[jira] Updated: (RAMPART-281) Axis2/Java client throws exception with mustUnderstand=1

[Samisa Abeysinghe (JIRA)]

     [ 
https://issues.apache.org/jira/browse/RAMPART-281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Samisa Abeysinghe updated RAMPART-281:
--------------------------------------

    Assignee:     (was: Ruchith Udayanga Fernando)

> Axis2/Java client throws exception with mustUnderstand=1
> --------------------------------------------------------
>
>                 Key: RAMPART-281
>                 URL: https://issues.apache.org/jira/browse/RAMPART-281
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.4
>         Environment: Server: Linux, Axis2/C
> Client: Windows, Axis2/Java
>            Reporter: Russell Tempero
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> We have implemented our service with the following security policy:
> <wsp:Policy wsu:Id="SyncPolicy"
>     xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
>     xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
>     
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
>     <wsp:ExactlyOne>
>         <wsp:All>
>             <sp:TransportBinding>
>                 <wsp:Policy>
>                     <sp:TransportToken>
>                         <wsp:Policy>
>                             <sp:HttpsToken/>
>                         </wsp:Policy>
>                     </sp:TransportToken>
>                     <sp:AlgorithmSuite>
>                         <wsp:Policy>
>                             <sp:Basic256/>
>                         </wsp:Policy>
>                     </sp:AlgorithmSuite>
>                     <sp:Layout>
>                         <wsp:Policy>
>                             <sp:Lax/>
>                         </wsp:Policy>
>                     </sp:Layout>
>                 </wsp:Policy>
>             </sp:TransportBinding>
>             <sp:SignedSupportingTokens>
>                 <wsp:Policy>
>                     <sp:UsernameToken 
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
>                         <wsp:Policy>
>                             <sp:WssUsernameToken10/>
>                         </wsp:Policy>
>                     </sp:UsernameToken>
>                 </wsp:Policy>
>             </sp:SignedSupportingTokens>
>         </wsp:All>
>     </wsp:ExactlyOne>
> </wsp:Policy>
> On the client, we are able to use Rampart to send out the correct security 
> headers as expected by the server:
>   <soapenv:Header>
>     <wsse:Security 
> xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>  soapenv:mustUnderstand='1'>
>       <wsse:UsernameToken 
> xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>  wsu:Id='UsernameToken-12864392'>
>         <wsse:Username>admin</wsse:Username>
>         <wsse:Password 
> Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>admin</wsse:Password>
>       </wsse:UsernameToken>
>     </wsse:Security>
>   </soapenv:Header>
> However, in the response, the server send back a blank security header:
> <soapenv:Header>
>     <wsse:Security 
> xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>  soapenv:mustUnderstand='1'></wsse:Security>
>   </soapenv:Header>
> When the client receives this blank security header, it throws the following 
> exception:
> Must Understand check failed for header 
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>  : Security
> Is the blank security header required/allowed in the response according to 
> the WS-Security specification? If so, the Rampart implementation on the 
> client needs to be changed to be able to accept this header. If the blank 
> header is not allowed, the server needs to be changed to not send it.
> Note: we came up with the following workaround on the client:
>     .
>     .
>     .
>               ConfigurationContext configurationContext = 
> ConfigurationContextFactory.createConfigurationContextFromFileSystem("C:\\Program
>  Files\\axis2-1.5.1\\repository", null);
>               AxisConfiguration ac = 
> configurationContext.getAxisConfiguration();
>               ((Phase)ac.getInFlowPhases().get(0)).addHandler(new 
> BasicCreate.SecurityHandler());
>     .
>     .
>     .
>     public static class SecurityHandler extends AbstractHandler
>     {
>         @Override
>         public InvocationResponse invoke(MessageContext msgContext) throws 
> AxisFault
>         {
>             org.apache.axiom.soap.SOAPEnvelope envelope = 
> msgContext.getEnvelope();
>             if (envelope.getHeader() == null)
>             {
>                 return InvocationResponse.CONTINUE;
>             }
>             // Get all the headers targeted to us
>             Iterator headerBlocks = 
> envelope.getHeader().getHeadersToProcess((RolePlayer)msgContext.getConfigurationContext().getAxisConfiguration().getParameterValue("rolePlayer"));
>             while (headerBlocks.hasNext())
>             {
>                 SOAPHeaderBlock headerBlock = (SOAPHeaderBlock) 
> headerBlocks.next();
>                 QName headerName = headerBlock.getQName();
>                 if(headerName.getLocalPart().equals("Security"))
>                 {
>                     headerBlock.setProcessed();
>                 }
>             }
>             return InvocationResponse.CONTINUE;
>         }
>     }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org