To determine what is SOAP Monitor behavior vs Axis behavior download TCPMon. It is a WYSIWUG tool.
For example, SOAP Monitor gives displays unencrypted transactions for SSL connections because it hooks into the process above the SSL level. For the situation you describe, I would suspect an incorrect implementation of the policy, but TCPMon will tell the true story. A Sunley wrote: > > Hi folks, > > I'm something of a rookie when it comes to implementing security in web > services. I'm working with policy example #3 to try and get an idea for > how security policy works. Direct link here: > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample03/ > > I've changed the invoked web service method but the policy is the same, > but I'm a bit confused by something. As I understand it the soap message > body in this example should be encrypted, correct? But looking at the > messages in SOAPMonitor, I am seeing the security header but the body in > plain text. Is the policy not being applied properly? > > I'm also seeing differences in the response shown in SOAPMonitor and a > printout of the OMElement response in the client (messages displayed > below). The OMElement shows the wsa, xenc and wsu namespaces while > SOAPMonitor does not. > > Basically I'm a bit confused by what I am seeing in SOAPMonitor and I’m > not sure whether this is indicating that the policy is not being applied > properly or whether this is typical behaviour of SOAPMonitor itself? > > Also, despite reading into WS-Policy I'm still rather unsure of it, > generally. Are there any guides to creating policy documents? Ultimately > my aim is for the requests to the service to have a UsernameToken and the > SOAP body encrypted. And the response message body to be encrypted. > > > > SOAPMonitor Request Body: > > <! -- Header omitted -- > > <soapenv:Body > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="Id-21192393"> > <ns2:testFunction xmlns:ns2="http://webservice.example.com/xsd";> > <arg0 >username</arg0> > <arg1>pas</arg1> > </ns2:testFunction> > </soapenv:Body> > </soapenv:Envelope> > > > SOAPMonitor Response Message: > > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> > <soapenv:Body> > <ns:testFunctionResponse xmlns:ns="http://webservice.example.com/xsd";> > <ns:return> > <responseCode > xmlns="http://schema.example.com/xsd";>0</responseCode> > <responseMessage xmlns="http://schema.example.com/xsd";>Request > Fulfilled</responseMessage> > </ns:return> > </ns:testFunctionResponse> > </soapenv:Body> > </soapenv:Envelope> > > > Printout of response message at client: > > <ns:testFunctionResponse xmlns:ns="http://webservice.example.com/xsd"; > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:wsa="http://www.w3.org/2005/08/addressing"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > <ns:return> > <responseCode xmlns:axis2ns7="http://schema.example.com/xsd"; > mlns="http://schema.example.com/xsd";>0</responseCode> > <responseMessage xmlns="http://schema.example.com/xsd"; > xmlns:axis2ns8="http://schema.example.com/xsd";>Request > Fulfilled</responseMessage> > </ns:return> > </ns:exampleFunctionResponse> > > > Regards, > Alan. > > -- View this message in context: http://www.nabble.com/%28Rampart%29-Not-seeing-encrypted-message-in-SOAPMonitor-tf4368000.html#a13297248 Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
