You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Jorge Fernández (JIRA)" <ji...@apache.org> on 2007/08/05 01:27:53 UTC
[jira] Created: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Issues with security configurations and useOriginalwsdl parameter
-----------------------------------------------------------------
Key: RAMPART-64
URL: https://issues.apache.org/jira/browse/RAMPART-64
Project: Rampart
Issue Type: Bug
Components: rampart-policy
Affects Versions: 1.2
Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
Reporter: Jorge Fernández
Priority: Blocker
I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
caused by
org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
caused by
org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
caused by
com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
For example, in my service policy I have:
sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
</sp:EncryptedElements>
If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
I have this operations:
validate (In-Only OK)
logout (In-Only OK)
getOntologyFindings
getOntologyFindingsByConcept (OK)
getOntologyAbstractParameters
getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
getOntologySignals
getOntology
getPatients
getPrimitiveParameterData (OK)
Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
For some operations, I have a response like this:
<ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
<parameterData xmlns="http://op_messages.medici_link/xsd">
<annotations \
xmlns="http://external.communication_data_model.medici_link/xsd" \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
/>
<dataSegments \
xmlns="http://external.communication_data_model.medici_link/xsd"> \
<beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
<data>
<xop:Include \
href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
</dataSegments>
</parameterData>
</ns3:getPrimitiveDataResponse>
and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518442 ]
Jorge Fernández commented on RAMPART-64:
----------------------------------------
Well, I don't know what happens. I tried with today's RC that is RC-3 with some changes. But Deepal sais it doesn't contain any snapshot dependency.
Isn't it going to be included in 1.3?
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Screenshot.png.zip, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya resolved RAMPART-64.
-----------------------------------------------
Resolution: Fixed
It seems this is fixed in the trunk.
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Assignee: Nandana Mihindukulasooriya
> Priority: Blocker
> Attachments: JIRA70.rar, Screenshot.png.zip, WebServiceTest.rar
>
>
> I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-64:
-----------------------------------
Attachment: (was: eclipse_projects.rar)
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, Screenshot.png.zip, WebServiceTest.rar
>
>
> I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-64:
-----------------------------------
Description:
I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
caused by
org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
caused by
org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
caused by
com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
was:
I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
caused by
org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
caused by
org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
caused by
com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
at [row,col {unknown-source}]: [1,1028]
com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
For example, in my service policy I have:
sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
</sp:EncryptedElements>
If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
I have this operations:
validate (In-Only OK)
logout (In-Only OK)
getOntologyFindings
getOntologyFindingsByConcept (OK)
getOntologyAbstractParameters
getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
getOntologySignals
getOntology
getPatients
getPrimitiveParameterData (OK)
Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
For some operations, I have a response like this:
<ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
<parameterData xmlns="http://op_messages.medici_link/xsd">
<annotations \
xmlns="http://external.communication_data_model.medici_link/xsd" \
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
/>
<dataSegments \
xmlns="http://external.communication_data_model.medici_link/xsd"> \
<beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
<data>
<xop:Include \
href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
</dataSegments>
</parameterData>
</ns3:getPrimitiveDataResponse>
and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, Screenshot.png.zip, WebServiceTest.rar
>
>
> I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Murali Krishnan Gunasekaran (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12533192 ]
Murali Krishnan Gunasekaran commented on RAMPART-64:
----------------------------------------------------
This exception [org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp" ]
also occurs when the <IncludeTimestamp> element is included in the <policy>.
I believe the problem is that XmlPrimitiveAssertion instances are not being serialized properly (their
NS prefix attribute is missing when getting serialized). While debugging the serialize(Policy,OutputStream) method of
org.apache.axis2.util.ExternalPolicySerializer class, I noticed that the Policy element
is getting serialized like this:
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" Id="UTOverTransport">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:IncludeTimestamp/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Here <IncludeTimestamp> is missing the prefix declaration. This doesn't happen for the SupportingToken assertion
whose serialize(XMLStreamWriter) method works correctly.
Hope this helps in resolving the problem.
Murali
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, Screenshot.png.zip, WebServiceTest.rar
>
>
> I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-64:
-----------------------------------
Attachment: (was: Webservice.rar)
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-64:
-----------------------------------
Attachment: WebServiceTest.rar
JIRA70.rar
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, Screenshot.png.zip, WebServiceTest.rar
>
>
> I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518413 ]
Ruchith Udayanga Fernando commented on RAMPART-64:
--------------------------------------------------
Yes .... please open new JIRAs for other issues!
