You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-c-dev@ws.apache.org by "Yiming Du (JIRA)" <ji...@apache.org> on 2010/04/15 18:08:50 UTC
[jira] Created: (RAMPARTC-147) UsernameToken issue
UsernameToken issue
-------------------
Key: RAMPARTC-147
URL: https://issues.apache.org/jira/browse/RAMPARTC-147
Project: Rampart/C
Issue Type: Bug
Components: Rampart-core
Affects Versions: 1.3.0
Environment: Windows.
Reporter: Yiming Du
Assignee: Malinda Kaushalye Kapuruge
I'm working on a web service project using Rampart/C for securing the messages, while trying out the simplest policy "UsernameToken" the server failed in the "MessageOut" phase. A Fault was created with faultstring "NULL parameter was passed when a non NULL parameter was expected".
This is the services.xml for Axis2c
<service name="DEService">
<parameter name="ServiceClass">DEService</parameter>
<description>DEService Service</description>
<operation name="chainCommand" >
<parameter name="wsamapping">chainCommand</parameter>
</operation>
<module ref="rampart"/>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:PasswordCallbackClass>C:\axis2c\services\DEService\pwcb.dll</rampc:PasswordCallbackClass>
</rampc:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</service>
I used the WSDL annotated with the same policy to generate the client stub, the client is working well (it is using rampart/java) and I can see the request
This is the request message observed by TcpMon
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Username>aws</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aws</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:To>http://localhost:9090/axis2/services/DEService</wsa:To>
<wsa:MessageID>urn:uuid:C6D45293768AAD9E1B1271344679214</wsa:MessageID>
<wsa:Action>chainCommand</wsa:Action>
</soapenv:Header>
<soapenv:Body>
...
</soapenv:Body>
</soapenv:Envelope>0.
On server side, the callback function was being called, this could be confirmed from both application log and Axis2 log.
This is the response message observed by TcpMon
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header></soapenv:Header>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Client</faultcode>
<faultstring>NULL parameter was passed when a non NULL parameter was expected</faultstring>
</soapenv:Fault>
</soapenv:Body></soapenv:Envelope>0
This is the axis2c log
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\addr_disp.c(179) Checking for operation using WSA Action : chainCommand
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\addr_disp.c(185) Operation found using WSA Action
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\phase.c(210) Invoke the handler rest_dispatcher within the phase Dispatch
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\phase.c(210) Invoke the handler soap_message_body_based_dispatcher within the phase Dispatch
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\phase.c(210) Invoke the handler soap_action_based_dispatcher within the phase Dispatch
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\phase.c(210) Invoke the handler dispatch_post_conditions_evaluator within the phase PostDispatch
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\phase.c(210) Invoke the handler context_handler within the phase PostDispatch
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\phase.c(210) Invoke the handler RampartInHandler within the phase Security
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_util.c(32) [rampart]Trying to load module C:\axis2c\services\DEService\pwcb.dll
[Thu Apr 15 11:17:59 2010] [debug] ..\..\util\src\class_loader.c(140) C:\axis2c\services\DEService\pwcb.dll shared lib loaded successfully
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_util.c(48) [rampart]Successfully loaded module C:\axis2c\services\DEService\pwcb.dll
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_sec_header_processor.c(1815) [rampart]Processing security header in Strict layout
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_sec_header_processor.c(1824) [rampart]Processing security header element UsernameToken
[Thu Apr 15 11:17:59 2010] [info] [rampart]Validating UsernameToken
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_sec_processed_result.c(48) [rampart]Set SPR_UT_username in Security Processed Results of message context
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_sec_processed_result.c(48) [rampart]Set SPR_UT_passwordType in Security Processed Results of message context
[Thu Apr 15 11:17:59 2010] [info] [rampart]Password comparison SUCCESS
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_sec_processed_result.c(48) [rampart]Set SPR_UT_Checked in Security Processed Results of message context
[Thu Apr 15 11:17:59 2010] [info] [rampart]Validating UsernameToken SUCCESS
[Thu Apr 15 11:17:59 2010] [info] Security header processing done
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_sec_header_processor.c(1660) [rampart][shp] Replay detection is not specified. Nothing to do
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_context.c(2229) [rampart][rampart_context] Nothing to encrypt outside Secyrity header.
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_context.c(2225) [rampart][rampart_context] Nothing to sign outside Secyrity header.
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\phase.c(210) Invoke the handler AddressingOutHandler within the phase MessageOut
[Thu Apr 15 11:17:59 2010] [info] Starting addressing out handler
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\phase.c(210) Invoke the handler RampartOutHandler within the phase Security
[Thu Apr 15 11:17:59 2010] [error] ..\..\src\handlers\rampart_out_handler.c(144) [rampart][rampart_out_handler] Security header building failed.
[Thu Apr 15 11:17:59 2010] [error] ..\..\src\core\engine\phase.c(233) Handler RampartOutHandler invoke failed within phase Security
[Thu Apr 15 11:17:59 2010] [error] ..\..\src\core\engine\engine.c(696) Invoking phase Security failed
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\core\engine\phase.c(210) Invoke the handler RampartOutHandler within the phase MessageOut
[Thu Apr 15 11:17:59 2010] [debug] ..\..\src\util\rampart_handler_util.c(247) [rampart][rhu] Service is NULL. Check if the security is enabled in the Conf
[Thu Apr 15 11:17:59 2010] [error] ..\..\src\util\rampart_engine.c(159) [rampart][rampart_engine] Cannot get saved rampart_context
[Thu Apr 15 11:17:59 2010] [error] ..\..\src\handlers\rampart_out_handler.c(136) [rampart][rampart_out_handler] ramaprt_context creation failed.
[Thu Apr 15 11:17:59 2010] [error] ..\..\src\core\engine\phase.c(233) Handler RampartOutHandler invoke failed within phase MessageOut
[Thu Apr 15 11:17:59 2010] [error] ..\..\src\core\engine\engine.c(696) Invoking phase MessageOut failed
[Thu Apr 15 11:17:59 2010] [info] Request served successfully
I downloaded the souce code and ended up landing on the following functions:
Function rampart_out_handler_invoke in rampart_out_handler.c (based on log: [rampart][rampart_out_handler] Security header building failed.)
Function rampart_shb_build_message in the rampart_sec_header_builder.c.
This is a piece of code in rampart_sec_header_builder.c
if(!axis2_msg_ctx_get_server_side(msg_ctx,env))
{
if(rampart_context_is_include_username_token(rampart_context,env))
{
/*Now we are passing rampart_context here so inside this method
relevant parameters are extracted. */
AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][shb] Building UsernmaeToken"); // I expected to see this in the log.
status = rampart_username_token_build(
env,
rampart_context,
sec_node,
sec_ns_obj);
if (status == AXIS2_FAILURE)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] UsernmaeToken build failed. ERROR");
axiom_namespace_free(sec_ns_obj, env);
return AXIS2_FAILURE;
}
}
}
The missing of "[rampart][shb] Building UsernmaeToken" seems to indicate that the security header was not being processed while the presence of "[rampart]Validating UsernameToken" just rejected this hypothesis.
When security policy was removed from both server and client side, it's working very well.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira