[
https://issues.apache.org/jira/browse/RAMPART-324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13003240#comment-13003240
]
Amila Jayasekara commented on RAMPART-324:
------------------------------------------
Hi Thilina, Abhinav,
I also faced a similar issue when running some rampart samples. Therefore I
tried to reproduce this issue in the trunk. So here are my findings,
It seems rampart does not take into account the namespaces specified in the
policy for EncryptedElements. So if you add following assertion to policy
<sp:EncryptedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:serns="http://ws.apache.org/axis2";>
<sp:XPath>soapenv:Body/serns:mul/serns:args0</sp:XPath>
</sp:EncryptedElements>
rampart would not recognize prefix “ serns”.
But if you add following assertion,
<sp:EncryptedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:ns1="http://ws.apache.org/axis2";>
<sp:XPath>soapenv:Body/ns1:mul/ns1:args0</sp:XPath>
</sp:EncryptedElements>
rampart will not complain about the namespace. In other words inorder to work
this you must have namespace prefix “ns1”. The reason for “ns1” to work is that
it is the default namespace prefix given when message generation. Here I am
pasting a part of a message which is generated before encrypting elements,
….
….
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body><ns1:add
xmlns:ns1="http://service.wso2.org";><a>3</a><b>4</b></ns1:add></soapenv:Body></soapenv:Envelope>
As you can see ns1 is the default namespace given when message generation. But
even you are able to get through with namespace issue, rampart will not sign
nor encrypt the message elements you specified in the policy. This is in return
a result of not reading elements from the policy (I think).
We will further investigate on this and will work on a patch.
Thanks
AmilaJ
> Caused by: org.apache.ws.security.WSSecurityException: General security error
> (WSEncryptBody/WSSignE nvelope: Element to encrypt/sign not found:
> {http://ws.apache.org/axis2}args0)
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-324
> URL: https://issues.apache.org/jira/browse/RAMPART-324
> Project: Rampart
> Issue Type: Question
> Components: rampart-core, rampart-policy
> Affects Versions: 1.4
> Environment: Windows XP, Rampart 1.4,JDK1.5_06,Axis2 1.5
> Reporter: Abhinav Mishra
> Assignee: Thilina Buddhika
> Priority: Blocker
> Labels: security
> Attachments: Client.java, Multiplication4.java,
> Multiplication4CallbackHandler.java, Multiplication4Stub.java,
> PWCBHandler.java, PWCBHandler.java, client.jks, service.jks, services.xml
>
> Original Estimate: 504h
> Remaining Estimate: 504h
>
> Here I am trying to run a multiplication service in which I pass 2
> parameters. In these two parameters I am trying to encrypt and sign only
> single element. For this I am using <SignedElements> and <EncryptedElements>
> assertions. I am calling the service using Client stub in which the namaspace
> generated is xmlns:ns1="http://ws.apache.org/axis2";. I amt trying to use
> Xpath for that element as
> <sp:XPath>/soapenv:Envelope/soapenv:Body/ns1:mul/ns1:args0</sp:XPath> where
> soapenv is xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope";>.
> When this got error i changed Xpath to:
> <sp:XPath>descendant::ns1:args0</sp:XPath>
> But i am getting an error which is
> Caused by: org.apache.ws.security.WSSecurityException: General security error
> (WSEncryptBody/WSSignE nvelope: Element to encrypt/sign not found:
> {http://ws.apache.org/axis2}args0)
> Abhinav
> Abhinav Mishra
> Exception in thread "main" org.apache.axis2.AxisFault: Error during encryption
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java
> :229)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> at
> org.apache.ws.axis2.Multiplication4Stub.mul(Multiplication4Stub.java:187)
> at org.apache.ws.axis2.Client.main(Client.java:38)
> Caused by: org.apache.rampart.RampartException: Error during encryption
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding
> Builder.java:544)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:9
> 3)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
> ... 8 more
> Caused by: org.apache.ws.security.WSSecurityException: General security error
> (WSEncryptBody/WSSignE
> nvelope: Element to encrypt/sign not found: {http://ws.apache.org/axis2}args0)
> at
> org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:496)
> at
> org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:454)
> at
> org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecEncrypt.java:351)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding
> Builder.java:530)
> ... 11 more
> So,please help me to solve this issue.
> Here i am attaching my code and services.xml file.
> Thanks in advance!!!
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
