[
https://issues.apache.org/jira/browse/AXIS2-5032?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Rohr updated AXIS2-5032:
-------------------------------
Description:
The exception in the same as in AXIS2-3999, but Im not sure if it has the same
origin
org.apache.axis2.AxisFault: InvalidSecurity
at
org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
...
we do have 3 services and we are using MTOM in the Clients to sent attachments.
Rampart engaged in the services.xml and a policy using a custom password
handler as follows:
<module ref="rampart" />
<module ref="addressing" />
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<!-- <sp:HashPassword/> -->
</wsp:Policy>
</sp:TransportToken>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:passwordCallbackClass>custom.PasswordCallbackHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
policy.xml in client:
<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken=
"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<!-- <sp:HashPassword/>-->
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Client code:
ServiceClient sc = stub._getServiceClient();
sc.engageModule("addressing");
sc.engageModule("rampart");
Options options = sc.getOptions();
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("axis2repo/policies/policy.xml"));
options.setUserName(config.getServerUser());
options.setPassword(config.getServerPassword());
// enale MTOM optimzation in client
options.setProperty(Constants.Configuration.ENABLE_MTOM,
Constants.VALUE_TRUE);
options.setTimeOutInMilliSeconds(getConnectionTimeout() * 1000);
The facts:
1) This works fine for any amount of requests that are sent in sequence.
2) This doesnt work for multiple requests (tested with 10 requests sent at the
approx. the same time) that are received by the server right after the server
startup. In this case one (or some?) of the first requests produce the
mentioned security exception.
3) If then again 10 requests are sent in parallel all works fine again.
Thus I assume this is a problem with the policy loading at the beginning (lazy
loading?), e.g. something is not thread safe?
I would like to know if this a known problem and if there is a workaround for
this (e.g. on startup of the application could I just load everything that is
needed to ensure Axis/rampart policy parts are fully initialized).
Note: I also tried this with Axis 1.5.4 and rampart 1.5 but the same problem
occured.
was:
The exception in the same as in AXIS2-3999, but Im not sure if it has the same
origin
org.apache.axis2.AxisFault: InvalidSecurity
at
org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
...
we do have 3 services and we are using MTOM in the Clients to sent attachments.
Rampart engaged in the services.xml and a policy using a custom password
handler as follows:
<module ref="rampart" />
<module ref="addressing" />
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<!-- <sp:HashPassword/> -->
</wsp:Policy>
</sp:TransportToken>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:passwordCallbackClass>custom.PasswordCallbackHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
policy.xml in client:
<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken=
"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<!-- <sp:HashPassword/>-->
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Client code:
ServiceClient sc = stub._getServiceClient();
sc.engageModule("addressing");
sc.engageModule("rampart");
Options options = sc.getOptions();
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("axis2repo/policies/policy.xml"));
options.setUserName(config.getServerUser());
options.setPassword(config.getServerPassword());
// enale MTOM optimzation in client
options.setProperty(Constants.Configuration.ENABLE_MTOM,
Constants.VALUE_TRUE);
options.setTimeOutInMilliSeconds(getConnectionTimeout() * 1000);
The facts:
1) This works fine for any amount of requests that are sent in sequence.
2) This doesnt work for multiple requests (tested with 10 paralell requests)
that are received by the server right after the server startup. In this case
one (or some?) of the first requests produce the mentioned security exception.
3) If then again 10 parelell requests are sent all works fine again.
Thus I assume this is a problem with the policy loading at the beginning (lazy
loading?), e.g. something is not thread safe?
I would like to know if this a known problem and if there is a workaround for
this (e.g. on startup of the application could I just load everything that is
needed to ensure Axis/rampart policy parts are fully initialized).
Note: I also tried this with Axis 1.5.4 and rampart 1.5 but the same problem
occured.
> InvalidSecurity for first requests
> ----------------------------------
>
> Key: AXIS2-5032
> URL: https://issues.apache.org/jira/browse/AXIS2-5032
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.5.2
> Environment: Axis 1.5.2, rampart 1.4
> Reporter: Oliver Rohr
> Priority: Critical
>
> The exception in the same as in AXIS2-3999, but Im not sure if it has the
> same origin
> org.apache.axis2.AxisFault: InvalidSecurity
> at
> org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> ...
> we do have 3 services and we are using MTOM in the Clients to sent
> attachments. Rampart engaged in the services.xml and a policy using a custom
> password handler as follows:
> <module ref="rampart" />
> <module ref="addressing" />
>
> <wsp:Policy wsu:Id="UTOverTransport"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <!-- <sp:HashPassword/> -->
> </wsp:Policy>
> </sp:TransportToken>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
> />
> </wsp:Policy>
> </sp:SignedSupportingTokens>
>
> <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy";>
>
> <ramp:passwordCallbackClass>custom.PasswordCallbackHandler</ramp:passwordCallbackClass>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> policy.xml in client:
> <wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
>
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SupportingTokens
>
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken=
>
> "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
> <!-- <sp:HashPassword/>-->
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> Client code:
> ServiceClient sc = stub._getServiceClient();
> sc.engageModule("addressing");
> sc.engageModule("rampart");
> Options options = sc.getOptions();
> options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
> loadPolicy("axis2repo/policies/policy.xml"));
> options.setUserName(config.getServerUser());
> options.setPassword(config.getServerPassword());
> // enale MTOM optimzation in client
> options.setProperty(Constants.Configuration.ENABLE_MTOM,
> Constants.VALUE_TRUE);
> options.setTimeOutInMilliSeconds(getConnectionTimeout() * 1000);
> The facts:
> 1) This works fine for any amount of requests that are sent in sequence.
> 2) This doesnt work for multiple requests (tested with 10 requests sent at
> the approx. the same time) that are received by the server right after the
> server startup. In this case one (or some?) of the first requests produce the
> mentioned security exception.
> 3) If then again 10 requests are sent in parallel all works fine again.
> Thus I assume this is a problem with the policy loading at the beginning
> (lazy loading?), e.g. something is not thread safe?
> I would like to know if this a known problem and if there is a workaround for
> this (e.g. on startup of the application could I just load everything that is
> needed to ensure Axis/rampart policy parts are fully initialized).
> Note: I also tried this with Axis 1.5.4 and rampart 1.5 but the same problem
> occured.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
