You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Sanjay Vivek <Sa...@newcastle.ac.uk> on 2008/07/14 13:30:56 UTC
"Missing wsse:Security header in request" exception.
Hi everyone,
I've a rather curious situation whereby I'm getting a "Missing
wsse:Security header in request" exception when I invoke a Rampart 1.4
enabled service with a client on Eclipse.
However, when I use TCPMON to intercept the SOAP request and response
messages, I see that I have the the right data in the SOAP request
message. I must have the client side configured in the correct manner
because I'm getting the right SOAP request and response messages. Any
idea why this is occuring? The code for the client is given below for
reference. Cheers.
public static void main(String[] args) throws Exception {
ConfigurationContext ctx = ConfigurationContextFactory.
createConfigurationContextFromFileSystem(confPath, null);
GrouperServiceStub stub = new
GrouperServiceStub(ctx,targetEPR);
ServiceClient sc = stub._getServiceClient();
sc.engageModule("rampart");
sc.engageModule("addressing");
Options options = sc.getOptions();
options.setUserName("GrouperSystem");
options.setPassword("mypassword");
//load policy externally
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,loadPolicy(con
fPath + "/conf/policy.xml"));
//invoke the service
WsGetGroupsLiteResult wsGetGroupsLiteResult =
stub.getGroupsLite("v1_3_000", "nsv12@ncl.ac.uk", "", "", "All", "", "",
"", "", "", "", "", "", "", "");
//tells whether its an overall success
System.out.println(ToStringBuilder.reflectionToString(wsGetGroupsLiteRes
ult));
WsGroup[] results = wsGetGroupsLiteResult.getWsGroups();
if (results != null) {
for (WsGroup wsGroup : results) {
System.out.println(ToStringBuilder.reflectionToString(wsGroup));
}
}
}
private static Policy loadPolicy(String xmlPath) throws
Exception {
StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
return PolicyEngine.getPolicy(builder.getDocumentElement());
}
}
Regards
--------------
Sanjay Vivek
Web Analyst
Middleware Team
ISS
Newcastle University
RE: "Missing wsse:Security header in request" exception.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi Nandana,
I've managed to solve the problem by adding "<sp:IncludeTimestamp/>" in
the policy.xml. I had omitted it for my service. Would the absence of
<sp:IncludeTimestamp/> result in security headers not being included in
the SOAP message response? Thanks again.
Regards
Sanjay
>-----Original Message-----
>From: Sanjay Vivek [mailto:Sanjay.Vivek@newcastle.ac.uk]
>Sent: 15 July 2008 07:23
>To: rampart-dev@ws.apache.org
>Subject: RE: "Missing wsse:Security header in request" exception.
>
>Hi Nandana,
>
>I'm using Rampart 1.4 on both the client and service side. I
>used the same policy file for my Rampart 1.3 installation and
>the security header was in the response.
>
>Do I have to configure my client code so that it accepts a
>SOAP response message without security headers? Or do I
>configure my policy so that Rampart 1.4 sends a SOAP message
>with security headers? And if so, how do I go about doing
>this? Thanks again.
>
>Regards
>Sanjay
>
>
>-----Original Message-----
>From: Nandana Mihindukulasooriya [mailto:nandana.cse@gmail.com]
>Sent: Mon 14/07/2008 18:50
>To: rampart-dev@ws.apache.org
>Subject: Re: "Missing wsse:Security header in request" exception.
>
>Hi Sanjay,
>
>I just noticed the absence of <wsse:Security
>>
>xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws
>> se
>>
>curity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oa
sis-200401-wss-wssecurity-secext-1.0.xsd>"
>> soapenv:mustUnderstand="true" /> in the SOAP response
>Header. Any idea
>> why this element is missing in the SOAP response header?
>
>
>Looking at your policy, it seems that you don't need to have a
>security header in the response. Rampart 1.4 doesn't send
>empty security headers. Do you use Rampart 1.3 at the client side ?
>
>
>
>
RE: "Missing wsse:Security header in request" exception.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi Nandana,
I'm using Rampart 1.4 on both the client and service side. I used the same policy file for my Rampart 1.3 installation and the security header was in the response.
Do I have to configure my client code so that it accepts a SOAP response message without security headers? Or do I configure my policy so that Rampart 1.4 sends a SOAP message with security headers? And if so, how do I go about doing this? Thanks again.
Regards
Sanjay
-----Original Message-----
From: Nandana Mihindukulasooriya [mailto:nandana.cse@gmail.com]
Sent: Mon 14/07/2008 18:50
To: rampart-dev@ws.apache.org
Subject: Re: "Missing wsse:Security header in request" exception.
