You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Stephen Cresswell <em...@stephen-cresswell.net> on 2011/04/09 19:05:54 UTC
InvalidSecurity - What am I doing wrong?
We're running into problems added authentication to our web services. It
works for our simple "hello world" web service, but when we try it with the
real web service we get an InvalidSecurity fault. I've stripped the WSDL
back so that the hello world and post code service are almost identical, but
I still get this error. Any ideas?
*Failing Request*
<soapenv:Envelope xmlns:car="http://xyzi.mycomp.co.uk/postcodedata_1"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsse:Username>BILL</wsse:Username>
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
">SECRET</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<car:getValidAddressTypes>
<car:category>X</car:category>
</car:getValidAddressTypes>
</soapenv:Body>
</soapenv:Envelope>
*Response*
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>InvalidSecurity</faultstring>
<detail/>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
*services.xml*
<?xml version="1.0" encoding="UTF-8"?>
<!-- This file was auto-generated from WSDL -->
<!-- by the Apache Axis2 version: 1.5.2 Built on : Sep 06, 2010 (09:42:01
CEST) -->
<serviceGroup>
<service name="PostCodeService_1_0">
<messageReceivers>
<messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"
class="uk.co.mycomp.foo.PostCodeService_1_0MessageReceiverInOut"/>
</messageReceivers>
<parameter
name="ServiceClass">uk.co.mycomp.foo.PostCodeService_1_0Skeleton</parameter>
<parameter name="useOriginalwsdl">true</parameter>
<parameter name="modifyUserWSDLPortAddress">true</parameter>
<operation name="getValidAddressTypes" mep="
http://www.w3.org/ns/wsdl/in-out" namespace="
http://xyzi.mycomp.co.uk/postcodeservice_1">
<actionMapping>
http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesRequest
</actionMapping>
<outputActionMapping>
http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesResponse
</outputActionMapping>
</operation>
<module ref="SmartintegratorModule"/>
<module ref="rampart"/>
<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:passwordCallbackClass>com.mycomp.ext.auth.PasswordCallbackHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
<service name="SpringAwareService"
class="com.mycomp.ext.spring.SpringInit">
<description>Spring initialiser</description>
</service>
</serviceGroup>
*debug
*[ERROR] InvalidSecurity
org.apache.axis2.AxisFault: InvalidSecurity
at
org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:152)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
at
org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266)
at
org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281)
at
org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187)
at
org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)*
*
Re: InvalidSecurity - What am I doing wrong?
Posted by Ruchith Fernando <ru...@gmail.com>.
Please ask on the java-dev@axis.apache.org list.
Thanks,
Ruchith
On Sun, Apr 10, 2011 at 6:47 PM, Stephen Cresswell
<em...@stephen-cresswell.net> wrote:
> I found out a bit more information - the failing web service had empty an
> soapAction attribute. When I set it to the same as the location the binding
> message was set and everything worked fine.
>
> <wsdl:binding name="PostCodeBinding" type="tns:PostCodePortType">
> <soap:binding style="document"
> transport="http://schemas.xmlsoap.org/soap/http"/>
> <wsdl:operation name="getValidAddressTypes">
> <soap:operation
> soapAction="http://localhost:8080/axis2/services/PostCodeService_1_0"/>
> ...
> </wsdl:operation>
> </wsdl:binding>
> <wsdl:service name="PostCodeService_1_0">
> <wsdl:port name="PostCodePort" binding="tns:PostCodeBinding">
> <soap:address
> location="http://localhost:8080/axis2/services/PostCodeService_1_0"/>
> </wsdl:port>
> </wsdl:service>
>
> However this just leaves me more confused because according the what
> documentation I've found soapAction is just a uri, e.g.
> http://mycompany/PostCodeService/1.0/getValidAddressTypes and each operation
> should have a different soapAction.
> It shouldn't have anything to do with the address location. We have more
> operations to add and I'm worried that as soon as we add the second one,
> we'll start hitting problems again.
>
> Something else that really confuses me - if I change either the soapAction
> or location to something different (e.g. change the port from 8080 to 9095)
> I get a "Must Understand" fault. This also confuses me because the server
> doesn't even run on 8080, so why should anything care what this value is.
