Please ask on the [email protected] list. Thanks, Ruchith
On Sun, Apr 10, 2011 at 6:47 PM, Stephen Cresswell <[email protected]> wrote: > I found out a bit more information - the failing web service had empty an > soapAction attribute. When I set it to the same as the location the binding > message was set and everything worked fine. > > <wsdl:binding name="PostCodeBinding" type="tns:PostCodePortType"> > <soap:binding style="document" > transport="http://schemas.xmlsoap.org/soap/http"/> > <wsdl:operation name="getValidAddressTypes"> > <soap:operation > soapAction="http://localhost:8080/axis2/services/PostCodeService_1_0"/> > ... > </wsdl:operation> > </wsdl:binding> > <wsdl:service name="PostCodeService_1_0"> > <wsdl:port name="PostCodePort" binding="tns:PostCodeBinding"> > <soap:address > location="http://localhost:8080/axis2/services/PostCodeService_1_0"/> > </wsdl:port> > </wsdl:service> > > However this just leaves me more confused because according the what > documentation I've found soapAction is just a uri, e.g. > http://mycompany/PostCodeService/1.0/getValidAddressTypes and each operation > should have a different soapAction. > It shouldn't have anything to do with the address location. We have more > operations to add and I'm worried that as soon as we add the second one, > we'll start hitting problems again. > > Something else that really confuses me - if I change either the soapAction > or location to something different (e.g. change the port from 8080 to 9095) > I get a "Must Understand" fault. This also confuses me because the server > doesn't even run on 8080, so why should anything care what this value is. > > Really appreciate it if someone can shed any light on this. > > Thanks, > > S > > > > > > On 10 April 2011 23:29, Ruchith Fernando <[email protected]> wrote: >> >> Hi, >> >> I'm not sure why those instances are null. >> Maybe some other axis2 developer will be able help you figure this out. >> >> Others what do you think? >> >> Thanks, >> Ruchith >> >> p.s. Please maintain the conversation on the list so someone who is >> aware of this issue will be able to help. >> >> >> On Sun, Apr 10, 2011 at 1:15 PM, Stephen Cresswell >> <[email protected]> wrote: >> > I've stepped through in debug and tracked the problem down to where the >> > RampartEngine attempts to assign the security policy from the >> > msgCtx.getEffectivePolicy (Rampart 1.5, RampartMessageData line 238) >> > >> > For the working "Hello World" service >> > >> > AxisBindingMessage bindingMessage = (AxisBindingMessage) >> > getProperty(Constants.AXIS_BINDING_MESSAGE); >> > >> > Returns a bindingMessage which has an attached security policy. >> > >> > For the failing "PostCode" service both the bindingMessage and >> > axisMessage >> > are null, so no policy can be obtained. Any idea why the post code >> > service >> > doesn't get assigned the security policy like the hello world one does? >> > >> > Thanks, >> > >> > S >> > >> > >> > >> > On 9 April 2011 20:53, Stephen Cresswell <[email protected]> >> > wrote: >> >> >> >> Hi Ruchith, >> >> >> >> The CallbackHandler is not being invoked. >> >> The only wsp:Policy sections are in services.xml. Nothing in the WSDL. >> >> I >> >> changed the useOriginalwsdl parameter to false, but it didn't make any >> >> difference. >> >> >> >> S >> >> >> >> >> >> On 9 April 2011 20:06, Ruchith Fernando <[email protected]> >> >> wrote: >> >>> >> >>> Hi, >> >>> >> >>> Right now I'm not sure why policy wasn't available when the rampart >> >>> handler was called and why it is available in post dispatch. Maybe >> >>> someone more familiar with policy loading will be able to help. >> >>> >> >>> Can you please verify whether the callback handler was called to >> >>> authenticate the username token in this case (I don't think it will >> >>> be). >> >>> >> >>> I noticed you have used : >> >>> <parameter name="useOriginalwsdl">true</parameter> >> >>> >> >>> Do you have security policy on the wsdl? If so I'm wondering whether >> >>> there's an issue when loading policy that depends on dispatch. >> >>> >> >>> Thanks, >> >>> Ruchith >> >>> >> >>> On Sat, Apr 9, 2011 at 2:12 PM, Stephen Cresswell >> >>> <[email protected]> wrote: >> >>> > Hi Ruchith, >> >>> > >> >>> > Can you elaborate a bit more please? If the webservice request is >> >>> > sent >> >>> > with >> >>> > the correct security headers, and if the service the correct policy >> >>> > definition, and can you think of any reason why it would not be >> >>> > available? >> >>> > Also any idea why it works for one service and not another (the >> >>> > headers >> >>> > and >> >>> > policy definitions are identical)? >> >>> > >> >>> > Thanks for your help, >> >>> > >> >>> > S >> >>> > >> >>> > On 9 April 2011 19:04, Ruchith Fernando <[email protected]> >> >>> > wrote: >> >>> >> >> >>> >> Hi, >> >>> >> >> >>> >> This error (PostDispatchVerificationHandler.java:152) means that >> >>> >> security policy was not available at the time rampart was called. >> >>> >> >> >>> >> Thanks, >> >>> >> Ruchith >> >>> >> >> >>> >> On Sat, Apr 9, 2011 at 1:05 PM, Stephen Cresswell >> >>> >> <[email protected]> wrote: >> >>> >> > We're running into problems added authentication to our web >> >>> >> > services. It >> >>> >> > works for our simple "hello world" web service, but when we try >> >>> >> > it >> >>> >> > with >> >>> >> > the >> >>> >> > real web service we get an InvalidSecurity fault. I've stripped >> >>> >> > the >> >>> >> > WSDL >> >>> >> > back so that the hello world and post code service are almost >> >>> >> > identical, >> >>> >> > but >> >>> >> > I still get this error. Any ideas? >> >>> >> > >> >>> >> > Failing Request >> >>> >> > <soapenv:Envelope >> >>> >> > xmlns:car="http://xyzi.mycomp.co.uk/postcodedata_1"; >> >>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> >> >>> >> > <soapenv:Header> >> >>> >> > <wsse:Security soapenv:mustUnderstand="1" >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> >> >>> >> > <wsse:UsernameToken wsu:Id="UsernameToken-1" >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> >> >>> >> > <wsse:Username>BILL</wsse:Username> >> >>> >> > <wsse:Password >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>SECRET</wsse:Password> >> >>> >> > </wsse:UsernameToken> >> >>> >> > </wsse:Security> >> >>> >> > </soapenv:Header> >> >>> >> > <soapenv:Body> >> >>> >> > <car:getValidAddressTypes> >> >>> >> > <car:category>X</car:category> >> >>> >> > </car:getValidAddressTypes> >> >>> >> > </soapenv:Body> >> >>> >> > </soapenv:Envelope> >> >>> >> > >> >>> >> > Response >> >>> >> > <soapenv:Envelope >> >>> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> >> >>> >> > <soapenv:Body> >> >>> >> > <soapenv:Fault> >> >>> >> > <faultcode>soapenv:Server</faultcode> >> >>> >> > <faultstring>InvalidSecurity</faultstring> >> >>> >> > <detail/> >> >>> >> > </soapenv:Fault> >> >>> >> > </soapenv:Body> >> >>> >> > </soapenv:Envelope> >> >>> >> > >> >>> >> > services.xml >> >>> >> > <?xml version="1.0" encoding="UTF-8"?> >> >>> >> > <!-- This file was auto-generated from WSDL --> >> >>> >> > <!-- by the Apache Axis2 version: 1.5.2 Built on : Sep 06, 2010 >> >>> >> > (09:42:01 >> >>> >> > CEST) --> >> >>> >> > <serviceGroup> >> >>> >> > <service name="PostCodeService_1_0"> >> >>> >> > <messageReceivers> >> >>> >> > <messageReceiver >> >>> >> > mep="http://www.w3.org/ns/wsdl/in-out"; >> >>> >> > >> >>> >> > class="uk.co.mycomp.foo.PostCodeService_1_0MessageReceiverInOut"/> >> >>> >> > </messageReceivers> >> >>> >> > <parameter >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > name="ServiceClass">uk.co.mycomp.foo.PostCodeService_1_0Skeleton</parameter> >> >>> >> > <parameter name="useOriginalwsdl">true</parameter> >> >>> >> > <parameter >> >>> >> > name="modifyUserWSDLPortAddress">true</parameter> >> >>> >> > <operation name="getValidAddressTypes" >> >>> >> > mep="http://www.w3.org/ns/wsdl/in-out"; >> >>> >> > namespace="http://xyzi.mycomp.co.uk/postcodeservice_1";> >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > <actionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesRequest</actionMapping> >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > <outputActionMapping>http://xyzi.mycomp.co.uk/postcodeservice_1/PostCodePortType/getValidAddressTypesResponse</outputActionMapping> >> >>> >> > </operation> >> >>> >> > <module ref="SmartintegratorModule"/> >> >>> >> > <module ref="rampart"/> >> >>> >> > >> >>> >> > <wsp:Policy wsu:Id="UsernameToken" >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> >>> >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> >> >>> >> > <wsp:ExactlyOne> >> >>> >> > <wsp:All> >> >>> >> > <sp:SupportingTokens >> >>> >> > >> >>> >> > >> >>> >> > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> >> >>> >> > <wsp:Policy> >> >>> >> > <sp:UsernameToken >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> >> >>> >> > </sp:UsernameToken> >> >>> >> > </wsp:Policy> >> >>> >> > </sp:SupportingTokens> >> >>> >> > <ramp:RampartConfig >> >>> >> > xmlns:ramp="http://ws.apache.org/rampart/policy";> >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > <ramp:passwordCallbackClass>com.mycomp.ext.auth.PasswordCallbackHandler</ramp:passwordCallbackClass> >> >>> >> > </ramp:RampartConfig> >> >>> >> > </wsp:All> >> >>> >> > </wsp:ExactlyOne> >> >>> >> > </wsp:Policy> >> >>> >> > </service> >> >>> >> > <service name="SpringAwareService" >> >>> >> > class="com.mycomp.ext.spring.SpringInit"> >> >>> >> > <description>Spring initialiser</description> >> >>> >> > </service> >> >>> >> > </serviceGroup> >> >>> >> > >> >>> >> > debug >> >>> >> > [ERROR] InvalidSecurity >> >>> >> > org.apache.axis2.AxisFault: InvalidSecurity >> >>> >> > at >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:152) >> >>> >> > at org.apache.axis2.engine.Phase.invoke(Phase.java:318) >> >>> >> > at >> >>> >> > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251) >> >>> >> > at >> >>> >> > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160) >> >>> >> > at >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167) >> >>> >> > at >> >>> >> > >> >>> >> > >> >>> >> > org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266) >> >>> >> > at >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) >> >>> >> > at >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) >> >>> >> > at >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) >> >>> >> > at >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) >> >>> >> > at >> >>> >> > >> >>> >> > >> >>> >> > >> >>> >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) >> >>> >> > at java.lang.Thread.run(Thread.java:662) >> >>> >> > >> >>> >> >> >>> >> >> >>> >> >> >>> >> -- >> >>> >> http://ruchith.org >> >>> > >> >>> > >> >>> >> >>> >> >>> >> >>> -- >> >>> http://ruchith.org >> >> >> > >> > >> >> >> >> -- >> http://ruchith.org > > -- http://ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
