You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Samisa Abeysinghe (JIRA)" <ji...@apache.org> on 2010/12/22 12:06:17 UTC

[jira] Updated: (RAMPART-281) Axis2/Java client throws exception with mustUnderstand=1

     [ https://issues.apache.org/jira/browse/RAMPART-281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Samisa Abeysinghe updated RAMPART-281:
--------------------------------------

    Assignee:     (was: Ruchith Udayanga Fernando)

> Axis2/Java client throws exception with mustUnderstand=1
> --------------------------------------------------------
>
>                 Key: RAMPART-281
>                 URL: https://issues.apache.org/jira/browse/RAMPART-281
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.4
>         Environment: Server: Linux, Axis2/C
> Client: Windows, Axis2/Java
>            Reporter: Russell Tempero
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> We have implemented our service with the following security policy:
> <wsp:Policy wsu:Id="SyncPolicy"
>     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
>     xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>     <wsp:ExactlyOne>
>         <wsp:All>
>             <sp:TransportBinding>
>                 <wsp:Policy>
>                     <sp:TransportToken>
>                         <wsp:Policy>
>                             <sp:HttpsToken/>
>                         </wsp:Policy>
>                     </sp:TransportToken>
>                     <sp:AlgorithmSuite>
>                         <wsp:Policy>
>                             <sp:Basic256/>
>                         </wsp:Policy>
>                     </sp:AlgorithmSuite>
>                     <sp:Layout>
>                         <wsp:Policy>
>                             <sp:Lax/>
>                         </wsp:Policy>
>                     </sp:Layout>
>                 </wsp:Policy>
>             </sp:TransportBinding>
>             <sp:SignedSupportingTokens>
>                 <wsp:Policy>
>                     <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
>                         <wsp:Policy>
>                             <sp:WssUsernameToken10/>
>                         </wsp:Policy>
>                     </sp:UsernameToken>
>                 </wsp:Policy>
>             </sp:SignedSupportingTokens>
>         </wsp:All>
>     </wsp:ExactlyOne>
> </wsp:Policy>
> On the client, we are able to use Rampart to send out the correct security headers as expected by the server:
>   <soapenv:Header>
>     <wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' soapenv:mustUnderstand='1'>
>       <wsse:UsernameToken xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='UsernameToken-12864392'>
>         <wsse:Username>admin</wsse:Username>
>         <wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>admin</wsse:Password>
>       </wsse:UsernameToken>
>     </wsse:Security>
>   </soapenv:Header>
> However, in the response, the server send back a blank security header:
> <soapenv:Header>
>     <wsse:Security xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' soapenv:mustUnderstand='1'></wsse:Security>
>   </soapenv:Header>
> When the client receives this blank security header, it throws the following exception:
> Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
> Is the blank security header required/allowed in the response according to the WS-Security specification? If so, the Rampart implementation on the client needs to be changed to be able to accept this header. If the blank header is not allowed, the server needs to be changed to not send it.
> Note: we came up with the following workaround on the client:
>     .
>     .
>     .
> 		ConfigurationContext configurationContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem("C:\\Program Files\\axis2-1.5.1\\repository", null);
> 		AxisConfiguration ac = configurationContext.getAxisConfiguration();
> 		((Phase)ac.getInFlowPhases().get(0)).addHandler(new BasicCreate.SecurityHandler());
>     .
>     .
>     .
>     public static class SecurityHandler extends AbstractHandler
>     {
>         @Override
>         public InvocationResponse invoke(MessageContext msgContext) throws AxisFault
>         {
>             org.apache.axiom.soap.SOAPEnvelope envelope = msgContext.getEnvelope();
>             if (envelope.getHeader() == null)
>             {
>                 return InvocationResponse.CONTINUE;
>             }
>             // Get all the headers targeted to us
>             Iterator headerBlocks = envelope.getHeader().getHeadersToProcess((RolePlayer)msgContext.getConfigurationContext().getAxisConfiguration().getParameterValue("rolePlayer"));
>             while (headerBlocks.hasNext())
>             {
>                 SOAPHeaderBlock headerBlock = (SOAPHeaderBlock) headerBlocks.next();
>                 QName headerName = headerBlock.getQName();
>                 if(headerName.getLocalPart().equals("Security"))
>                 {
>                     headerBlock.setProcessed();
>                 }
>             }
>             return InvocationResponse.CONTINUE;
>         }
>     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org