Some message exchange, taken from ESB SOAP Tracer that illustrate the issue:
Request Message incoming to ESB: <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd" soapenv:mustUnderstand="true"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" wsu:Id="Timestamp-4"> <wsu:Created>2011-04-02T18:12:24.126Z</wsu:Created> <wsu:Expires>2011-04-02T18:17:24.126Z</wsu:Expires> </wsu:Timestamp> <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" wsu:Id="sctId-2603866793493F621F13017679469542"> <wsc:Identifier>2603866793493F621F13017679469541</wsc:Identifier> </wsc:SecurityContextToken> <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";> <xenc:DataReference URI="#EncDataId-12" /> <xenc:DataReference URI="#EncDataId-13" /> </xenc:ReferenceList> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" wsu:Id="UsernameToken-10"> <wsse:Username>admin</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token -profile-1.0#PasswordText">admin</wsse:Password> </wsse:UsernameToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-11"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <ds:Reference URI="#Id-21217085"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>SMa8NscaG+H+nN/AiQUOo/Ih6Jo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>3A+y+d/My6xPQBdV0JOUuCInzRo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#UsernameToken-10"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>qHUs3dAICYRXZEoMAxFDdrrr2Eg=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>cz6ZGLQHWCNVuaRH9vMW+Qu+1ZU=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-7E6DBDB786DDBB6532130176794722010"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" wsu:Id="STRId-7E6DBDB786DDBB6532130176794722011"> <wsse:Reference URI="#sctId-2603866793493F621F13017679469542" ValueType="" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To>http://127.0.0.1:8280/services/Secureproxy3/</wsa:To> <wsa:MessageID>urn:uuid:204097F3E1BF139DE51301767944180</wsa:MessageID> <wsa:Action>urn:greet</wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" wsu:Id="Id-21217085"> <ns1:greet xmlns:ns1="http://www.wso2.org/types";> <name>jorge 3</name> </ns1:greet> </soapenv:Body> </soapenv:Envelope> Response message out ESB, the right response: <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsa:MessageID>urn:uuid:261CB49FB219848CBC77484907087391452893583</wsa:Messa geID> <wsa:Action>urn:greetResponse</wsa:Action> <wsa:RelatesTo>urn:uuid:204097F3E1BF139DE51301767944180</wsa:RelatesTo> </soapenv:Header> <soapenv:Body> <ns:greetResponse xmlns:ns="http://www.wso2.org/types";> <return>Hello World, jorge 3 !!!</return> </ns:greetResponse> </soapenv:Body> </soapenv:Envelope> Response in Eclipse: Exception in thread "main" org.apache.axis2.AxisFault: SOAP header missing at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:508 ) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAx isOperation.java:375) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio n.java:421) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisO peration.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:556) at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:532) at org.apache.ws.axis2.Client_IS_ESB.main(Client_IS_ESB.java:95) I don´t understand why happen this. Another example: The response message in ESB, in this case it fail: <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsa:MessageID>urn:uuid:261CB49FB219848CBC10236706953271746345399</wsa:Messa geID> <wsa:Action>urn:greetResponse</wsa:Action> <wsa:RelatesTo>urn:uuid:B2BF9E70A9F64B2EC41301770439883</wsa:RelatesTo> </soapenv:Header> <soapenv:Body> <soapenv:Fault xmlns:axis2ns3="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Code> <soapenv:Value>axis2ns3:Sender</soapenv:Value> <soapenv:Subcode> <soapenv:Value xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd">wsse:InvalidSecurity</soapenv:Value> </soapenv:Subcode> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">SOAP header missing</soapenv:Text> </soapenv:Reason> <soapenv:Detail /> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> In eclipse I see the same message. I try again, and fail: The response message in ESB, in this case it fail: <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsa:MessageID>urn:uuid:261CB49FB219848CBC10277044862702-526968549</wsa:Mess ageID> <wsa:Action>urn:greetResponse</wsa:Action> <wsa:RelatesTo>urn:uuid:FDC98145D50523B6831301770480242</wsa:RelatesTo> </soapenv:Header> <soapenv:Body> <soapenv:Fault xmlns:axis2ns5="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Code> <soapenv:Value>axis2ns5:Sender</soapenv:Value> <soapenv:Subcode> <soapenv:Value xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd">wsse:InvalidSecurity</soapenv:Value> </soapenv:Subcode> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">SOAP header missing</soapenv:Text> </soapenv:Reason> <soapenv:Detail /> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> But the ECLIPSE show me the right response: respuesta eclipse: <ns:greetResponse xmlns:ns="http://www.wso2.org/types"; xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"> <return>Hello World, jorge 3 !!!