You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Todd Allen <tb...@copart.com> on 2007/09/20 19:34:25 UTC
security headers missing
I am using Axis2-1.1 and am trying to implement the user name token
authentication. I've followed the samples but keep getting the
following SOAP fault string:
WSDoAllReceiver: Incoming message does not contain required Security header
I'm using SOAPUI version 1.7.5 as the client and have the following header:
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"
soapenv:mustUnderstand="1">
<wsse:UsernameToken>
<wsse:Username>bob</wsse:Username>
<wsse:Password>pword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
My services.xml file has the following lines to engage rampart:
<module ref="rampart" />
<parameter name="InflowSecurity">
<action>
<items>UsernameToken</items>
<passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass>
</action>
</parameter>
What am I missing?
Thanks,
T
Re: security headers missing
Posted by Ruchith Fernando <ru...@apache.org>.
Hi,
Your "Security" header is invalid.
It MUST be of the namespace :
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
not
"http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"
Thanks,
Ruchith
Todd Allen wrote:
> I am using Axis2-1.1 and am trying to implement the user name token
> authentication. I've followed the samples but keep getting the
> following SOAP fault string:
>
> WSDoAllReceiver: Incoming message does not contain required Security header
>
> I'm using SOAPUI version 1.7.5 as the client and have the following header:
>
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken>
> <wsse:Username>bob</wsse:Username>
> <wsse:Password>pword</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
>
> My services.xml file has the following lines to engage rampart:
>
> <module ref="rampart" />
> <parameter name="InflowSecurity">
> <action>
> <items>UsernameToken</items>
>
> <passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass>
>
> </action>
> </parameter>
>
> What am I missing?
>
> Thanks,
> T
>
>
Re: security headers missing
Posted by Ruchith Fernando <ru...@apache.org>.
Hi,
As I mentioned in my earlier response the namespace of the "Security"
header in the sample header in your original post does not match the
namespace in the WS-Security 1.0 specification :
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Thanks,
Ruchith
Todd Allen wrote:
> The error message was caused by the fact that the security headers in
> the SOAP request did not contain a timestamp. This is not mentioned
> anywhere in the rampart samples included with the distribution.
> Can someone explain why the timestamp header is needed when only the
> user name token is being used?
>
> Thanks,
> T
>
>
> Todd Allen wrote:
>> I am using Axis2-1.1 and am trying to implement the user name token
>> authentication. I've followed the samples but keep getting the
>> following SOAP fault string:
>>
>> WSDoAllReceiver: Incoming message does not contain required Security
>> header
>>
>> I'm using SOAPUI version 1.7.5 as the client and have the following
>> header:
>>
>> <soapenv:Header>
>> <wsse:Security
>> xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"
>> soapenv:mustUnderstand="1">
>> <wsse:UsernameToken>
>> <wsse:Username>bob</wsse:Username>
>> <wsse:Password>pword</wsse:Password>
>> </wsse:UsernameToken>
>> </wsse:Security>
>> </soapenv:Header>
>>
>> My services.xml file has the following lines to engage rampart:
>>
>> <module ref="rampart" />
>> <parameter name="InflowSecurity">
>> <action>
>> <items>UsernameToken</items>
>>
>> <passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass>
>>
>> </action>
>> </parameter>
>>
>> What am I missing?
>>
>> Thanks,
>> T
>>
>
Re: security headers missing
Posted by Ruchith Fernando <ru...@apache.org>.
Todd Allen wrote:
> Are you just now seeing my message? I sent it about a month ago!
Yes. Apologies about the delay in my response.
> Are there problems with the list?
I don't think there are any issues with the list. If you have any issue
regarding Apache Rampart please post here, we will try our best to
response as soon as possible.
Thanks,
Ruchith
>
> T
>
>
> At 04:59 AM 10/13/2007, Ruchith Fernando wrote:
>> Yep... this is the list for Apache Rampart related issues.
>>
>> Thanks,
>> Ruchith
>>
>> Todd Allen wrote:
>> > Is this the right list to ask this type of question or should I be
>> > posting to the Axis2-dev list?
>> > The majority of posts on this list seem to be for commits to CVS.
>> > Anyone... anyone?
>> >
>> > Thanks,
>> > T
>> >
>> >
>> > Todd Allen wrote:
>> >> The error message was caused by the fact that the security headers in
>> >> the SOAP request did not contain a timestamp. This is not mentioned
>> >> anywhere in the rampart samples included with the distribution.
