You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "Dinesh Premalal (JIRA)" <ji...@apache.org> on 2006/11/17 06:51:40 UTC

[jira] Resolved: (AXIS2C-406) Security Enabled server unable to handle requests, without security headers

     [ http://issues.apache.org/jira/browse/AXIS2C-406?page=all ]

Dinesh Premalal resolved AXIS2C-406.
------------------------------------

    Resolution: Invalid

I think , it is correct behaviour. Because security enable server (User name token) should able to handle only requests with valid user names and passwords.

> Security Enabled server unable to handle requests, without security headers
> ---------------------------------------------------------------------------
>
>                 Key: AXIS2C-406
>                 URL: http://issues.apache.org/jira/browse/AXIS2C-406
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: rampart
>    Affects Versions: Current (Nightly)
>            Reporter: Dinesh Premalal
>             Fix For: 0.96
>
>
> I sent a  normal request (without security headers) to security enabled simple axis server. Then server gave me a soap fault saying security headers not available. 
> request
> ------------
> OST /axis2/services/echo HTTP/1.1
> User-Agent: Axis2/C
> Content-Length: 302
> Content-Type: application/soap+xml;charset=UTF-8;
> Host: 127.0.0.1
> <?xml version="1.0" encoding="UTF-8"?>
>    <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
>       <soapenv:Header></soapenv:Header>
>       <soapenv:Body>
>          <ns1:echoString xmlns:ns1="http://ws.apache.org/axis2/c/samples">
>             <text>Hello World !</text>
>          </ns1:echoString>
>       </soapenv:Body>
>    </soapenv:Envelope>
> Response
> ----------------
> HTTP/1.1 500 Internal Server Error
> Content-Type: application/soap+xml;charset=UTF-8
> Content-Length: 706
> <?xml version="1.0" encoding="UTF-8"?>
>    <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
>       <soapenv:Header></soapenv:Header>
>       <soapenv:Body>
>          <soapenv:Fault>
>             <soapenv:Code>
>                <soapenv:Value>soapenv:Sender</soapenv:Value>
>                <soapenv:Subcode>
>                   <soapenv:Value>wsse:SecurityTokenUnavailable</soapenv:Value>
>                </soapenv:Subcode>
>             </soapenv:Code>
>             <soapenv:Reason>
>                <soapenv:Text xml:lang="en">Security header element is unavailable</soapenv:Text>
>             </soapenv:Reason>
>             <soapenv:Detail>
>                <wsse:ProblemSecurityHeader xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:Security</wsse:ProblemSecurityHeader>
>             </soapenv:Detail>
>          </soapenv:Fault>
>       </soapenv:Body>
>    </soapenv:Envelope>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org