</return> </ns:greetResponse> More odd that the other case. Jorge. De: Thilina Buddhika [mailto:[email protected]] Enviado el: sábado, 02 de abril de 2011 11:27 Para: [email protected] CC: Jorge Infante Osorio Asunto: Re: [Carbon-dev] Security scenario 15. Issue with header missing or InputStream NULL Hi Jorge, I will try to reproduce this issue at our end and get back to you. Thanks, Thilina On Sat, Apr 2, 2011 at 9:12 AM, Jorge Infante Osorio <[email protected]> wrote: If you search the thread in the list archive you will see the client code, ESB proxy service configuration, XACML policy, Service Policy, the errors I received in ESB log and in the Eclipse console. Also I can send you again the information so you can reproduce the error. Thanks a lot for your help in this. Jorge. -----Mensaje original----- De: [email protected] [mailto:[email protected]] En nombre de Supun Kamburugamuva Enviado el: viernes, 01 de abril de 2011 22:41 Para: [email protected] Asunto: Re: [Carbon-dev] Security scenario 15. Issue with header missing or InputStream NULL On Sat, Apr 2, 2011 at 7:19 AM, Afkham Azeez <[email protected]> wrote: > One small question, are you sending the request to the ESB port 8280 > from your client? > Yes, exactly. If he is sending to 9763 this behavior can happen. Thanks, Supun.. > On Feb 21, 2011 9:23 AM, "Jorge Infante Osorio" <[email protected]> wrote: >> Hi all. >> >> I implement a proxy Service like this [1] with security scenario 15, >> and I can use the token issued by IS and pass to the ESB, this work fine. >> I see that the entitlement mediator work fine, it login into the ESB >> and the XACML policy response PERMIT. >> >> In the WSAS SOAP tracer I see all the request from ESB: >> >> <soapenv:Envelope >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> >> <soapenv:Body >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws >> securit y-utility-1.0.xsd" wsu:Id="Id-31168594"> <ns1:greet >> xmlns:ns1="http://www.wso2.org/types";> >> <name>jorge infante 3</name> >> </ns1:greet> >> </soapenv:Body> >> </soapenv:Envelope> >> >> This request message came without the security header, so the header >> mediator work fine. >> >> And all the WSAS response are the same: >> >> <soapenv:Envelope >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> >> <soapenv:Header /> >> <soapenv:Body> >> <ns:greetResponse xmlns:ns="http://www.wso2.org/types";> >> <return>Hello World, jorge infante 3 !!!</return> </ns:greetResponse> >> </soapenv:Body> </soapenv:Envelope> >> >> But in the Eclipse console I see this errors in all the call I made: >> >> Response for Call 1: >> Exception in thread "main" org.apache.axis2.AxisFault: InputStream >> cannot be NULL. >> >> Response for call 2: >> Exception in thread "main" org.apache.axis2.AxisFault: SOAP header >> missing >> >> Response for call 3: >> <ns:greetResponse xmlns:ns="http://www.wso2.org/types"; >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws >> securit >> y-utility-1.0.xsd"> >> <return> >> Hello World, jorge infante 3 !!! >> </return> >> </ns:greetResponse> >> >> Response for call 4: >> Exception in thread "main" org.apache.axis2.AxisFault: InputStream >> cannot be NULL. >> >> And so on, the response are not the same in every call, so I >> wondering what could be the root cause of this behavior. >> >> >> [1] the proxy service: >> <proxy xmlns="http://ws.apache.org/ns/synapse"; name="Secureproxy3" >> transports="https http" startOnLoad="true" trace="disable" >> statistics="enable"> >> <target> >> <endpoint >> name="endpoint_urn_uuid_BB1AB9F8608F7EC366271152455486681545818807"> >> <address uri="http://127.0.0.1:9763/services/HelloService/"/> >> </endpoint> >> <inSequence> >> <entitlementService >> remoteServiceUrl="https://localhost:9463/services/"; >> remoteServiceUserName="admin" remoteServicePassword="admin"/> <header >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w >> ssecuri ty-secext-1.0.xsd" name="wsse:Security" action="remove"/> >> <send/> </inSequence> <outSequence> <log level="full"/> <send/> >> </outSequence> <faultSequence> <log level="full"/> </faultSequence> >> </target> <publishWSDL >> uri="http://127.0.0.1:9763/services/HelloService?wsdl"/> >> <policy >> >> key="conf:/repository/axis2/service-groups/Secureproxy3/services/Secu >> reproxy >> 3/policies/SecConSgnEncrUsername"/> >> <enableSec/> >> </proxy> >> >> >> Ing. Jorge Infante Osorio. >> J´Dpto Soluciones SOA. >> CDAE. >> UCI >> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Supun Kamburugamuva Technical Lead & Product Manager, WSO2 Inc.; http://wso2.com Member, Apache Software Foundation; http://www.apache.org WSO2 Inc.; http://wso2.org E-mail: [email protected]; Mobile: +94 77 431 3585 Blog: http://supunk.blogspot.com _______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev _______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com _______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