>> >> Can someone explain why the timestamp header is needed when only the
>> >> user name token is being used?
>> >>
>> >> Thanks,
>> >> T
>> >>
>> >>
>> >> Todd Allen wrote:
>> >>> I am using Axis2-1.1 and am trying to implement the user name token
>> >>> authentication. I've followed the samples but keep getting the
>> >>> following SOAP fault string:
>> >>>
>> >>> WSDoAllReceiver: Incoming message does not contain required Security
>> >>> header
>> >>>
>> >>> I'm using SOAPUI version 1.7.5 as the client and have the following
>> >>> header:
>> >>>
>> >>> <soapenv:Header>
>> >>> <wsse:Security
>> >>>
>> xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"
>>
>> >>> soapenv:mustUnderstand="1">
>> >>> <wsse:UsernameToken>
>> >>> <wsse:Username>bob</wsse:Username>
>> >>> <wsse:Password>pword</wsse:Password>
>> >>> </wsse:UsernameToken>
>> >>> </wsse:Security>
>> >>> </soapenv:Header>
>> >>>
>> >>> My services.xml file has the following lines to engage rampart:
>> >>>
>> >>> <module ref="rampart" />
>> >>> <parameter name="InflowSecurity">
>> >>> <action>
>> >>> <items>UsernameToken</items>
>> >>>
>> >>>
>> <passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass>
>>
>> >>>
>> >>> </action>
>> >>> </parameter>
>> >>>
>> >>> What am I missing?
>> >>>
>> >>> Thanks,
>> >>> T
>> >
>> >
>>
>>
>>
>
>
Re: security headers missing
Posted by Todd Allen <tb...@copart.com>.
Are you just now seeing my message? I sent it about a month ago!
Are there problems with the list?
T
At 04:59 AM 10/13/2007, Ruchith Fernando wrote:
>Yep... this is the list for Apache Rampart related issues.
>
>Thanks,
>Ruchith
>
>Todd Allen wrote:
> > Is this the right list to ask this type of question or should I be
> > posting to the Axis2-dev list?
> > The majority of posts on this list seem to be for commits to CVS.
> > Anyone... anyone?
> >
> > Thanks,
> > T
> >
> >
> > Todd Allen wrote:
> >> The error message was caused by the fact that the security headers in
> >> the SOAP request did not contain a timestamp. This is not mentioned
> >> anywhere in the rampart samples included with the distribution.
> >> Can someone explain why the timestamp header is needed when only the
> >> user name token is being used?
> >>
> >> Thanks,
> >> T
> >>
> >>
> >> Todd Allen wrote:
> >>> I am using Axis2-1.1 and am trying to implement the user name token
> >>> authentication. I've followed the samples but keep getting the
> >>> following SOAP fault string:
> >>>
> >>> WSDoAllReceiver: Incoming message does not contain required Security
> >>> header
> >>>
> >>> I'm using SOAPUI version 1.7.5 as the client and have the following
> >>> header:
> >>>
> >>> <soapenv:Header>
> >>> <wsse:Security
> >>>
> xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"
> >>> soapenv:mustUnderstand="1">
> >>> <wsse:UsernameToken>
> >>> <wsse:Username>bob</wsse:Username>
> >>> <wsse:Password>pword</wsse:Password>
> >>> </wsse:UsernameToken>
> >>> </wsse:Security>
> >>> </soapenv:Header>
> >>>
> >>> My services.xml file has the following lines to engage rampart:
> >>>
> >>> <module ref="rampart" />
> >>> <parameter name="InflowSecurity">
> >>> <action>
> >>> <items>UsernameToken</items>
> >>>
> >>>
> <passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass>
> >>>
> >>> </action>
> >>> </parameter>
> >>>
> >>> What am I missing?
> >>>
> >>> Thanks,
> >>> T
> >
> >
>
>
>
Re: security headers missing
Posted by Ruchith Fernando <ru...@apache.org>.
Yep... this is the list for Apache Rampart related issues.
Thanks,
Ruchith
Todd Allen wrote:
> Is this the right list to ask this type of question or should I be
> posting to the Axis2-dev list?
> The majority of posts on this list seem to be for commits to CVS.
> Anyone... anyone?