Thanks,
Ruchith
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518390 ]
Ruchith Udayanga Fernando commented on RAMPART-64:
--------------------------------------------------
Hi Jorge,
I tried your policy with a client and a service ... and I fixed the issue where it doesn't add the correct key ref [1].
However since we use WSS4J to process the incoming message and since there's no WS-SecurityPolicy support inbuilt in WSS4J we cannot perform validation of the refernce mechanism while obtaining the keys.
Therefore with this fix I'm going to resolve this issue.
Thanks,
Ruchith
[1] http://svn.apache.org/viewvc?view=rev&rev=563788
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518404 ]
Jorge Fernández commented on RAMPART-64:
----------------------------------------
Hi Ruchith,
I don't understand your comment: should I open a JIRA in WSS4J or is it not possible to force the client to send SKI reference?
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518416 ]
Ruchith Udayanga Fernando commented on RAMPART-64:
--------------------------------------------------
> Yes, I undesrtood that but If I send a IssuerSerial form the client, does the service accept it, even if NOT defining <sp:MustSupportIssuerSerial/>?
Yes ... right now this is the case due to limitations of WSS4J ... where we do not have access to policy information to validate ref types. Therefore we process all ref types we can handle and we do not restrict them.
> In 1.2 it worked like that and I think it shouldn't. Am I right?
And I agrees that this is against the spec and it should be fixed:-)
> Are the problem with namespaces defined in this JIRA resolved?
> OK. I'll open new JIRAs. Sorry I didn't see all your comments
Nope those are not resolved ... please open JIRAs for those...
I doubt we can get those issues fixed for 1.3 release or Rampart since we are planning to release Rampart-1.3 soon after Axis2-1.3
Thanks,
Ruchith
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518401 ]
Jorge Fernández commented on RAMPART-64:
----------------------------------------
Hi,
What about the problems with namespaces I described in this JIRA?If the client sends elements defined with prefix ns3, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have an exception in some cases also. The same happens with ServiceGroupId and even sometimes, rampart doesn't recognise some elements.
All this problems are described in this JIRA.
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-64:
-----------------------------------
Attachment: Webservice.rar
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-64:
-----------------------------------
Attachment: (was: eclipse_projects.rar)
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518412 ]
Ruchith Udayanga Fernando commented on RAMPART-64:
--------------------------------------------------
Now the given prolicy generates the SKI ref as expected.
Thanks,
Ruchith
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-64:
-------------------------------------------------
Assignee: Nandana Mihindukulasooriya
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Assignee: Nandana Mihindukulasooriya
> Priority: Blocker
> Attachments: JIRA70.rar, Screenshot.png.zip, WebServiceTest.rar
>
>
> I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (RAMPART-64) Issues with security
configurations and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518414 ]
informaticu007-pfc edited comment on RAMPART-64 at 8/8/07 3:47 AM:
----------------------------------------------------------------
Yes, I undesrtood that but If I send a IssuerSerial form the client, does the service accept it, even if NOT defining <sp:MustSupportIssuerSerial/>?
In 1.2 it worked like that and I think it shouldn't. Am I right?
Are the problem with namespaces defined in this JIRA resolved?
OK. I'll open new JIRAs. Sorry I didn't see all your comments
was (Author: informaticu007-pfc):
Yes, I undesrtood that but If I send a IssuerSerial form the client, does the service accept it, even if NOT defining <sp:MustSupportIssuerSerial/>?
In 1.2 it worked like that and I think it shouldn't. Am I right?
Are the problem with namespaces defined in this JIRA resolved?
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518426 ]
Jorge Fernández commented on RAMPART-64:
----------------------------------------
Dimuthu,
I tried useOriginalWSDL with RC released today and it has the same problem.
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518543 ]
Jorge Fernández commented on RAMPART-64:
----------------------------------------
Hi Dimuthu,
I downloaded axis2-SNAPSHOT and axis2-1.3-SNAPSHOT from http://people.apache.org/dist/axis2/nightly/
and I'm still having that problem
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Screenshot.png.zip, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518414 ]
Jorge Fernández commented on RAMPART-64:
----------------------------------------
Yes, I undesrtood that but If I send a IssuerSerial form the client, does the service accept it, even if NOT defining <sp:MustSupportIssuerSerial/>?
In 1.2 it worked like that and I think it shouldn't. Am I right?
Are the problem with namespaces defined in this JIRA resolved?
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12595173#action_12595173 ]
Nandana Mihindukulasooriya commented on RAMPART-64:
---------------------------------------------------
Hi Murali,
thanks for pointing out. I think this is fixed in Axis2 1.4. I tried with a custom assertion, which should be serialized using XmlPrimitiveAssertion instance and it worked fine. This is the assertion I used and it was correctly serialized in to the WSDL.
