Message encryption works but fault messages are send in plain text

Mon, 01 Dec 2008 16:54:02 -0800 

Hello everyone,
I have a web service using the security policy below (signed and encrypted message body), which works fine, except that my fault messages do not get encrypted. I get the "missing security header" exception at the client - using TCPMon I can see that indeed the fault message is send without any security related info and in plain text. 


Am I missing something? Do I have to add additional configuration  
parameters for the signing and encryption of fault messages?



Thanks for any hints,
Maik

---- snip ---

<serviceGroup>
    <service name="SearchServices">
        <messageReceivers>

            <messageReceiver mep="http://www.w3.org/ns/wsdl/in-out";  
class="ca.bc.xyz.SearchServicesMessageReceiverInOut"/>

        </messageReceivers>

        <parameter name="ServiceClass"  
locked="false">ca.bc.xyz.SearchServiceImplementation</parameter>

       <!--
        <parameter name="useOriginalwsdl">true</parameter>
        <parameter name="modifyUserWSDLPortAddress">true</parameter>
        -->

        <operation name="SSearch"  
mep="http://www.w3.org/ns/wsdl/in-out"; namespace="....">

            <actionMapping>SyncSearch</actionMapping>
            <outputActionMapping>....</outputActionMapping>

            <faultActionMapping  
faultName="DPSearchFault">...</faultActionMapping>
            <faultActionMapping  
faultName="XYZFault">urn:....</faultActionMapping>

        </operation>


        <module ref="rampart" />


                <wsp:Policy 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
                                        
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
                                        
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
                                        wsu:Id="mypolicy">
                        <sp:AsymmetricBinding>
                                <wsp:Policy>
                                        <sp:InitiatorToken>
                                                <wsp:Policy>

							<sp:X509Token  
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>

                                                                <wsp:Policy>
                                                                        
<sp:WssX509V3Token10 />
                                                                </wsp:Policy>
                                                        </sp:X509Token>
                                                </wsp:Policy>
                                        </sp:InitiatorToken>
                                        <sp:RecipientToken>
                                                <wsp:Policy>

							<sp:X509Token  
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>

                                                                <wsp:Policy>
                                                                        
<sp:WssX509V3Token10 />
                                                                </wsp:Policy>
                                                        </sp:X509Token>
                                                </wsp:Policy>
                                        </sp:RecipientToken>
                                        <sp:AlgorithmSuite>
                                                <wsp:Policy>
                                                        <sp:TripleDesRsa15 />
                                                </wsp:Policy>
                                        </sp:AlgorithmSuite>
                                </wsp:Policy>
                        </sp:AsymmetricBinding>

                        <sp:Wss10>
                                <wsp:Policy>
                                        <sp:MustSupportRefEmbeddedToken />
                                        <sp:MustSupportRefIssuerSerial />
                                </wsp:Policy>
                        </sp:Wss10>

                        <sp:SignedParts>
                                <sp:Body />
                        </sp:SignedParts>

                        <sp:EncryptedParts>
                                <sp:Body />
                        </sp:EncryptedParts>

                        <RampartConfig 
xmlns="http://ws.apache.org/rampart/policy";>
                                <user>s1</user>
                                <encryptionUser>useReqSigCert</encryptionUser>

				<passwordCallbackClass>	ca.....webservice.server.search.PasswordCallbackHandler  
</passwordCallbackClass>


                                <signatureCrypto>
                                        <crypto 
provider="org.apache.ws.security.components.crypto.Merlin">

						<property  
name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS  
</property>
						<property  
name="org.apache.ws.security.crypto.merlin.file">	keystore.ks  
</property>
						<property  
name="org.apache.ws.security.crypto.merlin.keystore.password"> ....  
</property>

                                        </crypto>
                                </signatureCrypto>

                                <encryptionCrypto>
                                        <crypto 
provider="org.apache.ws.security.components.crypto.Merlin">

						<property  
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS	</property>
						<property name="org.apache.ws.security.crypto.merlin.file">  
keystore.ks </property>
						<property  
name="org.apache.ws.security.crypto.merlin.keystore.password">....</property>

                                        </crypto>
                                </encryptionCrypto>
                        </RampartConfig>

                </wsp:Policy>

    </service>
</serviceGroup>






--
Simply Efficient - IT Services, Consulting, Training Inc.
"We Keep Our Promises"
Vancouver, BC
Phone: +1 604.315.8446
Fax  : +1 604.731.1147
http://www.simplyefficient.ca


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to