You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@synapse.apache.org by Anthony Bull <an...@bcsoft.co.nz> on 2007/10/16 00:11:09 UTC
WS-Security and Synapse
Hi, I have been trying to set up a proxy for some axis2 web services,
and have been having trouble with WS-Security.
The entire message including the WS-Security headers are intended for my
endpoint (axis2 service), however Synapse is trying to handle the
WS-Security headers (see error message below). How can I get Synapse to
ignore the security headers and simply send the message to the endpoint
no matter what?
The error message at Synapse is:
org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
Here is the SOAP message that is being sent to Synapse:
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="true">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-5311938">
<wsu:Created>2007-10-15T21:36:59.163Z</wsu:Created>
<wsu:Expires>2007-10-15T21:41:59.163Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-30318493">
<wsse:Username>bgilbert</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">x</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<GetVehicleInformationRequest
xmlns="urn:toyota-co-nz:vehicle:vehicle-info-request-1.0.0"><Registration>rav4</Registration></GetVehicleInformationRequest>
</soapenv:Body>
</soapenv:Envelope>
thanks,
Anthony.
---------------------------------------------------------------------
To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
For additional commands, e-mail: synapse-user-help@ws.apache.org
Re: WS-Security and Synapse
Posted by Ruwan Linton <ru...@gmail.com>.
Ahhaaa I got it.
Thanks,
Ruwan
On 10/17/07, Anthony Bull <an...@bcsoft.co.nz> wrote:
>
> Yeah - a standalone distro - with just synapse-SNAPSHOT.mar and
> rampart.mar and addressing.mar.
>
> Ruwan Linton wrote:
>
> Hi Anthony,
>
> On 10/16/07, Anthony Bull <an...@bcsoft.co.nz> <an...@bcsoft.co.nz> wrote:
>
> Hi Ruwan,
>
> thanks for the reply. The situation is we have a machine sitting
> externally at a client site, and this has to proxy some web services on
> internal machines at the client site. The client (a big client with
> stringent security requirements) require that all web service requests
> to go through a certain point (the Synapse setup) and that the web
> services aren't on the external layer of their network. Also there are
> other software vendors writing .NET web services that will be used
> through Synapse in a similar way. The future plan is to do some
> mediation, such as aggregation of web services.
>
> Cool !!
>
> Also, I'm not sure if anyone is aware but I managed to get the setup I
>
> required working with the latest nightly snapshot build of Synapse. So
> it looks like the architecture stuff has been done already?
>
> Nice to hear that :D
>
> I then
>
> managed to get it setup in an axis2 running inside Tomcat, which took a
> bit of fiddling around to get everything working. The synapse.xml file
> I used is:
>
> Just for the clarification, you are using the standalone distro, not the
> synapse-handler.mar right?
>
> <definitions xmlns="http://ws.apache.org/ns/synapse" <http://ws.apache.org/ns/synapse>>
>
> <proxy name="DataHubVehicleService-1.0.0">
> <target>
> <inSequence>
> <send>
> <endpoint>
> <address
> uri="http://tnz017:8080/tnz/services/DataHubVehicleService-1.0.0" <http://tnz017:8080/tnz/services/DataHubVehicleService-1.0.0>
> optimize="swa"/>
> </endpoint>
> </send>
> </inSequence>
> <outSequence>
> <send/>
> </outSequence>
> </target>
> <publishWSDL
>
> uri="file:C:/Projects/data-hub/data-hub-vehicle-service/resources/DataHubVehicleService-
> 1.0.0.wsdl"/>
> </proxy>
> </definitions>
>
>
> Thanks,
> Ruwan
>
> Ruwan Linton wrote:
>
>
> Hi Anthony,
>
> AFAIK, this is a limitation of synapse according to the current
> architecture. We thought of re-architecture synapse to handle these
>
> cases
>
> which ended up in introducing a new module called synapse-handler.marwhich
> can handle these kind of situations. But we have not tested this
>
> (especially
>
> with proxy services and security)??
>
> I have filed a JIRA [1] on this and we will look in to this ASAP
> (1.1release time frame may not gonna scale for this and may not be
> able to fix
> this for 1.1)
>
> BTW: why do you need to proxy a service with security and just pass
>
> through
>
> the message without doing any thing (no mediation)? I am trying to
> understand your use case and why do you need synapse in there ...