Hi Sanjay,
I just noticed the absence of <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
> curity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
> soapenv:mustUnderstand="true" /> in the SOAP
> response Header. Any idea why this element is missing in the SOAP
> response header?
Looking at your policy, it seems that you don't need to have a security
header in the response. Rampart 1.4 doesn't send empty security headers. Do
you use Rampart 1.3 at the client side ?
Re: "Missing wsse:Security header in request" exception.
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Sanjay,
I just noticed the absence of <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
> curity-secext-1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd>"
> soapenv:mustUnderstand="true" /> in the SOAP
> response Header. Any idea why this element is missing in the SOAP
> response header?
Looking at your policy, it seems that you don't need to have a security
header in the response. Rampart 1.4 doesn't send empty security headers. Do
you use Rampart 1.3 at the client side ?
>
> And why am I able to get back the correct SOAP response (minus the
> security header)? Any help in this matter would be appreciated. Cheers.
>
> Regards
> Sanjay
>
> >-----Original Message-----
> >From: Sanjay Vivek [mailto:Sanjay.Vivek@newcastle.ac.uk]
> >Sent: 14 July 2008 12:31
> >To: rampart-dev@ws.apache.org
> >Subject: "Missing wsse:Security header in request" exception.
> >
> >Hi everyone,
> >
> >I've a rather curious situation whereby I'm getting a "Missing
> >wsse:Security header in request" exception when I invoke a
> >Rampart 1.4 enabled service with a client on Eclipse.
> >
> >However, when I use TCPMON to intercept the SOAP request and
> >response messages, I see that I have the the right data in the
> >SOAP request message. I must have the client side configured
> >in the correct manner because I'm getting the right SOAP
> >request and response messages. Any idea why this is occuring?
> >The code for the client is given below for reference. Cheers.
> >
> >public static void main(String[] args) throws Exception {
> >
> > ConfigurationContext ctx = ConfigurationContextFactory.
> >
> >createConfigurationContextFromFileSystem(confPath, null);
> >
> > GrouperServiceStub stub = new
> >GrouperServiceStub(ctx,targetEPR);
> >
> > ServiceClient sc = stub._getServiceClient();
> >
> > sc.engageModule("rampart");
> > sc.engageModule("addressing");
> >
> > Options options = sc.getOptions();
> > options.setUserName("GrouperSystem");
> > options.setPassword("mypassword");
> >
> > //load policy externally
> >
> >options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,loadP
> >olicy(con
> >fPath + "/conf/policy.xml"));
> >
> > //invoke the service
> > WsGetGroupsLiteResult wsGetGroupsLiteResult =
> >stub.getGroupsLite("v1_3_000", "nsv12@ncl.ac.uk", "", "",
> >"All", "", "",
> >"", "", "", "", "", "", "", "");
> >
> > //tells whether its an overall success
> >
> >System.out.println(ToStringBuilder.reflectionToString(wsGetGrou
> >psLiteRes
> >ult));
> >
> > WsGroup[] results = wsGetGroupsLiteResult.getWsGroups();
> > if (results != null) {
> > for (WsGroup wsGroup : results) {
> >
> >System.out.println(ToStringBuilder.reflectionToString(wsGroup));
> > }
> > }
> > }
> >
> > private static Policy loadPolicy(String xmlPath) throws
> >Exception {
> > StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
> > return PolicyEngine.getPolicy(builder.getDocumentElement());
> > }
> >
> >}
> >
> >Regards
> >--------------
> >Sanjay Vivek
> >Web Analyst
> >Middleware Team
> >ISS
> >Newcastle University
> >
>
RE: "Missing wsse:Security header in request" exception.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi Peter,
I've attached the services.xml for your reference. Cheers.
Regards
Sanjay
>-----Original Message-----
>From: Rajesh, Peter (CLAIMS, WIP)
>[mailto:Peter.Rajesh@TheHartford.com]
>Sent: 14 July 2008 16:52
>To: rampart-dev@ws.apache.org
>Subject: RE: "Missing wsse:Security header in request" exception.
>
>
>Please verify the policy.xml
>
>
>Thanks & Regards,
>
>Peter Rajesh
>
>
>-----Original Message-----
>From: Sanjay Vivek [mailto:Sanjay.Vivek@newcastle.ac.uk]
>Sent: Monday, July 14, 2008 11:25 AM
>To: rampart-dev@ws.apache.org
>Subject: RE: "Missing wsse:Security header in request" exception.
>
>Hi again,
>
>I just noticed the absence of <wsse:Security
>xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401
-wss-wsse
>curity-secext-1.0.xsd" soapenv:mustUnderstand="true" /> in the
>SOAP response Header. Any idea why this element is missing in
>the SOAP response header?
