Hi Ruwan, Indeed, the requirement is to use a different security policy for incoming and outgoing messages. This requirement is for me rather critical as most of the webservices that we call are based on this principle (signed request and unsigned response).
With our Axis2-based application, we were able to specify this requirement by using the "OutflowSecurity" and "InflowSecurity" (in this case not specified) parameters in axis2.xml. Any idea why the same kind of configuration is no longer possible when using a policy file ? About your "applies only on the proxy service level" remark. At this point in time, the WS-Security settings are specified on the Proxy and/or Endpoint level. If a different security policy should be used for incoming and outgoing messages, would this mean that the security policy will be linked to the Proxy's Target Sequences ? PS: Any idea about the release date of the next ESB release or the availability of this requirement in the Subversion repository or nightly builds (if they exist) ? Regards, Stefan. Ruwan Linton-3 wrote: > > Hi Stefan, > > So your requirement is to specify two security policies for the incoming > and outgoing messages right? In general this should be possible with web > services, according to ws-policy specification, but Synapse (WSO2 ESB) > does not support that for the moment. There is an improvement JIRA issue > for this under Synapse [1]. > > How critical this requirement is to you? So that I can prioritize that > issue and finish it up, we will be doing this improvement for the > synapse-1.2 release as well as to the next ESB release for sure. > > PS: But I think this applies only on the proxy service level and not on > the endpoint level. I will investigate this issue in more detail and get > back to you. > > [1] - https://issues.apache.org/jira/browse/SYNAPSE-127 > > Thanks, > Ruwan > > stlecho wrote: >> Hi Ruwan, >> >> I was just thinking that for this webservice the requests should be >> signed, >> but the responses are not signed. When the webservice response arrives at >> ESB, Rampart should not be activated. This could be the cause of the >> NullPointerException. >> >> Ideally Rampart should be configured only for Outgoing message, but not >> for >> Incoming messages. At this point in time I've enabled WS-Security on the >> Endpoint, where I can not choose the flow for which Rampart should be >> applied. Would this be possible in the Policy file ? >> >> I've posted a similar issue on the Axis-user mailing list: >> http://www.nabble.com/-Axis2-Rampart--Using-Rampart-for-OutFlow%2C-but-not-for-InFlow-td15689307.html#a15689307 >> >> Thanks, Stefan. >> >> >> Ruwan Linton-3 wrote: >> >>> Hi Stefan, >>> >>> What is the JDK version that you are using? I guess it is JDK1.6, if so >>> there seems to be an issue in rampart with JDK 1.6. >>> >>> BTW: can you send us the policy that you are using and the ESB >>> configuration? (you may send these files privately if you have any >>> problem with sending them through public list). >>> >>> A TCPMon trace of the in and out messages will also be helpful for >>> problem identification. >>> >>> Thanks, >>> Ruwan >>> >>> stlecho wrote: >>> >>>> A webservice we are using requires that requests are signed, but not >>>> encrypted. >>>> >>>> When removing encryption related elements from the policy file, I'm >>>> receiving a response. When processing this reponse a >>>> java.lang.NullPointerException is thrown. >>>> >>>> "2008-03-11 17:47:20,861 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Connected ([EMAIL PROTECTED]) >>>> 2008-03-11 17:47:20,861 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> Axis2HttpRequest get source channel of the pipe on which the outgoing >>>> response is written >>>> 2008-03-11 17:47:20,876 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> SOAPMessageFormatter contentType from the OMOutputFormat =text/xml >>>> 2008-03-11 17:47:20,876 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> SOAPMessageFormatter contentType returned =text/xml; charset=UTF-8 >>>> 2008-03-11 17:47:21,079 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Output >>>> ready >>>> 2008-03-11 17:47:21,079 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Content encoder [chunk-coded; completed: false] >>>> 2008-03-11 17:47:21,079 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Output >>>> ready >>>> 2008-03-11 17:47:21,079 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Content encoder [chunk-coded; completed: false] >>>> 2008-03-11 17:47:21,079 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Output >>>> ready >>>> 2008-03-11 17:47:21,079 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Content encoder [chunk-coded; completed: false] >>>> 2008-03-11 17:47:21,079 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Output >>>> ready >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Content encoder [chunk-coded; completed: false] >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Output >>>> ready >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Content encoder [chunk-coded; completed: false] >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Output >>>> ready >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Content encoder [chunk-coded; completed: false] >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Output >>>> ready >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [HttpServerWorker-1] >>>> DEBUG >>>> SOAPMessageFormatter end writeTo() >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Content encoder [chunk-coded; completed: false] >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Output >>>> ready >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Content encoder [chunk-coded; completed: true] >>>> 2008-03-11 17:47:21,095 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Request ready >>>> 2008-03-11 17:47:21,611 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> HTTP/1.1 200 OK >>>> 2008-03-11 17:47:21,611 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> headers << HTTP/1.1 200 OK >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> headers << Date: Tue, 11 Mar 2008 16:47:21 GMT >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> headers << Server: Apache >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> headers << Content-Length: 1066 >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> headers << Set-Cookie: >>>> JSESSIONID=HW3ZHKDtLdfLvylfZBvDxCzPM6Wpt2TrbgnHPXy297PwrWT253zJ!185984672; >>>> path=/ >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> headers << Keep-Alive: timeout=15, max=100 >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> headers << Connection: Keep-Alive >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> headers << Content-Type: text/xml >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ClientHandler HTTP connection [fsb.smals-mvm.be/193.191.242.140:443]: >>>> Input >>>> ready >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [HttpClientWorker-1] >>>> DEBUG >>>> TransportUtils createSOAPEnvelope using Builder (class >>>> org.apache.axis2.builder.SOAPBuilder) selected from type (text/xml) >>>> Exception in thread "HttpClientWorker-1" java.lang.NullPointerException >>>> at org.apache.rampart.RampartEngine.process(RampartEngine.java:90) >>>> at >>>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:85) >>>> at org.apache.axis2.engine.Phase.invoke(Phase.java:292) >>>> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212) >>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132) >>>> at >>>> org.apache.synapse.transport.nhttp.ClientWorker.run(ClientWorker.java:193) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675) >>>> at java.lang.Thread.run(Thread.java:595) >>>> 2008-03-11 17:47:21,626 [192.168.13.175-INFOR2] [I/O dispatcher 1] >>>> DEBUG >>>> ConnectionPool Released a connection to host: fsb.smals-mvm.be on port >>>> : >>>> 443 >>>> to the connection pool of current size : 1". >>>> >>>> Any help with this issue is highly appreciated. >>>> >>>> Regards, Stefan Lecho. >>>> >>>> >>> _______________________________________________ >>> Esb-java-user mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user >>> >>> >>> >> >> > > > _______________________________________________ > Esb-java-user mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user > > -- View this message in context: http://www.nabble.com/NullPointerException-in-org.apache.rampart.RampartEngine.process-tp15979093p16012591.html Sent from the WSO2 ESB Users mailing list archive at Nabble.com. _______________________________________________ Esb-java-user mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