>
> [1] - https://issues.apache.org/jira/browse/SYNAPSE-152
>
> Thanks,
> Ruwan
>
> On 10/16/07, Anthony Bull <an...@bcsoft.co.nz> <an...@bcsoft.co.nz> wrote:
>
> Hi, I have been trying to set up a proxy for some axis2 web services,
> and have been having trouble with WS-Security.
>
> The entire message including the WS-Security headers are intended for
>
> my
>
> endpoint (axis2 service), however Synapse is trying to handle the
> WS-Security headers (see error message below). How can I get Synapse
>
> to
>
> ignore the security headers and simply send the message to the endpoint
> no matter what?
>
> The error message at Synapse is:
>
> org.apache.axis2.AxisFault: Must Understand check failed for header
>
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>
> : Security
>
> Here is the SOAP message that is being sent to Synapse:
>
> <?xml version='1.0' encoding='UTF-8'?>
> <soapenv:Envelope xmlns:soapenv="
>
> http://www.w3.org/2003/05/soap-envelope
>
> ">
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>
> "
>
> soapenv:mustUnderstand="true">
> <wsu:Timestamp
> xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>
> "
>
> wsu:Id="Timestamp-5311938">
> <wsu:Created>2007-10-15T21:36:59.163Z</wsu:Created>
> <wsu:Expires>2007-10-15T21:41:59.163Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:UsernameToken
> xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>
> "
>
> wsu:Id="UsernameToken-30318493">
> <wsse:Username>bgilbert</wsse:Username>
> <wsse:Password
> Type="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
>
> ">x</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <GetVehicleInformationRequest
> xmlns="urn:toyota-co-nz:vehicle:vehicle-info-request-1.0.0
> "><Registration>rav4</Registration></GetVehicleInformationRequest>
> </soapenv:Body>
> </soapenv:Envelope>
>
> thanks,
> Anthony.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: synapse-user-help@ws.apache.org
>
>
>
> --
>
> Anthony
> -------------------------------------
> Anthony Bull
> Senior Developer
> Black Coffee Software Ltd
> PO Box 10-192 The Terrace
> Wellington, New Zealand
>
> anthony.bull@bcsoft.co.nz
> Ph +64 4 472 8818
> Fax +64 4 472 8811
> -------------------------------------
> www.bcsoft.co.nz
> ---------------------------------------------------------------
> This email may contain confidential or privileged information,
> and is intended for use only by the addressee, or addressees.
> If you are not the intended recipient please advise the sender
> immediately and do not copy, use or disclose the contents to
> any other person or organisation.
> Black Coffee Software Ltd accepts no responsibility for viruses
> received with this email, or to any changes made to the original
> content. Any views or opinions expressed in this email may be
> personal to the sender and are not necessarily those of Black
> Coffee Software Ltd.
> ---------------------------------------------------------------
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: synapse-user-help@ws.apache.org
>
>
>
>
> --
>
> Anthony
> -------------------------------------
> Anthony Bull
> Senior Developer
> Black Coffee Software Ltd
> PO Box 10-192 The Terrace
> Wellington, New Zealand
>
> anthony.bull@bcsoft.co.nz
> Ph +64 4 472 8818
> Fax +64 4 472 8811
> -------------------------------------
> www.bcsoft.co.nz
> ---------------------------------------------------------------
> This email may contain confidential or privileged information,
> and is intended for use only by the addressee, or addressees.
> If you are not the intended recipient please advise the sender
> immediately and do not copy, use or disclose the contents to
> any other person or organisation.
> Black Coffee Software Ltd accepts no responsibility for viruses
> received with this email, or to any changes made to the original
> content. Any views or opinions expressed in this email may be
> personal to the sender and are not necessarily those of Black
> Coffee Software Ltd.
> ---------------------------------------------------------------
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org For additional
> commands, e-mail: synapse-user-help@ws.apache.org
>
--
Ruwan Linton
http://www.wso2.org - "Oxygenating the Web Services Platform"
Re: WS-Security and Synapse
Posted by Ruwan Linton <ru...@gmail.com>.