>
> Really appreciate it if someone can shed any light on this.
>
> Thanks,
>
> S
>
>
>
>
>
> On 10 April 2011 23:29, Ruchith Fernando <ru...@gmail.com> wrote:
>>
>> Hi,
>>
>> I'm not sure why those instances are null.
>> Maybe some other axis2 developer will be able help you figure this out.
>>
>> Others what do you think?
>>
>> Thanks,
>> Ruchith
>>
>> p.s. Please maintain the conversation on the list so someone who is
>> aware of this issue will be able to help.
>>
>>
>> On Sun, Apr 10, 2011 at 1:15 PM, Stephen Cresswell
>> <em...@stephen-cresswell.net> wrote:
>> > I've stepped through in debug and tracked the problem down to where the
>> > RampartEngine attempts to assign the security policy from the
>> > msgCtx.getEffectivePolicy (Rampart 1.5, RampartMessageData line 238)
>> >
>> > For the working "Hello World" service
>> >
>> > AxisBindingMessage bindingMessage = (AxisBindingMessage)
>> > getProperty(Constants.AXIS_BINDING_MESSAGE);
>> >
>> > Returns a bindingMessage which has an attached security policy.
>> >
>> > For the failing "PostCode" service both the bindingMessage and
>> > axisMessage
>> > are null, so no policy can be obtained. Any idea why the post code
>> > service
>> > doesn't get assigned the security policy like the hello world one does?
>> >
>> > Thanks,
>> >
>> > S
>> >
>> >
>> >
>> > On 9 April 2011 20:53, Stephen Cresswell <em...@stephen-cresswell.net>
>> > wrote:
>> >>
>> >> Hi Ruchith,
>> >>
>> >> The CallbackHandler is not being invoked.
>> >> The only wsp:Policy sections are in services.xml. Nothing in the WSDL.
>> >> I
>> >> changed the useOriginalwsdl parameter to false, but it didn't make any
>> >> difference.
>> >>
>> >> S
>> >>
>> >>
>> >> On 9 April 2011 20:06, Ruchith Fernando <ru...@gmail.com>
>> >> wrote:
>> >>>
>> >>> Hi,
>> >>>
>> >>> Right now I'm not sure why policy wasn't available when the rampart
>> >>> handler was called and why it is available in post dispatch. Maybe
>> >>> someone more familiar with policy loading will be able to help.
>> >>>
>> >>> Can you please verify whether the callback handler was called to
>> >>> authenticate the username token in this case (I don't think it will
>> >>> be).
>> >>>
>> >>> I noticed you have used :
>> >>> <parameter name="useOriginalwsdl">true</parameter>
>> >>>
>> >>> Do you have security policy on the wsdl? If so I'm wondering whether
>> >>> there's an issue when loading policy that depends on dispatch.
>> >>>
>> >>> Thanks,
>> >>> Ruchith
>> >>>
>> >>> On Sat, Apr 9, 2011 at 2:12 PM, Stephen Cresswell
>> >>> <em...@stephen-cresswell.net> wrote:
>> >>> > Hi Ruchith,
>> >>> >
>> >>> > Can you elaborate a bit more please? If the webservice request is
>> >>> > sent
>> >>> > with
>> >>> > the correct security headers, and if the service the correct policy
>> >>> > definition, and can you think of any reason why it would not be
>> >>> > available?
>> >>> > Also any idea why it works for one service and not another (the
>> >>> > headers
>> >>> > and
>> >>> > policy definitions are identical)?
>> >>> >
>> >>> > Thanks for your help,
>> >>> >
>> >>> > S
>> >>> >
>> >>> > On 9 April 2011 19:04, Ruchith Fernando <ru...@gmail.com>
>> >>> > wrote:
>> >>> >>
>> >>> >> Hi,
>> >>> >>
>> >>> >> This error (PostDispatchVerificationHandler.java:152) means that
>> >>> >> security policy was not available at the time rampart was called.
