So I tested an existing client written using Axis2 1.4.1 and Rampart 1.4
against the Web service today written using Axis2 1.5.1 and Rampart 1.5. With
encryption and signature turned off things went fine, but when encryption and
signature were turned on, the client sent a proper request that was understood
by the server, but the response sent by the server caused the client to error
out with "Expecting one of {classList}".
This is almost certainly due to the fact that "classList" is supposed to have
the empty default Namespace, but Axis2 1.5.1 and Rampart 1.5 are changing that
namespace to the parent namespace of
"http://atrium.bmc.com/2009/01/classes/types"; on encrypting and signing the
body.
I am relatively sure this isn't correct behavior, but I am unable to get the
Axis2 1.5.1/Rampart 1.5 combo to work differently. Is this a known issue with
Rampart? Has anyone run into this before? Is there any way to work around the
issue and make the responses preserve the proper default namespaces?
From: Doughty, Michael [mailto:[email protected]]
Sent: Sunday, February 14, 2010 12:57 AM
To: [email protected]
Subject: Strange issue with Axis2 setting improper default namespaces in
responses
We've been porting our Web services from another provider to Axis2. Both
support XML bean bindings, and we used them in our original implementation, so
that has made the porting easier than it would have been otherwise.
However, I've run into an odd issue that I haven't caught up to now using the
testing tool we use during dev. The old tool is properly setting the default
namespace to child elements to empty, which allows the responses to be properly
handled by the clients. However, the Axis2 services seem to be setting the
default namespace in each case to the parent namespace. This causes validation
of the responses against the WSDL and the schemas to be incorrect.
So then I decided to see what happens in the Axis2-based responses when I turn
security off and just accept a UsernameToken without encryption or signature.
Turns out the response is just fine when I do that, as this snippet shows:
<ListClassesOutput
xmlns="http://atrium.bmc.com/2009/01/classes/types";>
<classList
xmlns="">
<list>
<namespaceName>BMC.CORE</namespaceName>
<className>BMC_Mainframe</className>
</list>
<list>
<namespaceName>BMC.CORE</namespaceName>
<className>BMC_Printer</className>
</list>
</classList>
<status
xmlns=""/>
<extensions xmlns=""
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:nil="true"/>
</ListClassesOutput>
However, the minute I turn the Signature and Encryption components on in the
Rampart configuration, I get the bad behavior again, as shown here:
<ListClassesOutput xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<classList xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<list xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<namespaceName xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>BMC.CORE</namespaceName>'
<className xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>BMC_Mainframe</className>
</list>
<list xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<namespaceName xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>BMC.CORE</namespaceName>
<className xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>BMC_Printer</className>
</list>
</classList>
<status xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<extensions xmlns="http://atrium.bmc.com/2009/01/classes/types";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:nil="true"/>
</ListClassesOutput>
So it seems to be not so much a problem with Axis2 as it is with Rampart. In
every case, the xmlns default namespace of child elements are listed as the
full namespace of the parent when Rampart Signature/Encryption are turned on,
but are set properly when it is not. As a result, our stricter clients are
failing right away because they see the message as incomplete.
Am I missing something here? Is there an option in Rampart to rectify this? I
am using Axis2 1.5.1 with Rampart 1.5.