Hi Anthony,
On 10/16/07, Anthony Bull <an...@bcsoft.co.nz> wrote:
>
> Hi Ruwan,
>
> thanks for the reply. The situation is we have a machine sitting
> externally at a client site, and this has to proxy some web services on
> internal machines at the client site. The client (a big client with
> stringent security requirements) require that all web service requests
> to go through a certain point (the Synapse setup) and that the web
> services aren't on the external layer of their network. Also there are
> other software vendors writing .NET web services that will be used
> through Synapse in a similar way. The future plan is to do some
> mediation, such as aggregation of web services.
Cool !!
Also, I'm not sure if anyone is aware but I managed to get the setup I
> required working with the latest nightly snapshot build of Synapse. So
> it looks like the architecture stuff has been done already?
Nice to hear that :D
I then
> managed to get it setup in an axis2 running inside Tomcat, which took a
> bit of fiddling around to get everything working. The synapse.xml file
> I used is:
Just for the clarification, you are using the standalone distro, not the
synapse-handler.mar right?
<definitions xmlns="http://ws.apache.org/ns/synapse">
> <proxy name="DataHubVehicleService-1.0.0">
> <target>
> <inSequence>
> <send>
> <endpoint>
> <address
> uri="http://tnz017:8080/tnz/services/DataHubVehicleService-1.0.0"
> optimize="swa"/>
> </endpoint>
> </send>
> </inSequence>
> <outSequence>
> <send/>
> </outSequence>
> </target>
> <publishWSDL
>
> uri="file:C:/Projects/data-hub/data-hub-vehicle-service/resources/DataHubVehicleService-
> 1.0.0.wsdl"/>
> </proxy>
> </definitions>
Thanks,
Ruwan
Ruwan Linton wrote:
> > Hi Anthony,
> >
> > AFAIK, this is a limitation of synapse according to the current
> > architecture. We thought of re-architecture synapse to handle these
> cases
> > which ended up in introducing a new module called synapse-handler.marwhich
> > can handle these kind of situations. But we have not tested this
> (especially
> > with proxy services and security)??
> >
> > I have filed a JIRA [1] on this and we will look in to this ASAP
> > (1.1release time frame may not gonna scale for this and may not be
> > able to fix
> > this for 1.1)
> >
> > BTW: why do you need to proxy a service with security and just pass
> through
> > the message without doing any thing (no mediation)? I am trying to
> > understand your use case and why do you need synapse in there ...
> >
> > [1] - https://issues.apache.org/jira/browse/SYNAPSE-152
> >
> > Thanks,
> > Ruwan
> >
> > On 10/16/07, Anthony Bull <an...@bcsoft.co.nz> wrote:
> >
> >> Hi, I have been trying to set up a proxy for some axis2 web services,
> >> and have been having trouble with WS-Security.
> >>
> >> The entire message including the WS-Security headers are intended for
> my
> >> endpoint (axis2 service), however Synapse is trying to handle the
> >> WS-Security headers (see error message below). How can I get Synapse
> to
> >> ignore the security headers and simply send the message to the endpoint
> >> no matter what?
