Hi. I have a request which has been signed by Oracle Web Services Manager (OWSM 10g) and forwarded to my Axis2 service (Java).
I don't want Axis to verify the signatures, I simply want to forward the message on, in this case, by placing the message on a JMS queue. The signatures will be validated by OWSM, elsewhere. I am having problems getting Axis to simply accept the requests so I can write them to a JMS Queue (ActiveMQ in this case), xml signatures and all. At the moment, Axis is failing to understand the headers that are being supplied by OWSM. See further down for sample input/output I have installed rampart 1.4 in Axis2-1.5 but done no further configuration. Can anyone point me in the right direction to be able to configure/setup such a service? I already have a service which receives the envelope body and writes the body contents to JMS. ie. 1. Receive request which is signed 2. forward the request, signature headers and all, to JMS What I have at the other end is a java program to read the JMS message and then invoke the OWSM end point, which validates the signature and forwards it on. I need to figure out how to build the new request from the JMS message and forward it on. I already have a program which reads the body and simply forwards the body - the header stuff is new. I would not normally write the web service and program but OWSM does not support any JMS but Tibco and we are not using Tibco. Of course, if there are any better suggestions, I am all ears. Any assistance would be greatly appreciated. ...Lyall Sample input/output follows .... Supplied with (sorry about the length) <?xml version = '1.0' encoding = 'UTF-8'?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; env:mustUnderstand="1"> <dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <dsig:Reference URI="#_hbOI5Tpv7eWB2c4DylGr0g22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>Qe4IMCi2M9PFRCVKai0H+kXdRYU=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#_JjRa246UcxFHtYJLGoYG5g22"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <dsig:DigestValue>pG8ORuahQNUiqFU4IIJ+9Azap1E=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>...deleted...</dsig:SignatureValue> <dsig:KeyInfo> <wsse:SecurityTokenReference xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> <wsse:Reference URI="#BST-g06EW1tza1vgdPbWqj7b7g22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </dsig:KeyInfo> </dsig:Signature> <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; wsu:Id="BST-g06EW1tza1vgdPbWqj7b7g22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>...deleted...</wsse:BinarySecurityToken> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="_JjRa246UcxFHtYJLGoYG5g22"> <wsu:Created>2009-09-17T06:54:48Z</wsu:Created> </wsu:Timestamp> </wsse:Security> </env:Header> <env:Body> <jmsMessageElement xmlns="http://namespace/jmsmessage";> <msgid>42f74ff13911efbd:-c9d11:123c5b13aca:-7121</msgid> <content wsu:Id="_hbOI5Tpv7eWB2c4DylGr0g22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <addRequest targetID="OIMProvisioning" returnData="identifier" xmlns="urn:oasis:names:tc:SPML:2:0" xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core"> <psoID targetID="TheTarget" ID="TheId"/> <containerID ID="TheContainer" targetID="theTarget"/> <data> <dsml:attr name="objectclass"> <dsml:value>Users</dsml:value> </dsml:attr> ....deleted.... <dsml:attr name="USR_UDF_DEPARTMENT"> <dsml:value>SOMEWHERE</dsml:value> </dsml:attr> </data> </addRequest> </content> </jmsMessageElement> </env:Body> </env:Envelope> Axis responds with <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Body> <soapenv:Fault xmlns:axis2ns4="http://schemas.xmlsoap.org/soap/envelope/";> <faultcode>axis2ns4:MustUnderstand</faultcode> <faultstring>Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security</faultstring> null</soapenv:Fault> </soapenv:Body> </soapenv:Envelope> Stack trace of the Axis2 server is [INFO] Listening on port 8080 [ERROR] Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167) at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:267) at org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) at org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) [ERROR] Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167) at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:267) at org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) at org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) -- View this message in context: http://www.nabble.com/Axis2-1.5-Rampart-1.4---XML-Signatures---forwarding-but-not-checking-tp25485520p25485520.html Sent from the Axis - User mailing list archive at Nabble.com.