>> >>> >>
>> >>> >> Thanks,
>> >>> >> Ruchith
>> >>> >>
>> >>> >> On Sat, Apr 9, 2011 at 1:05 PM, Stephen Cresswell
>> >>> >> <em...@stephen-cresswell.net> wrote:
>> >>> >> > We're running into problems added authentication to our web
>> >>> >> > services. It
>> >>> >> > works for our simple "hello world" web service, but when we try
>> >>> >> > it
>> >>> >> > with
>> >>> >> > the
>> >>> >> > real web service we get an InvalidSecurity fault. I've stripped
>> >>> >> > the
>> >>> >> > WSDL
>> >>> >> > back so that the hello world and post code service are almost
>> >>> >> > identical,
>> >>> >> > but
>> >>> >> > I still get this error. Any ideas?
>> >>> >> >
>> >>> >> > Failing Request
>> >>> >> > <soapenv:Envelope
>> >>> >> > xmlns:car="http://xyzi.mycomp.co.uk/postcodedata_1"
>> >>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>> >>> >> > <soapenv:Header>
>> >>> >> > <wsse:Security soapenv:mustUnderstand="1"
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>> >>> >> > <wsse:UsernameToken wsu:Id="UsernameToken-1"
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>> >>> >> > <wsse:Username>BILL</wsse:Username>
>> >>> >> > <wsse:Password
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SECRET</wsse:Password>
>> >>> >> > </wsse:UsernameToken>
>> >>> >> > </wsse:Security>
>> >>> >> > </soapenv:Header>
>> >>> >> > <soapenv:Body>
>> >>> >> > <car:getValidAddressTypes>
>> >>> >> > <car:category>X</car:category>
>> >>> >> > </car:getValidAddressTypes>
>> >>> >> > </soapenv:Body>
>> >>> >> > </soapenv:Envelope>
>> >>> >> >
>> >>> >> > Response
>> >>> >> > <soapenv:Envelope
>> >>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>> >>> >> > <soapenv:Body>
>> >>> >> > <soapenv:Fault>
>> >>> >> > <faultcode>soapenv:Server</faultcode>
>> >>> >> > <faultstring>InvalidSecurity</faultstring>
>> >>> >> > <detail/>
>> >>> >> > </soapenv:Fault>
>> >>> >> > </soapenv:Body>
>> >>> >> > </soapenv:Envelope>
>> >>> >> >
>> >>> >> > services.xml
>> >>> >> > <?xml version="1.0" encoding="UTF-8"?>
>> >>> >> > <!-- This file was auto-generated from WSDL -->
>> >>> >> > <!-- by the Apache Axis2 version: 1.5.2 Built on : Sep 06, 2010
>> >>> >> > (09:42:01
>> >>> >> > CEST) -->
>> >>> >> > <serviceGroup>
>> >>> >> > <service name="PostCodeService_1_0">
>> >>> >> > <messageReceivers>
>> >>> >> > <messageReceiver
>> >>> >> > mep="http://www.w3.org/ns/wsdl/in-out"
>> >>> >> >
>> >>> >> > class="uk.co.mycomp.foo.PostCodeService_1_0MessageReceiverInOut"/>
>> >>> >> > </messageReceivers>
>> >>> >> > <parameter
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > name="ServiceClass">uk.co.mycomp.foo.PostCodeService_1_0Skeleton</parameter>
>> >>> >> > <parameter name="useOriginalwsdl">true</parameter>
>> >>> >> > <parameter
>> >>> >> > name="modifyUserWSDLPortAddress">true</parameter>
>> >>> >> > <operation name="getValidAddressTypes"
>> >>> >> > mep="http://www.w3.org/ns/wsdl/in-out"
>> >>> >> > namespace="http://xyzi.mycomp.co.uk/postcodeservice_1">
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > <actionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesRequest</actionMapping>
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > <outputActionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesResponse</outputActionMapping>
>> >>> >> > </operation>
>> >>> >> > <module ref="SmartintegratorModule"/>
>> >>> >> > <module ref="rampart"/>
>> >>> >> >
>> >>> >> > <wsp:Policy wsu:Id="UsernameToken"
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> >>> >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>> >>> >> > <wsp:ExactlyOne>
>> >>> >> > <wsp:All>
>> >>> >> > <sp:SupportingTokens
>> >>> >> >
>> >>> >> >
>> >>> >> > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>> >>> >> > <wsp:Policy>
>> >>> >> > <sp:UsernameToken