> >>
> >> The error message at Synapse is:
> >>
> >> org.apache.axis2.AxisFault: Must Understand check failed for header
> >>
> >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> >> : Security
> >>
> >> Here is the SOAP message that is being sent to Synapse:
> >>
> >> <?xml version='1.0' encoding='UTF-8'?>
> >> <soapenv:Envelope xmlns:soapenv="
> http://www.w3.org/2003/05/soap-envelope
> >> ">
> >> <soapenv:Header>
> >> <wsse:Security
> >> xmlns:wsse="
> >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> >> "
> >>
> >> soapenv:mustUnderstand="true">
> >> <wsu:Timestamp
> >> xmlns:wsu="
> >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> >> "
> >>
> >> wsu:Id="Timestamp-5311938">
> >> <wsu:Created>2007-10-15T21:36:59.163Z</wsu:Created>
> >> <wsu:Expires>2007-10-15T21:41:59.163Z</wsu:Expires>
> >> </wsu:Timestamp>
> >> <wsse:UsernameToken
> >> xmlns:wsu="
> >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> >> "
> >>
> >> wsu:Id="UsernameToken-30318493">
> >> <wsse:Username>bgilbert</wsse:Username>
> >> <wsse:Password
> >> Type="
> >>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> >> ">x</wsse:Password>
> >> </wsse:UsernameToken>
> >> </wsse:Security>
> >> </soapenv:Header>
> >> <soapenv:Body>
> >> <GetVehicleInformationRequest
> >> xmlns="urn:toyota-co-nz:vehicle:vehicle-info-request-1.0.0
> >> "><Registration>rav4</Registration></GetVehicleInformationRequest>
> >> </soapenv:Body>
> >> </soapenv:Envelope>
> >>
> >> thanks,
> >> Anthony.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
> >> For additional commands, e-mail: synapse-user-help@ws.apache.org
> >>
> >>
> >>
> >
> >
> >
>
>
> --
>
> Anthony
> -------------------------------------
> Anthony Bull
> Senior Developer
> Black Coffee Software Ltd
> PO Box 10-192 The Terrace
> Wellington, New Zealand
>
> anthony.bull@bcsoft.co.nz
> Ph +64 4 472 8818
> Fax +64 4 472 8811
> -------------------------------------
> www.bcsoft.co.nz
> ---------------------------------------------------------------
> This email may contain confidential or privileged information,
> and is intended for use only by the addressee, or addressees.
> If you are not the intended recipient please advise the sender
> immediately and do not copy, use or disclose the contents to
> any other person or organisation.
> Black Coffee Software Ltd accepts no responsibility for viruses
> received with this email, or to any changes made to the original
> content. Any views or opinions expressed in this email may be
> personal to the sender and are not necessarily those of Black
> Coffee Software Ltd.
> ---------------------------------------------------------------
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: synapse-user-help@ws.apache.org
>
>
--
Ruwan Linton
http://www.wso2.org - "Oxygenating the Web Services Platform"
Re: WS-Security and Synapse
Posted by Anthony Bull <an...@bcsoft.co.nz>.
Hi Ruwan,
thanks for the reply. The situation is we have a machine sitting
externally at a client site, and this has to proxy some web services on
internal machines at the client site. The client (a big client with
stringent security requirements) require that all web service requests
to go through a certain point (the Synapse setup) and that the web
services aren't on the external layer of their network. Also there are
other software vendors writing .NET web services that will be used
through Synapse in a similar way. The future plan is to do some
mediation, such as aggregation of web services.
Also, I'm not sure if anyone is aware but I managed to get the setup I
required working with the latest nightly snapshot build of Synapse. So
it looks like the architecture stuff has been done already? I then
managed to get it setup in an axis2 running inside Tomcat, which took a
bit of fiddling around to get everything working. The synapse.xml file
I used is:
<definitions xmlns="http://ws.apache.org/ns/synapse">
<proxy name="DataHubVehicleService-1.0.0">
<target>
<inSequence>
<send>
<endpoint>
<address
uri="http://tnz017:8080/tnz/services/DataHubVehicleService-1.0.0"
optimize="swa"/>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
</target>
<publishWSDL
uri="file:C:/Projects/data-hub/data-hub-vehicle-service/resources/DataHubVehicleService-1.0.0.wsdl"/>
</proxy>
</definitions>
Ruwan Linton wrote:
> Hi Anthony,
>
> AFAIK, this is a limitation of synapse according to the current
> architecture. We thought of re-architecture synapse to handle these cases
> which ended up in introducing a new module called synapse-handler.mar which
> can handle these kind of situations. But we have not tested this (especially
> with proxy services and security)??
>
> I have filed a JIRA [1] on this and we will look in to this ASAP
> (1.1release time frame may not gonna scale for this and may not be
> able to fix
> this for 1.1)
>
> BTW: why do you need to proxy a service with security and just pass through
> the message without doing any thing (no mediation)? I am trying to
> understand your use case and why do you need synapse in there ...
>
> [1] - https://issues.apache.org/jira/browse/SYNAPSE-152
>
> Thanks,
> Ruwan
>
> On 10/16/07, Anthony Bull <an...@bcsoft.co.nz> wrote:
>
>> Hi, I have been trying to set up a proxy for some axis2 web services,
>> and have been having trouble with WS-Security.
