I tried with a similar proxy configuration[1] and tried out the same
scenario. But I could not reproduce this issue. So it seems like we will
have to do some serious debugging with all possible configurations to find
out the root cause.
When going through the ESB error logs provided by you, I saw this
"org.apache.http.ProtocolException: Transfer-encoding header already
present" error appearing in few places. Some related information about this
error is available in this JIRA [2].
I think it is not required to use IS in this scenario. Although we obtain a
token from IS, it is not used when establishing the security context between
ESB and the Client. IS would be more handy, if we are implementing a WS -
Trust scenario based on SAML.
Anyway it is good that Jorge's issue is solved now. :)
Thanks,
Thilina
[1] - <proxy name="HelloServiceProxy" transports="https http"
startOnLoad="true" trace="disable">
<target>
<endpoint
name="endpoint_urn_uuid_DEF69A2AC9E9A43AAE4257419113255-403783238">
<address uri="
http://10.100.1.125:10763/services/HelloService/"/>
</endpoint>
<inSequence>
<log level="full"/>
<entitlementService remoteServiceUrl="
https://localhost:8443/services"; remoteServiceUserName="admin"
remoteServicePassword="admin"/>
<header xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
name="wsse:Security" action="remove"/>
</inSequence>
<outSequence>
<log level="full"/>
<send/>
</outSequence>
</target>
<policy
key="conf:/repository/axis2/service-groups/HelloServiceProxy/services/HelloServiceProxy/policies/SecConSgnEncrUsername"/>
<enableSec/>
</proxy>
[2] - https://wso2.org/jira/browse/ESBJAVA-370
On Sat, Apr 2, 2011 at 11:49 PM, Amila Jayasekara <[email protected]> wrote:
> Hi Jorge,
>
> Sorry for the late response. I've been trying to reproduce this issue
> and I got stuck with some other work.
> Until yesterday I was trying to reproduce the issue using the proxy
> configuration in [1]. According to proxy configuration [1] I defined
> an endpoint pointing to “HelloService” in WSAS and used that endpoint
> in a sequence called “ CustomSequence”. Then used “ CustomSequence” in
> “HelloProxy”.
> With this [1] proxy configuration I was not able to reproduce the
> issue mentioned in this mail thread.
>
> Then I created a proxy service similar to one you are using [2]. With
> this [2] proxy service I was able to reproduce the intermittent issue
> you mentioned. Thus in my case, I didnt see a pattern, rather it was
> failing most of the time and getting success for about 1 in 7
> requests. Also, I found some “ERROR” logs in ESB logs for both success
> and fail requests (esbConsoleMessages.txt). I am not exactly sure what
> is the cause for this issue.
>
>
> As a workaround please use a proxy configuration similar to [1]. We
> will investigate the issue in proxy configuration [2]. Issue [3] is
> created to investigate this behaviour.
>
> I am attaching all the artifacts I used in this experiment.
>
> Note: If you are switching between “HelloProxy” and “ Secureproxy3”,
> remember to change SERVICE_EPR in client code and proxy URL in XACML
> policy.
>
> Also, please ignore my previous reply about “third party token issuer”
> [4] (I used STS in IS).