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>> >>> >> > </sp:UsernameToken>
>> >>> >> > </wsp:Policy>
>> >>> >> > </sp:SupportingTokens>
>> >>> >> > <ramp:RampartConfig
>> >>> >> > xmlns:ramp="http://ws.apache.org/rampart/policy">
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > <ramp:passwordCallbackClass>com.mycomp.ext.auth.PasswordCallbackHandler</ramp:passwordCallbackClass>
>> >>> >> > </ramp:RampartConfig>
>> >>> >> > </wsp:All>
>> >>> >> > </wsp:ExactlyOne>
>> >>> >> > </wsp:Policy>
>> >>> >> > </service>
>> >>> >> > <service name="SpringAwareService"
>> >>> >> > class="com.mycomp.ext.spring.SpringInit">
>> >>> >> > <description>Spring initialiser</description>
>> >>> >> > </service>
>> >>> >> > </serviceGroup>
>> >>> >> >
>> >>> >> > debug
>> >>> >> > [ERROR] InvalidSecurity
>> >>> >> > org.apache.axis2.AxisFault: InvalidSecurity
>> >>> >> > at
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:152)
>> >>> >> > at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
>> >>> >> > at
>> >>> >> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
>> >>> >> > at
>> >>> >> > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
>> >>> >> > at
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
>> >>> >> > at
>> >>> >> >
>> >>> >> >
>> >>> >> > org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266)
>> >>> >> > at
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281)
>> >>> >> > at
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187)
>> >>> >> > at
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82)
>> >>> >> > at
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>> >>> >> > at
>> >>> >> >
>> >>> >> >
>> >>> >> >
>> >>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>> >>> >> > at java.lang.Thread.run(Thread.java:662)
>> >>> >> >
>> >>> >>
>> >>> >>
>> >>> >>
>> >>> >> --
>> >>> >> http://ruchith.org
>> >>> >
>> >>> >
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> http://ruchith.org
>> >>
>> >
>> >
>>
>>
>>
>> --
>> http://ruchith.org
>
>
--
http://ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
Re: InvalidSecurity - What am I doing wrong?
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
I'm not sure why those instances are null.
Maybe some other axis2 developer will be able help you figure this out.
Others what do you think?
Thanks,
Ruchith
p.s. Please maintain the conversation on the list so someone who is
aware of this issue will be able to help.
On Sun, Apr 10, 2011 at 1:15 PM, Stephen Cresswell
<em...@stephen-cresswell.net> wrote:
> I've stepped through in debug and tracked the problem down to where the
> RampartEngine attempts to assign the security policy from the
> msgCtx.getEffectivePolicy (Rampart 1.5, RampartMessageData line 238)
>
> For the working "Hello World" service
>
> AxisBindingMessage bindingMessage = (AxisBindingMessage)
> getProperty(Constants.AXIS_BINDING_MESSAGE);
>
> Returns a bindingMessage which has an attached security policy.
>
> For the failing "PostCode" service both the bindingMessage and axisMessage
> are null, so no policy can be obtained. Any idea why the post code service
> doesn't get assigned the security policy like the hello world one does?
>
> Thanks,
>
> S
>
>
>
> On 9 April 2011 20:53, Stephen Cresswell <em...@stephen-cresswell.net>
> wrote:
>>
>> Hi Ruchith,
>>
>> The CallbackHandler is not being invoked.
>> The only wsp:Policy sections are in services.xml. Nothing in the WSDL. I
>> changed the useOriginalwsdl parameter to false, but it didn't make any
>> difference.
>>
>> S
>>
>>
>> On 9 April 2011 20:06, Ruchith Fernando <ru...@gmail.com>
>> wrote:
>>>
>>> Hi,
>>>
>>> Right now I'm not sure why policy wasn't available when the rampart
>>> handler was called and why it is available in post dispatch. Maybe
>>> someone more familiar with policy loading will be able to help.