>>
>> The entire message including the WS-Security headers are intended for my
>> endpoint (axis2 service), however Synapse is trying to handle the
>> WS-Security headers (see error message below). How can I get Synapse to
>> ignore the security headers and simply send the message to the endpoint
>> no matter what?
>>
>> The error message at Synapse is:
>>
>> org.apache.axis2.AxisFault: Must Understand check failed for header
>>
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> : Security
>>
>> Here is the SOAP message that is being sent to Synapse:
>>
>> <?xml version='1.0' encoding='UTF-8'?>
>> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope
>> ">
>> <soapenv:Header>
>> <wsse:Security
>> xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> "
>>
>> soapenv:mustUnderstand="true">
>> <wsu:Timestamp
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>
>> wsu:Id="Timestamp-5311938">
>> <wsu:Created>2007-10-15T21:36:59.163Z</wsu:Created>
>> <wsu:Expires>2007-10-15T21:41:59.163Z</wsu:Expires>
>> </wsu:Timestamp>
>> <wsse:UsernameToken
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>
>> wsu:Id="UsernameToken-30318493">
>> <wsse:Username>bgilbert</wsse:Username>
>> <wsse:Password
>> Type="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
>> ">x</wsse:Password>
>> </wsse:UsernameToken>
>> </wsse:Security>
>> </soapenv:Header>
>> <soapenv:Body>
>> <GetVehicleInformationRequest
>> xmlns="urn:toyota-co-nz:vehicle:vehicle-info-request-1.0.0
>> "><Registration>rav4</Registration></GetVehicleInformationRequest>
>> </soapenv:Body>
>> </soapenv:Envelope>
>>
>> thanks,
>> Anthony.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: synapse-user-help@ws.apache.org
>>
>>
>>
>
>
>
--
Anthony
-------------------------------------
Anthony Bull
Senior Developer
Black Coffee Software Ltd
PO Box 10-192 The Terrace
Wellington, New Zealand
anthony.bull@bcsoft.co.nz
Ph +64 4 472 8818
Fax +64 4 472 8811
-------------------------------------
www.bcsoft.co.nz
---------------------------------------------------------------
This email may contain confidential or privileged information,
and is intended for use only by the addressee, or addressees.
If you are not the intended recipient please advise the sender
immediately and do not copy, use or disclose the contents to
any other person or organisation.
Black Coffee Software Ltd accepts no responsibility for viruses
received with this email, or to any changes made to the original
content. Any views or opinions expressed in this email may be
personal to the sender and are not necessarily those of Black
Coffee Software Ltd.
---------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
For additional commands, e-mail: synapse-user-help@ws.apache.org
Re: WS-Security and Synapse
Posted by Paul Fremantle <pz...@gmail.com>.
We definitely need to support this. A simple scenario is doing session-aware
load-balancing across two backends with secureconversation.
Paul
On 10/16/07, Ruwan Linton <ru...@gmail.com> wrote:
>
> Hi Anthony,
>
> AFAIK, this is a limitation of synapse according to the current
> architecture. We thought of re-architecture synapse to handle these cases
> which ended up in introducing a new module called synapse-handler.marwhich
> can handle these kind of situations. But we have not tested this
> (especially
> with proxy services and security)??
>
> I have filed a JIRA [1] on this and we will look in to this ASAP
> (1.1release time frame may not gonna scale for this and may not be
> able to fix
> this for 1.1)
>
> BTW: why do you need to proxy a service with security and just pass
> through
> the message without doing any thing (no mediation)? I am trying to
> understand your use case and why do you need synapse in there ...
>
> [1] - https://issues.apache.org/jira/browse/SYNAPSE-152
>
> Thanks,
> Ruwan
>
> On 10/16/07, Anthony Bull <an...@bcsoft.co.nz> wrote:
> >
> > Hi, I have been trying to set up a proxy for some axis2 web services,
> > and have been having trouble with WS-Security.
> >
> > The entire message including the WS-Security headers are intended for my
> > endpoint (axis2 service), however Synapse is trying to handle the
> > WS-Security headers (see error message below). How can I get Synapse to
> > ignore the security headers and simply send the message to the endpoint
> > no matter what?
