You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by lyall <Ly...@The-Pearces.com> on 2009/09/17 07:48:05 UTC
Axis2 1.5/Rampart 1.4 - XML Signatures - forwarding but not
checking
Hi.
I have a request which has been signed by Oracle Web Services Manager (OWSM
10g) and forwarded to my Axis2 service (Java).
I don't want Axis to verify the signatures, I simply want to forward the
message on, in this case, by placing the message on a JMS queue. The
signatures will be validated by OWSM, elsewhere.
I am having problems getting Axis to simply accept the requests so I can
write them to a JMS Queue (ActiveMQ in this case), xml signatures and all.
At the moment, Axis is failing to understand the headers that are being
supplied by OWSM.
See further down for sample input/output
I have installed rampart 1.4 in Axis2-1.5 but done no further configuration.
Can anyone point me in the right direction to be able to configure/setup
such a service?
I already have a service which receives the envelope body and writes the
body contents to JMS.
ie.
1. Receive request which is signed
2. forward the request, signature headers and all, to JMS
What I have at the other end is a java program to read the JMS message and
then invoke the OWSM end point, which validates the signature and forwards
it on. I need to figure out how to build the new request from the JMS
message and forward it on. I already have a program which reads the body and
simply forwards the body - the header stuff is new.
I would not normally write the web service and program but OWSM does not
support any JMS but Tibco and we are not using Tibco. Of course, if there
are any better suggestions, I am all ears.
Any assistance would be greatly appreciated.
...Lyall
Sample input/output follows ....
Supplied with (sorry about the length)
<?xml version = '1.0' encoding = 'UTF-8'?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
env:mustUnderstand="1">
<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference URI="#_hbOI5Tpv7eWB2c4DylGr0g22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>Qe4IMCi2M9PFRCVKai0H+kXdRYU=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference URI="#_JjRa246UcxFHtYJLGoYG5g22">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>pG8ORuahQNUiqFU4IIJ+9Azap1E=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>...deleted...</dsig:SignatureValue>
<dsig:KeyInfo>
<wsse:SecurityTokenReference
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#BST-g06EW1tza1vgdPbWqj7b7g22"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
</dsig:Signature>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
wsu:Id="BST-g06EW1tza1vgdPbWqj7b7g22"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">...deleted...</wsse:BinarySecurityToken>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="_JjRa246UcxFHtYJLGoYG5g22">
<wsu:Created>2009-09-17T06:54:48Z</wsu:Created>
</wsu:Timestamp>
</wsse:Security>
</env:Header>
<env:Body>
<jmsMessageElement xmlns="http://namespace/jmsmessage">
<msgid>42f74ff13911efbd:-c9d11:123c5b13aca:-7121</msgid>
<content wsu:Id="_hbOI5Tpv7eWB2c4DylGr0g22"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<addRequest targetID="OIMProvisioning" returnData="identifier"
xmlns="urn:oasis:names:tc:SPML:2:0"
xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core">
<psoID targetID="TheTarget" ID="TheId"/>
<containerID ID="TheContainer" targetID="theTarget"/>
<data>
<dsml:attr name="objectclass">
<dsml:value>Users</dsml:value>
</dsml:attr>
....deleted....
<dsml:attr name="USR_UDF_DEPARTMENT">
<dsml:value>SOMEWHERE</dsml:value>
</dsml:attr>
</data>
</addRequest>
</content>
</jmsMessageElement>
</env:Body>
</env:Envelope>
Axis responds with
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault
xmlns:axis2ns4="http://schemas.xmlsoap.org/soap/envelope/">
<faultcode>axis2ns4:MustUnderstand</faultcode>
<faultstring>Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security</faultstring>
null</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
Stack trace of the Axis2 server is
[INFO] Listening on port 8080
[ERROR] Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
at
org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
at
org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:267)
at
org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281)
at
org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187)
at
org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
[ERROR] Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
at
org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
at
org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:267)
at
org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281)
at
org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187)
at
org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
--
View this message in context: http://www.nabble.com/Axis2-1.5-Rampart-1.4---XML-Signatures---forwarding-but-not-checking-tp25485520p25485520.html
Sent from the Axis - User mailing list archive at Nabble.com.
Re: Axis2 1.5/Rampart 1.4 - XML Signatures - forwarding but not
checking
Posted by lyall <Ly...@The-Pearces.com>.
I forgot to mention, Axis2 1.5, I am using the stand alone server under
Windows 2003 server.
I am not using Tomcat or some other container.
...Lyall
--
View this message in context: http://www.nabble.com/Axis2-1.5-Rampart-1.4---XML-Signatures---forwarding-but-not-checking-tp25485520p25485544.html
Sent from the Axis - User mailing list archive at Nabble.com.