>
> Thanks
> AmilaJ
>
> [1]
> <proxy name="HelloProxy" transports="https http" startOnLoad="true"
> trace="disable">
> <target inSequence="CustomSequence" outSequence="CustomSequence"/>
> <publishWSDL
> uri="http://192.168.100.188:9765/services/HelloService?wsdl"/>
> <policy
>
> key="conf:/repository/axis2/service-groups/HelloProxy/services/HelloProxy/policies/SecConSgnEncrUsername"/>
> <enableSec/>
> </proxy>
>
> <endpoint name="HelloEndpoint">
> <address uri="http://192.168.100.188:9765/services/HelloService/";>
> <enableAddressing/>
> </address>
> </endpoint>
>
> <sequence name="CustomSequence">
> <in>
> <entitlementService
> remoteServiceUrl="https://localhost:9444/services/";
> remoteServiceUserName="admin" remoteServicePassword="admin"/>
> <header
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> name="wsse:Security" action="remove"/>
> <send>
> <endpoint key="HelloEndpoint"/>
> </send>
> </in>
> <out>
> <send/>
> </out>
> </sequence>
>
> [2]
> <proxy name="Secureproxy3" transports="https http" startOnLoad="true"
> trace="disable">
> <target>
> <endpoint
> name="endpoint_urn_uuid_BB7F94575A9CFBD9B029470951711769-2054221907">
> <address uri="http://127.0.0.1:9765/services/HelloService/
> "/>
> </endpoint>
> <inSequence>
> <entitlementService
> remoteServiceUrl="https://localhost:9444/services/";
> remoteServiceUserName="admin" remoteServicePassword="admin"/>
> <header
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> name="wsse:Security" action="remove"/>
> <send/>
> </inSequence>
> <outSequence>
> <log level="full"/>
> <send/>
> </outSequence>
> <faultSequence>
> <log level="full"/>
> </faultSequence>
> </target>
> <publishWSDL
> uri="http://192.168.100.188:9765/services/HelloService?wsdl"/>
> <policy
>
> key="conf:/repository/axis2/service-groups/Secureproxy3/services/Secureproxy3/policies/SecConSgnEncrUsername"/>
> <enableSec/>
> </proxy>
>
> [3] https://wso2.org/jira/browse/CARBON-9243
>
> [4] http://www.mail-archive.com/[email protected]/msg11579.html
>
> On Sat, Apr 2, 2011 at 8:27 AM, Thilina Buddhika <[email protected]>
> wrote:
> > Hi Jorge,
> > I will try to reproduce this issue at our end and get back to you.
> > Thanks,
> > Thilina
> > On Sat, Apr 2, 2011 at 9:12 AM, Jorge Infante Osorio <[email protected]>
> wrote:
> >>
> >> If you search the thread in the list archive you will see the client
> >> code,
> >> ESB proxy service configuration, XACML policy, Service Policy, the
> errors
> >> I
> >> received in ESB log and in the Eclipse console.
> >>
> >> Also I can send you again the information so you can reproduce the
> error.
> >>
> >> Thanks a lot for your help in this.
> >>
> >> Jorge.
> >>
> >> -----Mensaje original-----
> >> De: [email protected] [mailto:[email protected]] En
> >> nombre de Supun Kamburugamuva
> >> Enviado el: viernes, 01 de abril de 2011 22:41
> >> Para: [email protected]
> >> Asunto: Re: [Carbon-dev] Security scenario 15. Issue with header missing
> >> or
> >> InputStream NULL
> >>
> >> On Sat, Apr 2, 2011 at 7:19 AM, Afkham Azeez <[email protected]> wrote:
> >> > One small question, are you sending the request to the ESB port 8280
> >> > from your client?
> >> >
> >>
> >> Yes, exactly. If he is sending to 9763 this behavior can happen.
> >>
> >> Thanks,
> >> Supun..
> >>
> >> > On Feb 21, 2011 9:23 AM, "Jorge Infante Osorio" <[email protected]>
> wrote:
> >> >> Hi all.
> >> >>
> >> >> I implement a proxy Service like this [1] with security scenario 15,
> >> >> and I can use the token issued by IS and pass to the ESB, this work
> >> >> fine.
> >> >> I see that the entitlement mediator work fine, it login into the ESB
> >> >> and the XACML policy response PERMIT.
> >> >>
> >> >> In the WSAS SOAP tracer I see all the request from ESB:
> >> >>
> >> >> <soapenv:Envelope
> >> >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
> >> >> <soapenv:Body
> >> >>
> >> >> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws
> >> >> securit y-utility-1.0.xsd" wsu:Id="Id-31168594"> <ns1:greet
> >> >> xmlns:ns1="http://www.wso2.org/types";>
> >> >> <name>jorge infante 3</name>
> >> >> </ns1:greet>
> >> >> </soapenv:Body>
> >> >> </soapenv:Envelope>
> >> >>
> >> >> This request message came without the security header, so the header
> >> >> mediator work fine.