>>>
>>> Can you please verify whether the callback handler was called to
>>> authenticate the username token in this case (I don't think it will
>>> be).
>>>
>>> I noticed you have used :
>>> <parameter name="useOriginalwsdl">true</parameter>
>>>
>>> Do you have security policy on the wsdl? If so I'm wondering whether
>>> there's an issue when loading policy that depends on dispatch.
>>>
>>> Thanks,
>>> Ruchith
>>>
>>> On Sat, Apr 9, 2011 at 2:12 PM, Stephen Cresswell
>>> <em...@stephen-cresswell.net> wrote:
>>> > Hi Ruchith,
>>> >
>>> > Can you elaborate a bit more please? If the webservice request is sent
>>> > with
>>> > the correct security headers, and if the service the correct policy
>>> > definition, and can you think of any reason why it would not be
>>> > available?
>>> > Also any idea why it works for one service and not another (the headers
>>> > and
>>> > policy definitions are identical)?
>>> >
>>> > Thanks for your help,
>>> >
>>> > S
>>> >
>>> > On 9 April 2011 19:04, Ruchith Fernando <ru...@gmail.com>
>>> > wrote:
>>> >>
>>> >> Hi,
>>> >>
>>> >> This error (PostDispatchVerificationHandler.java:152) means that
>>> >> security policy was not available at the time rampart was called.
>>> >>
>>> >> Thanks,
>>> >> Ruchith
>>> >>
>>> >> On Sat, Apr 9, 2011 at 1:05 PM, Stephen Cresswell
>>> >> <em...@stephen-cresswell.net> wrote:
>>> >> > We're running into problems added authentication to our web
>>> >> > services. It
>>> >> > works for our simple "hello world" web service, but when we try it
>>> >> > with
>>> >> > the
>>> >> > real web service we get an InvalidSecurity fault. I've stripped the
>>> >> > WSDL
>>> >> > back so that the hello world and post code service are almost
>>> >> > identical,
>>> >> > but
>>> >> > I still get this error. Any ideas?
>>> >> >
>>> >> > Failing Request
>>> >> > <soapenv:Envelope
>>> >> > xmlns:car="http://xyzi.mycomp.co.uk/postcodedata_1"
>>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>>> >> > <soapenv:Header>
>>> >> > <wsse:Security soapenv:mustUnderstand="1"
>>> >> >
>>> >> >
>>> >> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>>> >> > <wsse:UsernameToken wsu:Id="UsernameToken-1"
>>> >> >
>>> >> >
>>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>>> >> > <wsse:Username>BILL</wsse:Username>
>>> >> > <wsse:Password
>>> >> >
>>> >> >
>>> >> > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SECRET</wsse:Password>
>>> >> > </wsse:UsernameToken>
>>> >> > </wsse:Security>
>>> >> > </soapenv:Header>
>>> >> > <soapenv:Body>
>>> >> > <car:getValidAddressTypes>
>>> >> > <car:category>X</car:category>
>>> >> > </car:getValidAddressTypes>
>>> >> > </soapenv:Body>
>>> >> > </soapenv:Envelope>
>>> >> >
>>> >> > Response
>>> >> > <soapenv:Envelope
>>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>>> >> > <soapenv:Body>
>>> >> > <soapenv:Fault>
>>> >> > <faultcode>soapenv:Server</faultcode>
>>> >> > <faultstring>InvalidSecurity</faultstring>
>>> >> > <detail/>
>>> >> > </soapenv:Fault>
>>> >> > </soapenv:Body>
>>> >> > </soapenv:Envelope>
>>> >> >
>>> >> > services.xml
>>> >> > <?xml version="1.0" encoding="UTF-8"?>
>>> >> > <!-- This file was auto-generated from WSDL -->
>>> >> > <!-- by the Apache Axis2 version: 1.5.2 Built on : Sep 06, 2010
>>> >> > (09:42:01
>>> >> > CEST) -->
>>> >> > <serviceGroup>
>>> >> > <service name="PostCodeService_1_0">
>>> >> > <messageReceivers>
>>> >> > <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"
>>> >> > class="uk.co.mycomp.foo.PostCodeService_1_0MessageReceiverInOut"/>
>>> >> > </messageReceivers>
>>> >> > <parameter
>>> >> >
>>> >> >
>>> >> > name="ServiceClass">uk.co.mycomp.foo.PostCodeService_1_0Skeleton</parameter>
>>> >> > <parameter name="useOriginalwsdl">true</parameter>
>>> >> > <parameter name="modifyUserWSDLPortAddress">true</parameter>
>>> >> > <operation name="getValidAddressTypes"
