You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Balu <vs...@gmail.com> on 2011/06/04 14:26:21 UTC
rampart security header in fault messages
Hi,
My client program is not able to process the fault messages from the server.
The exception that I am getting is,
org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:
Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(*
AxisEngine.java:86*)
at org.apache.axis2.engine.AxisEngine.receive(*AxisEngine.java:138*)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(*
OutInAxisOperation.java:336*)
at org.apache.axis2.description.OutInAxisOperationClient.send(*
OutInAxisOperation.java:389*)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(*
OutInAxisOperation.java:211*)
at org.apache.axis2.client.OperationClient.execute(*
OperationClient.java:163*)
As per the suggestion that I got after googling, I modified the InFaultFlow
section of module.xml inside the rampart-1.5.1.mar like below
<InFaultFlow>
<handler name="PolicyBasedSecurityInHandler"
class="org.apache.rampart.handler.RampartReceiver">
<order phase="Security" phaseFirst="true"/>
</handler>
<handler name="SecurityInHandler"
class="org.apache.rampart.handler.WSDoAllReceiver">
<order phase="Security"/>
</handler>
<handler name="PostDispatchVerificationHandler"
class="org.apache.rampart.handler.PostDispatchVerificationHandler">
<order phase="Dispatch" phaseLast="true"/>
</handler>
</InFaultFlow>
But this didn't turned out to be success. I checked the code of
WSDoAllReceiver and found the following line,
*SOAPConstants* soapConstants = *WSSecurityUtil*.getSOAPConstants(doc
.getDocumentElement());
*if* (*WSSecurityUtil*.findElement(doc.getDocumentElement(), "Fault",
soapConstants.getEnvelopeURI()) != *null*) {
*return*;
}
Does this mean that the Rampart engine does not except the security header
for SOAP messages?
Please help me to resolve this issue
RE: rampart security header in fault messages
Posted by Martin Gainty <mg...@hotmail.com>.
in axis2.xml check your declared phases e.g.
<!-- ================================================= -->
<!-- Phases -->
<!-- ================================================= -->
<phaseOrder type="inflow">
<!-- System pre defined phases -->
<phase name="TransportIn"/>
<phase name="PreDispatch"/>
<phase name="Dispatch"/>
<phase name="PostDispatch"/>
<!-- System pre defined phases -->
<!-- After Postdispatch phase module author or or service author can add any phase he want -->
<phase name="userphase1"/>
</phaseOrder>
<!-- so if i referenced Security phase i would get org.apache.axis2.AxisFault because it isnt a declared phase -->
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
Date: Sat, 4 Jun 2011 17:56:21 +0530
Subject: rampart security header in fault messages
From: vsbalu@gmail.com
To: java-dev@axis.apache.org
Hi,
My client program is not able to process
the fault messages from the server. The exception that I am getting
is,
org.apache.axis2.AxisFault:
Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:138)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
As per the suggestion that I got after
googling, I modified the InFaultFlow section of module.xml inside the rampart-1.5.1.mar
like below
<InFaultFlow>
<handler
name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
<order phase="Security" phaseFirst="true"/>
</handler>
<handler
name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
<order phase="Security"/>
</handler>
<handler
name="PostDispatchVerificationHandler" class="org.apache.rampart.handler.PostDispatchVerificationHandler">
<order phase="Dispatch" phaseLast="true"/>
</handler>
</InFaultFlow>
But this didn't turned out to be success.
I checked the code of WSDoAllReceiver and found the following line,
SOAPConstants soapConstants
= WSSecurityUtil.getSOAPConstants(doc
.getDocumentElement());
if
(WSSecurityUtil.findElement(doc.getDocumentElement(), "Fault",
soapConstants.getEnvelopeURI()) != null)
{
return;
}
Does this mean that the Rampart engine
does not except the security header for SOAP messages?
Please help me to resolve this issue