>
>And why am I able to get back the correct SOAP response (minus
>the security header)? Any help in this matter would be
>appreciated. Cheers.
>
>Regards
>Sanjay
>
>>-----Original Message-----
>>From: Sanjay Vivek [mailto:Sanjay.Vivek@newcastle.ac.uk]
>>Sent: 14 July 2008 12:31
>>To: rampart-dev@ws.apache.org
>>Subject: "Missing wsse:Security header in request" exception.
>>
>>Hi everyone,
>>
>>I've a rather curious situation whereby I'm getting a "Missing
>>wsse:Security header in request" exception when I invoke a
>Rampart 1.4
>>enabled service with a client on Eclipse.
>>
>>However, when I use TCPMON to intercept the SOAP request and response
>>messages, I see that I have the the right data in the SOAP request
>>message. I must have the client side configured in the correct manner
>>because I'm getting the right SOAP request and response messages. Any
>>idea why this is occuring?
>>The code for the client is given below for reference. Cheers.
>>
>>public static void main(String[] args) throws Exception {
>>
>> ConfigurationContext ctx = ConfigurationContextFactory.
>>
>>createConfigurationContextFromFileSystem(confPath, null);
>>
>> GrouperServiceStub stub = new
>>GrouperServiceStub(ctx,targetEPR);
>>
>> ServiceClient sc = stub._getServiceClient();
>>
>> sc.engageModule("rampart");
>> sc.engageModule("addressing");
>>
>> Options options = sc.getOptions();
>> options.setUserName("GrouperSystem");
>> options.setPassword("mypassword");
>>
>> //load policy externally
>>
>>options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,loadP
>>olicy(con
>>fPath + "/conf/policy.xml"));
>>
>> //invoke the service
>> WsGetGroupsLiteResult wsGetGroupsLiteResult =
>>stub.getGroupsLite("v1_3_000", "nsv12@ncl.ac.uk", "", "", "All", "",
>>"",
>>"", "", "", "", "", "", "", "");
>>
>> //tells whether its an overall success
>>
>>System.out.println(ToStringBuilder.reflectionToString(wsGetGrou
>>psLiteRes
>>ult));
>>
>> WsGroup[] results = wsGetGroupsLiteResult.getWsGroups();
>> if (results != null) {
>> for (WsGroup wsGroup : results) {
>>
>>System.out.println(ToStringBuilder.reflectionToString(wsGroup));
>> }
>> }
>> }
>>
>> private static Policy loadPolicy(String xmlPath) throws
>Exception {
>> StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
>> return PolicyEngine.getPolicy(builder.getDocumentElement());
>> }
>>
>>}
>>
>>Regards
>>--------------
>>Sanjay Vivek
>>Web Analyst
>>Middleware Team
>>ISS
>>Newcastle University
>>
>
>
>***************************************************************
>**********
>This communication, including attachments, is for the
>exclusive use of addressee and may contain proprietary,
>confidential and/or privileged information. If you are not
>the intended recipient, any use, copying, disclosure,
>dissemination or distribution is strictly prohibited. If you
>are not the intended recipient, please notify the sender
>immediately by return e-mail, delete this communication and
>destroy all copies.
>***************************************************************
>**********
>
>
RE: "Missing wsse:Security header in request" exception.
Posted by "Rajesh, Peter (CLAIMS, WIP)" <Pe...@TheHartford.com>.
Please verify the policy.xml
Thanks & Regards,
Peter Rajesh
-----Original Message-----
From: Sanjay Vivek [mailto:Sanjay.Vivek@newcastle.ac.uk]
Sent: Monday, July 14, 2008 11:25 AM
To: rampart-dev@ws.apache.org
Subject: RE: "Missing wsse:Security header in request" exception.
Hi again,
I just noticed the absence of <wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd" soapenv:mustUnderstand="true" /> in the SOAP
response Header. Any idea why this element is missing in the SOAP
response header?
And why am I able to get back the correct SOAP response (minus the
security header)? Any help in this matter would be appreciated. Cheers.
Regards
Sanjay
>-----Original Message-----
>From: Sanjay Vivek [mailto:Sanjay.Vivek@newcastle.ac.uk]
>Sent: 14 July 2008 12:31
>To: rampart-dev@ws.apache.org
>Subject: "Missing wsse:Security header in request" exception.
>
>Hi everyone,
>
>I've a rather curious situation whereby I'm getting a "Missing
>wsse:Security header in request" exception when I invoke a Rampart 1.4
>enabled service with a client on Eclipse.
>
>However, when I use TCPMON to intercept the SOAP request and response
>messages, I see that I have the the right data in the SOAP request
>message. I must have the client side configured in the correct manner
>because I'm getting the right SOAP request and response messages. Any
>idea why this is occuring?