> >> >>
> >> >> And all the WSAS response are the same:
> >> >>
> >> >> <soapenv:Envelope
> >> >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
> >> >> <soapenv:Header />
> >> >> <soapenv:Body>
> >> >> <ns:greetResponse xmlns:ns="http://www.wso2.org/types";>
> >> >> <return>Hello World, jorge infante 3 !!!</return> </ns:greetResponse>
> >> >> </soapenv:Body> </soapenv:Envelope>
> >> >>
> >> >> But in the Eclipse console I see this errors in all the call I made:
> >> >>
> >> >> Response for Call 1:
> >> >> Exception in thread "main" org.apache.axis2.AxisFault: InputStream
> >> >> cannot be NULL.
> >> >>
> >> >> Response for call 2:
> >> >> Exception in thread "main" org.apache.axis2.AxisFault: SOAP header
> >> >> missing
> >> >>
> >> >> Response for call 3:
> >> >> <ns:greetResponse xmlns:ns="http://www.wso2.org/types";
> >> >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";
> >> >>
> >> >> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws
> >> >> securit
> >> >> y-utility-1.0.xsd">
> >> >> <return>
> >> >> Hello World, jorge infante 3 !!!
> >> >> </return>
> >> >> </ns:greetResponse>
> >> >>
> >> >> Response for call 4:
> >> >> Exception in thread "main" org.apache.axis2.AxisFault: InputStream
> >> >> cannot be NULL.
> >> >>
> >> >> And so on, the response are not the same in every call, so I
> >> >> wondering what could be the root cause of this behavior.
> >> >>
> >> >>
> >> >> [1] the proxy service:
> >> >> <proxy xmlns="http://ws.apache.org/ns/synapse"; name="Secureproxy3"
> >> >> transports="https http" startOnLoad="true" trace="disable"
> >> >> statistics="enable">
> >> >> <target>
> >> >> <endpoint
> >> >> name="endpoint_urn_uuid_BB1AB9F8608F7EC366271152455486681545818807">
> >> >> <address uri="http://127.0.0.1:9763/services/HelloService/"/>
> >> >> </endpoint>
> >> >> <inSequence>
> >> >> <entitlementService
> >> >> remoteServiceUrl="https://localhost:9463/services/";
> >> >> remoteServiceUserName="admin" remoteServicePassword="admin"/> <header
> >> >>
> >> >> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w
> >> >> ssecuri ty-secext-1.0.xsd" name="wsse:Security" action="remove"/>
> >> >> <send/> </inSequence> <outSequence> <log level="full"/> <send/>
> >> >> </outSequence> <faultSequence> <log level="full"/> </faultSequence>
> >> >> </target> <publishWSDL
> >> >> uri="http://127.0.0.1:9763/services/HelloService?wsdl"/>
> >> >> <policy
> >> >>
> >> >> key="conf:/repository/axis2/service-groups/Secureproxy3/services/Secu
> >> >> reproxy
> >> >> 3/policies/SecConSgnEncrUsername"/>
> >> >> <enableSec/>
> >> >> </proxy>
> >> >>
> >> >>
> >> >> Ing. Jorge Infante Osorio.
> >> >> J´Dpto Soluciones SOA.
> >> >> CDAE.
> >> >> UCI
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> Carbon-dev mailing list
> >> >> [email protected]
> >> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >> >
> >> > _______________________________________________
> >> > Carbon-dev mailing list
> >> > [email protected]
> >> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Supun Kamburugamuva
> >> Technical Lead & Product Manager, WSO2 Inc.; http://wso2.com Member,
> >> Apache
> >> Software Foundation; http://www.apache.org
> >> WSO2 Inc.; http://wso2.org
> >> E-mail: [email protected]; Mobile: +94 77 431 3585
> >> Blog: http://supunk.blogspot.com
> >> _______________________________________________
> >> Carbon-dev mailing list
> >> [email protected]
> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >>
> >> _______________________________________________
> >> Carbon-dev mailing list
> >> [email protected]
> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
> >
> >
> > --
> > Thilina Buddhika
> > Senior Software Engineer
> > WSO2 Inc. ; http://wso2.com
> > lean . enterprise . middleware
> >
> > phone : +94 77 44 88 727
> > blog : http://blog.thilinamb.com
> >
> > _______________________________________________
> > Carbon-dev mailing list
> > [email protected]
> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
> >
>
--
Thilina Buddhika
Senior Software Engineer
WSO2 Inc. ; http://wso2.com
lean . enterprise . middleware
phone : +94 77 44 88 727
blog : http://blog.thilinamb.com
_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