>
> Thanks,
> T
>
>
> Todd Allen wrote:
>> The error message was caused by the fact that the security headers in
>> the SOAP request did not contain a timestamp. This is not mentioned
>> anywhere in the rampart samples included with the distribution.
>> Can someone explain why the timestamp header is needed when only the
>> user name token is being used?
>>
>> Thanks,
>> T
>>
>>
>> Todd Allen wrote:
>>> I am using Axis2-1.1 and am trying to implement the user name token
>>> authentication. I've followed the samples but keep getting the
>>> following SOAP fault string:
>>>
>>> WSDoAllReceiver: Incoming message does not contain required Security
>>> header
>>>
>>> I'm using SOAPUI version 1.7.5 as the client and have the following
>>> header:
>>>
>>> <soapenv:Header>
>>> <wsse:Security
>>> xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"
>>> soapenv:mustUnderstand="1">
>>> <wsse:UsernameToken>
>>> <wsse:Username>bob</wsse:Username>
>>> <wsse:Password>pword</wsse:Password>
>>> </wsse:UsernameToken>
>>> </wsse:Security>
>>> </soapenv:Header>
>>>
>>> My services.xml file has the following lines to engage rampart:
>>>
>>> <module ref="rampart" />
>>> <parameter name="InflowSecurity">
>>> <action>
>>> <items>UsernameToken</items>
>>>
>>> <passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass>
>>>
>>> </action>
>>> </parameter>
>>>
>>> What am I missing?
>>>
>>> Thanks,
>>> T
>
>
Re: security headers missing
Posted by Todd Allen <tb...@copart.com>.
Is this the right list to ask this type of question or should I be
posting to the Axis2-dev list?
The majority of posts on this list seem to be for commits to CVS.
Anyone... anyone?
Thanks,
T
Todd Allen wrote:
> The error message was caused by the fact that the security headers in
> the SOAP request did not contain a timestamp. This is not mentioned
> anywhere in the rampart samples included with the distribution.
> Can someone explain why the timestamp header is needed when only the
> user name token is being used?
>
> Thanks,
> T
>
>
> Todd Allen wrote:
>> I am using Axis2-1.1 and am trying to implement the user name token
>> authentication. I've followed the samples but keep getting the
>> following SOAP fault string:
>>
>> WSDoAllReceiver: Incoming message does not contain required Security
>> header
>>
>> I'm using SOAPUI version 1.7.5 as the client and have the following
>> header:
>>
>> <soapenv:Header>
>> <wsse:Security
>> xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"
>> soapenv:mustUnderstand="1">
>> <wsse:UsernameToken>
>> <wsse:Username>bob</wsse:Username>
>> <wsse:Password>pword</wsse:Password>
>> </wsse:UsernameToken>
>> </wsse:Security>
>> </soapenv:Header>
>>
>> My services.xml file has the following lines to engage rampart:
>>
>> <module ref="rampart" />
>> <parameter name="InflowSecurity">
>> <action>
>> <items>UsernameToken</items>
>>
>> <passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass>
>>
>> </action>
>> </parameter>
>>
>> What am I missing?
>>
>> Thanks,
>> T
Re: security headers missing
Posted by Todd Allen <tb...@copart.com>.
The error message was caused by the fact that the security headers in
the SOAP request did not contain a timestamp. This is not mentioned
anywhere in the rampart samples included with the distribution.
Can someone explain why the timestamp header is needed when only the
user name token is being used?
Thanks,
T
Todd Allen wrote:
> I am using Axis2-1.1 and am trying to implement the user name token
> authentication. I've followed the samples but keep getting the
> following SOAP fault string:
>
> WSDoAllReceiver: Incoming message does not contain required Security
> header
>
> I'm using SOAPUI version 1.7.5 as the client and have the following
> header:
>
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext1.0.xsd"
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken>
> <wsse:Username>bob</wsse:Username>
> <wsse:Password>pword</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
>
> My services.xml file has the following lines to engage rampart:
>
> <module ref="rampart" />
> <parameter name="InflowSecurity">
> <action>
> <items>UsernameToken</items>
>
> <passwordCallbackClass>com.mycompany.myservice.producer.handlers.PWCBHandler</passwordCallbackClass>
>
> </action>
> </parameter>
>
> What am I missing?
>
> Thanks,
> T
>