Hi Stefan,
As I can understand what you need is the outbound message level policies
and not inbound message level policies, by specifying the policy in the
proxy service with type="in" you specify the inbound message policies.
Basically it is to enforce security for the messages coming to the prosy
service from client and the responses sent back to the client, but not
on the messages that has been sent to the actual service and the
responses comes into synapse from the services.
For the moment ESB cannot handle this and this is reported on synapse as
an enhancement JIRA [1] and I am planing to fix this ASAP because this
seems the highest demand feature that we have to implement. Please keep
track on the JIRA issue for the resolution.
[1] - https://issues.apache.org/jira/browse/SYNAPSE-355
Thanks,
Ruwan
stlecho wrote:
Ruwan,
I've configured the proxy to apply WS-Security, so I hope :o) that it gets
applied before sending the message to the endpoint specified. When using
this Proxy, the SOAP request is not signed and the call results in an error.
When using <syn:policy key="policy-FSB" type="in"/>, I get:
<< "HTTP/1.1 500 Erreur Interne de Servlet[\r][\n]"
<< "Server: Apache-Coyote/1.1[\r][\n]"
<< "Content-Type: text/xml;charset=UTF-8[\r][\n]"
<< "Transfer-Encoding: chunked[\r][\n]"
<< "Date: Tue, 10 Jun 2008 16:01:41 GMT[\r][\n]"
<< "Connection: close[\r][\n]"
<< "<?xml ...?><soapenv:Envelope
...><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode>
<faultstring>InvalidSecurity</faultstring><detail
/></soapenv:Fault></soapenv:Body></soapenv:Envelope>"
When using <syn:policy key="policy-FSB" type="out"/>, I get:
INFO FSB-Proxy-WsSecurity To:
http://www.w3.org/2005/08/addressing/anonymous,WSAction: ,SOAPAction:
,MessageID: urn:uuid:61668BA68C4F611C54118927512112294-240309440,Direction:
response,Envelope: <?xml version='1.0' encoding='utf-8'?><SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>
SOAP-ENV:Client </faultcode><faultstring> EJB Exception: ; nested
exception is:
com.bea.wlw.runtime.jws.wssecurity.exception.WLWWSSEException: Policy
requires Message to be signed, Message was not signed.
</faultstring><detail>
Request body sent
<< "HTTP/1.1 202 Accept?[\r][\n]"
<< "Server: Apache-Coyote/1.1[\r][\n]"
<< "Content-Type: text/xml;charset=UTF-8[\r][\n]"
<< "Content-Length: 0[\r][\n]"
Regards, Stefan Lecho.
Ruwan Linton-3 wrote:
stlecho wrote:
Ruwan,
I've changed my proxy definition to include the "<syn:policy key=""..."
type="out">" configuration. I'm not sure that it works, because I'm
blocked
by the following issue:
http://www.nabble.com/Control-chunked-encoding-td16092138.html.
You should be able to use the solution that I have proposed.
Will it be possible to use the GUI to configure the policy to be applied
for
a proxy or should I stick to a manual edition of the synapse.xml file ?
I think you should do it on the native configuration, UI does not
support this for the moment. I will do it ASAP on the UI.
Thanks,
Ruwan
Regards, Stefan.
Ruwan Linton-3 wrote:
stlecho wrote:
Rowan,
Ruwan Linton-3 wrote:
Rather we only take one policy and applies to the service so that the
same
policy will be applied to both in and out messages. This should be a
trivial fix but requires some testing, so I will start work on this,
because this is critical to you.
Did you had the time to fix this in version 1.7beta 2 ?
Yes it does. Following is the configuration of a policy element of the
proxy service;
<policy key="string" [type="(in | out)"] [operationName="string"]
[operationNamespace="string"]/>
The optional type attribute defines the message type (either in or out)
on which this policy will be applied where as the operationName and the
operationNamespace attributes specifies the operation QName for which
this particular policy is applied.
If only the type is specified all operations are treated with the policy
for the specified message type. Where as if only the operation QName
(name and namespace) is specified both in and out messages of that
operation is treated with the give policy. If all of the above
attributes are present obviously the message type of the specified
operation is treated with the policy. (For example in message of the
getQuote operation)
Thanks,
Rwuan
Regards, Stefan Lecho.
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
