> >> > </ramp:signatureCrypto>
> >> > </ramp:RampartConfig>
> >> >
> >> > </wsp:All>
> >> > </wsp:ExactlyOne>
> >> > </wsp:Policy>
> >> >
> >> >
> >> > ---------------------------------------------------------------------
> >> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> >> > For additional commands, e-mail: axis-dev-help@ws.apache.org
> >> >
> >> >
> >>
> >>
> >> --
> >> http://blog.ruchith.org
> >> http://wso2.org
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: axis-dev-help@ws.apache.org
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: axis-dev-help@ws.apache.org
> >>
> >>
> >
> >
> > --
> > http://blog.ruchith.org
> > http://wso2.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-dev-help@ws.apache.org
> >
> >
> >
>
> --
> View this message in context:
http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned-
Fault-Messages-tp13167907p15312797.html
> Sent from the Axis - Dev mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org