I use rampart 1.4 sample policy/sample02 and deployed in Tomcat and run client.
Stack: 2009-02-14 11:02:24,819 [http-8080-1] INFO org.apache.xml.security.signature.Reference - Verification successful for URI "#Id-33320514" 2009-02-14 11:02:24,819 [http-8080-1] INFO org.apache.xml.security.signature.Reference - Verification successful for URI "#Timestamp-9838079" 2009-02-14 11:02:24,866 [http-8080-1] ERROR org.apache.axis2.engine.AxisEngine - The certificate used for the signature is not trusted org.apache.axis2.AxisFault: The certificate used for the signature is not trusted at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99) at org.apache.axis2.engine.Phase.invoke(Phase.java:317) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275) at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) Caused by: org.apache.rampart.RampartException: The certificate used for the signature is not trusted at org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:174) at org.apache.rampart.RampartEngine.process(RampartEngine.java:204) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) ... 19 more 2009-02-14 11:02:24,897 [http-8080-1] INFO org.apache.axis2.transport.http.AxisServlet - org.apache.axis2.AxisFault: Error in extracting message properties 2009-02-14 11:06:47,945 [http-8080-1] INFO org.apache.xml.security.signature.Reference - Verification successful for URI "#Id-33320514" 2009-02-14 11:06:47,945 [http-8080-1] INFO org.apache.xml.security.signature.Reference - Verification successful for URI "#Timestamp-9838079" service.xml <service name="SignedHeaderBody"> <description> Podpisemo header in body, ni pa kriptiran </description> <operation name="echo"> <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> </operation> <operation name="sestej"> <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> </operation> <parameter name="ServiceClass" locked="false">rampart1_4.sample02.service.PojoService</parameter> <module ref="rampart" /> <module ref="addressing" /> policy ... </service> policy config: <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>client</ramp:user> <ramp:encryptionUser>service</ramp:encryptionUser> <ramp:passwordCallbackClass>rampart1_4.sample02.client.SecurityHandler</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">E:/IDE/eclipse-BIRT/eclipse/workspace/Axis2/client_conf_02/client.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> <!-- pass=apache --> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Is there any additional configuration in axis2 for rampart, I only include module <module ref="rampart"/> Regards, Tomaz Nandana Mihindukulasooriya wrote: > Can you post the full tomcat stack trace ? Expected behavior is to send > a SOAP Fault in this scenario. Seems something goes wrong in the fault flow. > > thanks, > nandana > > 2009/2/14 TomazM <tomaz.majerh...@arnes.si > <mailto:tomaz.majerh...@arnes.si>> > > I want it to return an XML that shows the SOAP Fault returned, so > the client understand, how can I achieve this? > > I have situation: > java 1.6_10 > Tomcat 6.0.18 > axis2_1_4 > rampart 1.4 > > Client send soap message with wrong signed key and rampart return > the response is html, more precisely I get Tomcat response: > > HTTP Status 500 > The server encountered an internal error () that prevented it from > fulfilling this request. > > > In axis2 log: > > ERROR org.apache.axis2.engine.AxisEngine - The certificate used for > the signature is not trusted > > > Is there any configuration of service or rampart to return SOAP xml > message with fault response:'The certificate used for the signature > is not > trusted' or fault_code so the client could read this message? > > > Regards, Tomaz > > > > > > > -- > Nandana Mihindukulasooriya > WSO2 inc. > > http://nandana83.blogspot.com/ > http://www.wso2.org
begin:vcard fn:Tomaz Majerhold n:Majerhold;Tomaz org:ARNES, Slovenian NREN;Development team adr:;;Jamova 39;Ljubljana;Ljubljana;1000;Slovenia email;internet:tomaz.majerh...@arnes.si title:Developer tel;work:+386 14798930 tel;fax:+386 1 479 88 99 tel;home:+386 1425 38 01 tel;cell:+386 40757229 url:http://www.arnes.si/ version:2.1 end:vcard