>The code for the client is given below for reference. Cheers.
>
>public static void main(String[] args) throws Exception {
>
> ConfigurationContext ctx = ConfigurationContextFactory.
>
>createConfigurationContextFromFileSystem(confPath, null);
>
> GrouperServiceStub stub = new
>GrouperServiceStub(ctx,targetEPR);
>
> ServiceClient sc = stub._getServiceClient();
>
> sc.engageModule("rampart");
> sc.engageModule("addressing");
>
> Options options = sc.getOptions();
> options.setUserName("GrouperSystem");
> options.setPassword("mypassword");
>
> //load policy externally
>
>options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,loadP
>olicy(con
>fPath + "/conf/policy.xml"));
>
> //invoke the service
> WsGetGroupsLiteResult wsGetGroupsLiteResult =
>stub.getGroupsLite("v1_3_000", "nsv12@ncl.ac.uk", "", "", "All", "",
>"",
>"", "", "", "", "", "", "", "");
>
> //tells whether its an overall success
>
>System.out.println(ToStringBuilder.reflectionToString(wsGetGrou
>psLiteRes
>ult));
>
> WsGroup[] results = wsGetGroupsLiteResult.getWsGroups();
> if (results != null) {
> for (WsGroup wsGroup : results) {
>
>System.out.println(ToStringBuilder.reflectionToString(wsGroup));
> }
> }
> }
>
> private static Policy loadPolicy(String xmlPath) throws
Exception {
> StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
> return PolicyEngine.getPolicy(builder.getDocumentElement());
> }
>
>}
>
>Regards
>--------------
>Sanjay Vivek
>Web Analyst
>Middleware Team
>ISS
>Newcastle University
>
*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information. If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited. If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************
RE: "Missing wsse:Security header in request" exception.
Posted by Sanjay Vivek <Sa...@newcastle.ac.uk>.
Hi again,
I just noticed the absence of <wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd" soapenv:mustUnderstand="true" /> in the SOAP
response Header. Any idea why this element is missing in the SOAP
response header?
And why am I able to get back the correct SOAP response (minus the
security header)? Any help in this matter would be appreciated. Cheers.
Regards
Sanjay
>-----Original Message-----
>From: Sanjay Vivek [mailto:Sanjay.Vivek@newcastle.ac.uk]
>Sent: 14 July 2008 12:31
>To: rampart-dev@ws.apache.org
>Subject: "Missing wsse:Security header in request" exception.
>
>Hi everyone,
>
>I've a rather curious situation whereby I'm getting a "Missing
>wsse:Security header in request" exception when I invoke a
>Rampart 1.4 enabled service with a client on Eclipse.
>
>However, when I use TCPMON to intercept the SOAP request and
>response messages, I see that I have the the right data in the
>SOAP request message. I must have the client side configured
>in the correct manner because I'm getting the right SOAP
>request and response messages. Any idea why this is occuring?
>The code for the client is given below for reference. Cheers.
>
>public static void main(String[] args) throws Exception {
>
> ConfigurationContext ctx = ConfigurationContextFactory.
>
>createConfigurationContextFromFileSystem(confPath, null);
>
> GrouperServiceStub stub = new
>GrouperServiceStub(ctx,targetEPR);
>
> ServiceClient sc = stub._getServiceClient();
>
> sc.engageModule("rampart");
> sc.engageModule("addressing");
>
> Options options = sc.getOptions();
> options.setUserName("GrouperSystem");
> options.setPassword("mypassword");
>
> //load policy externally
>
>options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,loadP
>olicy(con
>fPath + "/conf/policy.xml"));
>
> //invoke the service
> WsGetGroupsLiteResult wsGetGroupsLiteResult =
>stub.getGroupsLite("v1_3_000", "nsv12@ncl.ac.uk", "", "",
>"All", "", "",
>"", "", "", "", "", "", "", "");
>
> //tells whether its an overall success
>
>System.out.println(ToStringBuilder.reflectionToString(wsGetGrou
>psLiteRes
>ult));
>
> WsGroup[] results = wsGetGroupsLiteResult.getWsGroups();
> if (results != null) {
> for (WsGroup wsGroup : results) {
>
>System.out.println(ToStringBuilder.reflectionToString(wsGroup));
> }
> }
> }
>
> private static Policy loadPolicy(String xmlPath) throws
>Exception {
> StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
> return PolicyEngine.getPolicy(builder.getDocumentElement());
> }
>
>}
>
>Regards
>--------------
>Sanjay Vivek
>Web Analyst
>Middleware Team
>ISS
>Newcastle University
>