You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Dalys Sebastian <se...@yahoo.com> on 2006/03/31 19:02:59 UTC
server not recognizing ws-security information
I had been trying to make wss4j work with Axis-0.95 for a week, but with no success. I
have been successfully running version of wss4j with Axis-0.93 though.
My server runs on Tomcat and has a secure service running. I have axis2.xml under
WEB-INF/conf and my services.xml of the secure service has been configured with the
InflowSecurity and OutflowSecurity parameters. (I had to specify actionMapping element as
well for every operation in my secureservice although this was not mentioned in security
sample that was provided with Axis-0.95, wonder why? I was getting 'operation not found'
without adding this element.)
My problem is, When I send a message from the client to the server, my server considers
it as a normal web service message and is not recognizing any of the security headers.
Nor is it getting the data enclosed in the client's message body. And it returns with a
normal web service response with no security headers.
At the client, I get the following exception:
WSDoAllReceiver: Request do not contain security header
I thought it could be a certificate verification error by the server, but what confuses
me is that these certificates are all valid and successfully working with
Axis-0.93+wss4j.
I am attaching a copy of the request-response interaction which I obtained from tcpmon.
I appreciate any help on this.
Thanks,
Dalys
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
[Axis2] Re: server not recognizing ws-security information
Posted by Ruchith Fernando <ru...@gmail.com>.
resend with the correct prefix
On 4/1/06, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi Dalys,
>
> Please see my inline comments:
>
> On 3/31/06, Dalys Sebastian <se...@yahoo.com> wrote:
> > I had been trying to make wss4j work with Axis-0.95 for a week, but with no success. I
> > have been successfully running version of wss4j with Axis-0.93 though.
> >
> > My server runs on Tomcat and has a secure service running. I have axis2.xml under
> > WEB-INF/conf and my services.xml of the secure service has been configured with the
> > InflowSecurity and OutflowSecurity parameters. (I had to specify actionMapping element as
> > well for every operation in my secureservice although this was not mentioned in security
> > sample that was provided with Axis-0.95, wonder why? I was getting 'operation not found'
> > without adding this element.)
>
> The security sample relies on SOAPBodyBasedDispatcher since the
> operation name is exactly the same as the name of the method in the
> Service class that is being invoked.
>
> >
> > My problem is, When I send a message from the client to the server, my server considers
> > it as a normal web service message and is not recognizing any of the security headers.
> > Nor is it getting the data enclosed in the client's message body. And it returns with a
> > normal web service response with no security headers.
> >
> > At the client, I get the following exception:
> > WSDoAllReceiver: Request do not contain security header
> >
> > I thought it could be a certificate verification error by the server, but what confuses
> > me is that these certificates are all valid and successfully working with
> > Axis-0.93+wss4j.
> >
> > I am attaching a copy of the request-response interaction which I obtained from tcpmon.
>
> Since your service responded with a valid response for a message which
> originally had an encrypted soap:Body I'm sure the inflow security
> processing worked !!!. The problem seems to be with your
> "OutflowSecurity" parameter in the services.xml file. Maybe its
> missing or there's typo in the parameter name. Therefore there's no
> security applied to the response message from the service to the
> client and the client rejects the message since its missing the
> security header.
>
> Can you please check whether you have the :
>
> <parameter name="OutflowSecurity">
> ....
> </parameter>
>
> configured properly in your services.xml
>
> Please refer [1] for information on configurations.
>
> Thanks,
> Ruchith
>
> [1] http://ws.apache.org/axis2/0_95/security-module.html
>
Re: server not recognizing ws-security information
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Dalys,
Please see my inline comments:
On 3/31/06, Dalys Sebastian <se...@yahoo.com> wrote:
> I had been trying to make wss4j work with Axis-0.95 for a week, but with no success. I
> have been successfully running version of wss4j with Axis-0.93 though.
>
> My server runs on Tomcat and has a secure service running. I have axis2.xml under
> WEB-INF/conf and my services.xml of the secure service has been configured with the
> InflowSecurity and OutflowSecurity parameters. (I had to specify actionMapping element as
> well for every operation in my secureservice although this was not mentioned in security
> sample that was provided with Axis-0.95, wonder why? I was getting 'operation not found'
> without adding this element.)
The security sample relies on SOAPBodyBasedDispatcher since the
operation name is exactly the same as the name of the method in the
Service class that is being invoked.
>
> My problem is, When I send a message from the client to the server, my server considers
> it as a normal web service message and is not recognizing any of the security headers.
> Nor is it getting the data enclosed in the client's message body. And it returns with a
> normal web service response with no security headers.
>
> At the client, I get the following exception:
> WSDoAllReceiver: Request do not contain security header
>
> I thought it could be a certificate verification error by the server, but what confuses
> me is that these certificates are all valid and successfully working with
> Axis-0.93+wss4j.
>
> I am attaching a copy of the request-response interaction which I obtained from tcpmon.
Since your service responded with a valid response for a message which
originally had an encrypted soap:Body I'm sure the inflow security
processing worked !!!. The problem seems to be with your
"OutflowSecurity" parameter in the services.xml file. Maybe its
missing or there's typo in the parameter name. Therefore there's no
security applied to the response message from the service to the
client and the client rejects the message since its missing the
security header.
Can you please check whether you have the :
<parameter name="OutflowSecurity">
....
</parameter>
configured properly in your services.xml
Please refer [1] for information on configurations.
Thanks,
Ruchith
[1] http://ws.apache.org/axis2/0_95/security-module.html