>>> >> > mep="http://www.w3.org/ns/wsdl/in-out"
>>> >> > namespace="http://xyzi.mycomp.co.uk/postcodeservice_1">
>>> >> >
>>> >> >
>>> >> >
>>> >> > <actionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesRequest</actionMapping>
>>> >> >
>>> >> >
>>> >> >
>>> >> > <outputActionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesResponse</outputActionMapping>
>>> >> > </operation>
>>> >> > <module ref="SmartintegratorModule"/>
>>> >> > <module ref="rampart"/>
>>> >> >
>>> >> > <wsp:Policy wsu:Id="UsernameToken"
>>> >> >
>>> >> >
>>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>> >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>>> >> > <wsp:ExactlyOne>
>>> >> > <wsp:All>
>>> >> > <sp:SupportingTokens
>>> >> >
>>> >> > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>>> >> > <wsp:Policy>
>>> >> > <sp:UsernameToken
>>> >> >
>>> >> >
>>> >> > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>>> >> > </sp:UsernameToken>
>>> >> > </wsp:Policy>
>>> >> > </sp:SupportingTokens>
>>> >> > <ramp:RampartConfig
>>> >> > xmlns:ramp="http://ws.apache.org/rampart/policy">
>>> >> >
>>> >> >
>>> >> >
>>> >> > <ramp:passwordCallbackClass>com.mycomp.ext.auth.PasswordCallbackHandler</ramp:passwordCallbackClass>
>>> >> > </ramp:RampartConfig>
>>> >> > </wsp:All>
>>> >> > </wsp:ExactlyOne>
>>> >> > </wsp:Policy>
>>> >> > </service>
>>> >> > <service name="SpringAwareService"
>>> >> > class="com.mycomp.ext.spring.SpringInit">
>>> >> > <description>Spring initialiser</description>
>>> >> > </service>
>>> >> > </serviceGroup>
>>> >> >
>>> >> > debug
>>> >> > [ERROR] InvalidSecurity
>>> >> > org.apache.axis2.AxisFault: InvalidSecurity
>>> >> > at
>>> >> >
>>> >> >
>>> >> > org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:152)
>>> >> > at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
>>> >> > at
>>> >> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
>>> >> > at
>>> >> > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
>>> >> > at
>>> >> >
>>> >> >
>>> >> > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
>>> >> > at
>>> >> >
>>> >> > org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266)
>>> >> > at
>>> >> >
>>> >> >
>>> >> > org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281)
>>> >> > at
>>> >> >
>>> >> >
>>> >> > org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187)
>>> >> > at
>>> >> >
>>> >> >
>>> >> > org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82)
>>> >> > at
>>> >> >
>>> >> >
>>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>>> >> > at
>>> >> >
>>> >> >
>>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>>> >> > at java.lang.Thread.run(Thread.java:662)
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> http://ruchith.org
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> http://ruchith.org
>>
>
>
--
http://ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
Re: InvalidSecurity - What am I doing wrong?
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
Right now I'm not sure why policy wasn't available when the rampart
handler was called and why it is available in post dispatch. Maybe
someone more familiar with policy loading will be able to help.
Can you please verify whether the callback handler was called to
authenticate the username token in this case (I don't think it will
be).
I noticed you have used :
<parameter name="useOriginalwsdl">true</parameter>
Do you have security policy on the wsdl? If so I'm wondering whether
there's an issue when loading policy that depends on dispatch.
Thanks,
Ruchith
On Sat, Apr 9, 2011 at 2:12 PM, Stephen Cresswell
<em...@stephen-cresswell.net> wrote:
> Hi Ruchith,
>
> Can you elaborate a bit more please? If the webservice request is sent with
> the correct security headers, and if the service the correct policy
> definition, and can you think of any reason why it would not be available?