> >
> > The error message at Synapse is:
> >
> > org.apache.axis2.AxisFault: Must Understand check failed for header
> >
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > : Security
> >
> > Here is the SOAP message that is being sent to Synapse:
> >
> > <?xml version='1.0' encoding='UTF-8'?>
> > <soapenv:Envelope xmlns:soapenv="
> http://www.w3.org/2003/05/soap-envelope
> > ">
> > <soapenv:Header>
> > <wsse:Security
> > xmlns:wsse="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> > "
> >
> > soapenv:mustUnderstand="true">
> > <wsu:Timestamp
> > xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> >
> > wsu:Id="Timestamp-5311938">
> > <wsu:Created>2007-10-15T21:36:59.163Z</wsu:Created>
> > <wsu:Expires>2007-10-15T21:41:59.163Z</wsu:Expires>
> > </wsu:Timestamp>
> > <wsse:UsernameToken
> > xmlns:wsu="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > "
> >
> > wsu:Id="UsernameToken-30318493">
> > <wsse:Username>bgilbert</wsse:Username>
> > <wsse:Password
> > Type="
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> > ">x</wsse:Password>
> > </wsse:UsernameToken>
> > </wsse:Security>
> > </soapenv:Header>
> > <soapenv:Body>
> > <GetVehicleInformationRequest
> > xmlns="urn:toyota-co-nz:vehicle:vehicle-info-request-1.0.0
> > "><Registration>rav4</Registration></GetVehicleInformationRequest>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
> > thanks,
> > Anthony.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: synapse-user-help@ws.apache.org
> >
> >
>
>
> --
> Ruwan Linton
> http://www.wso2.org - "Oxygenating the Web Services Platform"
>
--
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair
blog: http://pzf.fremantle.org
paul@wso2.com
"Oxygenating the Web Service Platform", www.wso2.com
Re: WS-Security and Synapse
Posted by Ruwan Linton <ru...@gmail.com>.
Hi Anthony,
AFAIK, this is a limitation of synapse according to the current
architecture. We thought of re-architecture synapse to handle these cases
which ended up in introducing a new module called synapse-handler.mar which
can handle these kind of situations. But we have not tested this (especially
with proxy services and security)??
I have filed a JIRA [1] on this and we will look in to this ASAP
(1.1release time frame may not gonna scale for this and may not be
able to fix
this for 1.1)
BTW: why do you need to proxy a service with security and just pass through
the message without doing any thing (no mediation)? I am trying to
understand your use case and why do you need synapse in there ...
[1] - https://issues.apache.org/jira/browse/SYNAPSE-152
Thanks,
Ruwan
On 10/16/07, Anthony Bull <an...@bcsoft.co.nz> wrote:
>
> Hi, I have been trying to set up a proxy for some axis2 web services,
> and have been having trouble with WS-Security.
>
> The entire message including the WS-Security headers are intended for my
> endpoint (axis2 service), however Synapse is trying to handle the
> WS-Security headers (see error message below). How can I get Synapse to
> ignore the security headers and simply send the message to the endpoint
> no matter what?
>
> The error message at Synapse is:
>
> org.apache.axis2.AxisFault: Must Understand check failed for header
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> : Security
>
> Here is the SOAP message that is being sent to Synapse:
>
> <?xml version='1.0' encoding='UTF-8'?>
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope
> ">
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
>
> soapenv:mustUnderstand="true">
> <wsu:Timestamp
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>
> wsu:Id="Timestamp-5311938">
> <wsu:Created>2007-10-15T21:36:59.163Z</wsu:Created>
> <wsu:Expires>2007-10-15T21:41:59.163Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:UsernameToken
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>
> wsu:Id="UsernameToken-30318493">
> <wsse:Username>bgilbert</wsse:Username>
> <wsse:Password
> Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> ">x</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <GetVehicleInformationRequest
> xmlns="urn:toyota-co-nz:vehicle:vehicle-info-request-1.0.0
> "><Registration>rav4</Registration></GetVehicleInformationRequest>
> </soapenv:Body>
> </soapenv:Envelope>
>
> thanks,
> Anthony.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: synapse-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: synapse-user-help@ws.apache.org
>
>
--
Ruwan Linton
http://www.wso2.org - "Oxygenating the Web Services Platform"