<ns1:TestAssertion xmlns:ns1="http://test.namespace/">
<ns1:Test1> some test </ns1:Test1>
<ns1:Test2/>
</ns1:TestAssertion>
And all the security policy assertion serializations are handled by Rampart policy module classes. I think we can close this issue as this is fixed in Axis2 1.4.
thanks,
nandana
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Assignee: Nandana Mihindukulasooriya
> Priority: Blocker
> Attachments: JIRA70.rar, Screenshot.png.zip, WebServiceTest.rar
>
>
> I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Dimuthu Leelarathne (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dimuthu Leelarathne updated RAMPART-64:
---------------------------------------
Attachment: Screenshot.png.zip
the screen shot
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Screenshot.png.zip, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ruchith Udayanga Fernando resolved RAMPART-64.
----------------------------------------------
Resolution: Fixed
Scenario 12 in org.apache.rampart.RampartTest uses the policy used in this issue.
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández reopened RAMPART-64:
------------------------------------
In rampart 1.3 take2. The problem remains
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, Screenshot.png.zip, WebServiceTest.rar
>
>
> I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-64:
-----------------------------------
Attachment: eclipse_projects.rar
Webservice.rar
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-64:
-----------------------------------
Attachment: eclipse_projects.rar
Source code in eclipse projects structure for client and service
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518419 ]
Jorge Fernández commented on RAMPART-64:
----------------------------------------
Opened RAMPART 67 and 68 for those. I didn't see your last comment and I opened them as blockers as I thought they were very important because they affect RAMPART in one of its important characteristics but If I should change their priority, tell me.
>Nope those are not resolved ... please open JIRAs for those...
>I doubt we can get those issues fixed for 1.3 release or Rampart since we are planning to >release Rampart-1.3 soon after Axis2-1.3
I'm very sad of hearing that because I have to present my final project very soon and those are the only issues that left for getting it working (I hope). But wish that next SNAPSHOTS could fix those issues soon. :)
Thanks for your work,
Jorge Fernández
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Dimuthu Leelarathne (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518437 ]
Dimuthu Leelarathne commented on RAMPART-64:
--------------------------------------------
Hi Jorge,
This is what i did.
I have the Axis2 revision - 561997(checked out several days ago). I am using Rampart build from current source code. T
I changed the policy/sample03 to have the following element.
<sp:SignedElements XPathVersion="xs:any">
<sp:XPath>//xenc:stuff</sp:XPath>
</sp:SignedElements>
Then it worked. I have attached the screen shot as well.
If you are using Axis2 's RC3 it should work. mmmm ..... if it still doesn't work, please try the nightly builds.
-Dimuthu
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Dimuthu Leelarathne (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518338 ]
Dimuthu Leelarathne commented on RAMPART-64:
--------------------------------------------
You have mentioned several problems. I tested with this one "When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:"
Yes it exist in Axis2 's 1.2 verion.
When I tested with Axis2's latest build, I didn't get it. Please check with Axis2's 1.3 RC3 version.
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy I haven't got MustSupportIssuerSerialReference, so I think the service should reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem when decrypting them in the service. But when I need to encrypt elements like that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> at prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
> at org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
> at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
 at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
 at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
 ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
 at org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
 at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
> at org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
 ... 23 more
> However, for other operations it has no problem. I have one that returns the same data as the one above and it works perfect. The only difference in the response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that when the names are almos the same (as getPatients and getPatientsByType), the longer works OK but the shorter doesn't. For some other, even if their names are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix 'axis2'. With other elements such as addressing headers and timestamp there is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd">
> <parameterData xmlns="http://op_messages.medici_link/xsd">
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd"> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:A1C749B6FA326E166A1186069490615@apache.org" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include" /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in the policy but none of them are encrypted nor signed and neither I get any exception.It seems that rampart isn't able to find them. I tried identifying them in the policy with descendant::ns3:dataSegments and descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (RAMPART-64) Issues with security configurations
and useOriginalwsdl parameter
Posted by "Jorge Fernández (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jorge Fernández updated RAMPART-64:
-----------------------------------
Attachment: (was: Webservice.rar)
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: JIRA70.rar, Screenshot.png.zip, WebServiceTest.rar
>
>
> I have <sp:RequireKeyIdentifierReference/> assertion in both Initiator Token and RecipientToken and <sp:MustSupportRefKeyIdentifier/>.
> I expected that the service should send SKI reference always, but, for the encryption key it sends IssuerSerial reference. Can I force it to use always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the service but the WSDL is not generated (when useOriginalwsdl is false) because it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.