> Also any idea why it works for one service and not another (the headers and
> policy definitions are identical)?
>
> Thanks for your help,
>
> S
>
> On 9 April 2011 19:04, Ruchith Fernando <ru...@gmail.com> wrote:
>>
>> Hi,
>>
>> This error (PostDispatchVerificationHandler.java:152) means that
>> security policy was not available at the time rampart was called.
>>
>> Thanks,
>> Ruchith
>>
>> On Sat, Apr 9, 2011 at 1:05 PM, Stephen Cresswell
>> <em...@stephen-cresswell.net> wrote:
>> > We're running into problems added authentication to our web services. It
>> > works for our simple "hello world" web service, but when we try it with
>> > the
>> > real web service we get an InvalidSecurity fault. I've stripped the WSDL
>> > back so that the hello world and post code service are almost identical,
>> > but
>> > I still get this error. Any ideas?
>> >
>> > Failing Request
>> > <soapenv:Envelope xmlns:car="http://xyzi.mycomp.co.uk/postcodedata_1"
>> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>> > <soapenv:Header>
>> > <wsse:Security soapenv:mustUnderstand="1"
>> >
>> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>> > <wsse:UsernameToken wsu:Id="UsernameToken-1"
>> >
>> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>> > <wsse:Username>BILL</wsse:Username>
>> > <wsse:Password
>> >
>> > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SECRET</wsse:Password>
>> > </wsse:UsernameToken>
>> > </wsse:Security>
>> > </soapenv:Header>
>> > <soapenv:Body>
>> > <car:getValidAddressTypes>
>> > <car:category>X</car:category>
>> > </car:getValidAddressTypes>
>> > </soapenv:Body>
>> > </soapenv:Envelope>
>> >
>> > Response
>> > <soapenv:Envelope
>> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
>> > <soapenv:Body>
>> > <soapenv:Fault>
>> > <faultcode>soapenv:Server</faultcode>
>> > <faultstring>InvalidSecurity</faultstring>
>> > <detail/>
>> > </soapenv:Fault>
>> > </soapenv:Body>
>> > </soapenv:Envelope>
>> >
>> > services.xml
>> > <?xml version="1.0" encoding="UTF-8"?>
>> > <!-- This file was auto-generated from WSDL -->
>> > <!-- by the Apache Axis2 version: 1.5.2 Built on : Sep 06, 2010
>> > (09:42:01
>> > CEST) -->
>> > <serviceGroup>
>> > <service name="PostCodeService_1_0">
>> > <messageReceivers>
>> > <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"
>> > class="uk.co.mycomp.foo.PostCodeService_1_0MessageReceiverInOut"/>
>> > </messageReceivers>
>> > <parameter
>> >
>> > name="ServiceClass">uk.co.mycomp.foo.PostCodeService_1_0Skeleton</parameter>
>> > <parameter name="useOriginalwsdl">true</parameter>
>> > <parameter name="modifyUserWSDLPortAddress">true</parameter>
>> > <operation name="getValidAddressTypes"
>> > mep="http://www.w3.org/ns/wsdl/in-out"
>> > namespace="http://xyzi.mycomp.co.uk/postcodeservice_1">
>> >
>> >
>> > <actionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesRequest</actionMapping>
>> >
>> >
>> > <outputActionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesResponse</outputActionMapping>
>> > </operation>
>> > <module ref="SmartintegratorModule"/>
>> > <module ref="rampart"/>
>> >
>> > <wsp:Policy wsu:Id="UsernameToken"
>> >
>> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>> > <wsp:ExactlyOne>
>> > <wsp:All>
>> > <sp:SupportingTokens
>> > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>> > <wsp:Policy>
>> > <sp:UsernameToken
>> >
>> > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>> > </sp:UsernameToken>
>> > </wsp:Policy>
>> > </sp:SupportingTokens>
>> > <ramp:RampartConfig
>> > xmlns:ramp="http://ws.apache.org/rampart/policy">
>> >
>> >
>> > <ramp:passwordCallbackClass>com.mycomp.ext.auth.PasswordCallbackHandler</ramp:passwordCallbackClass>
>> > </ramp:RampartConfig>
>> > </wsp:All>
>> > </wsp:ExactlyOne>
>> > </wsp:Policy>
>> > </service>
>> > <service name="SpringAwareService"
>> > class="com.mycomp.ext.spring.SpringInit">
>> > <description>Spring initialiser</description>
>> > </service>
>> > </serviceGroup>
>> >
>> > debug
>> > [ERROR] InvalidSecurity
>> > org.apache.axis2.AxisFault: InvalidSecurity
>> > at
>> >
>> > org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:152)
>> > at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
>> > at
>> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
>> > at
>> > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
>> > at
>> >
>> > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
>> > at
>> > org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266)
>> > at
>> >
>> > org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281)
>> > at
>> >
>> > org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187)
>> > at
>> >
>> > org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82)
>> > at
>> >
>> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>> > at
>> >
>> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>> > at java.lang.Thread.run(Thread.java:662)
>> >
>>
>>
>>
>> --
>> http://ruchith.org
>
>
--
http://ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org
Re: InvalidSecurity - What am I doing wrong?
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
This error (PostDispatchVerificationHandler.java:152) means that
security policy was not available at the time rampart was called.
Thanks,
Ruchith
On Sat, Apr 9, 2011 at 1:05 PM, Stephen Cresswell
<em...@stephen-cresswell.net> wrote:
> We're running into problems added authentication to our web services. It
> works for our simple "hello world" web service, but when we try it with the
> real web service we get an InvalidSecurity fault. I've stripped the WSDL
> back so that the hello world and post code service are almost identical, but
> I still get this error. Any ideas?
>
> Failing Request
> <soapenv:Envelope xmlns:car="http://xyzi.mycomp.co.uk/postcodedata_1"
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security soapenv:mustUnderstand="1"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> <wsse:UsernameToken wsu:Id="UsernameToken-1"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:Username>BILL</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">SECRET</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <car:getValidAddressTypes>
> <car:category>X</car:category>
> </car:getValidAddressTypes>
> </soapenv:Body>
> </soapenv:Envelope>
>
> Response
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Body>
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring>InvalidSecurity</faultstring>
> <detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
>
> services.xml
> <?xml version="1.0" encoding="UTF-8"?>
> <!-- This file was auto-generated from WSDL -->
> <!-- by the Apache Axis2 version: 1.5.2 Built on : Sep 06, 2010 (09:42:01
> CEST) -->
> <serviceGroup>
> <service name="PostCodeService_1_0">
> <messageReceivers>
> <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"
> class="uk.co.mycomp.foo.PostCodeService_1_0MessageReceiverInOut"/>
> </messageReceivers>
> <parameter
> name="ServiceClass">uk.co.mycomp.foo.PostCodeService_1_0Skeleton</parameter>
> <parameter name="useOriginalwsdl">true</parameter>
> <parameter name="modifyUserWSDLPortAddress">true</parameter>
> <operation name="getValidAddressTypes"
> mep="http://www.w3.org/ns/wsdl/in-out"
> namespace="http://xyzi.mycomp.co.uk/postcodeservice_1">
>
> <actionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesRequest</actionMapping>
>
> <outputActionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesResponse</outputActionMapping>
> </operation>
> <module ref="SmartintegratorModule"/>
> <module ref="rampart"/>
>
> <wsp:Policy wsu:Id="UsernameToken"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SupportingTokens
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
>
> <ramp:passwordCallbackClass>com.mycomp.ext.auth.PasswordCallbackHandler</ramp:passwordCallbackClass>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> </service>
> <service name="SpringAwareService"
> class="com.mycomp.ext.spring.SpringInit">
> <description>Spring initialiser</description>
> </service>
> </serviceGroup>
>
> debug
> [ERROR] InvalidSecurity
> org.apache.axis2.AxisFault: InvalidSecurity
> at
> org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:152)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
> at
> org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266)
> at
> org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281)
> at
> org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187)
> at
> org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> at java.lang.Thread.run(Thread.java:662)
>
--
http://ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org