[
https://issues.apache.org/jira/browse/RAMPART-332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Veithen moved AXIS2-5032 to RAMPART-332:
------------------------------------------------
Affects Version/s: (was: 1.5.2)
1.4
1.5
Key: RAMPART-332 (was: AXIS2-5032)
Project: Rampart (was: Axis2)
> InvalidSecurity for first requests
> ----------------------------------
>
> Key: RAMPART-332
> URL: https://issues.apache.org/jira/browse/RAMPART-332
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.5, 1.4
> Environment: Axis 1.5.2, rampart 1.4
> Reporter: Oliver Rohr
> Priority: Critical
>
> The exception in the same as in AXIS2-3999, but Im not sure if it has the
> same origin
> org.apache.axis2.AxisFault: InvalidSecurity
> at
> org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> ...
> we do have 3 services and we are using MTOM in the Clients to sent
> attachments. Rampart engaged in the services.xml and a policy using a custom
> password handler as follows:
> <module ref="rampart" />
> <module ref="addressing" />
>
> <wsp:Policy wsu:Id="UTOverTransport"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <!-- <sp:HashPassword/> -->
> </wsp:Policy>
> </sp:TransportToken>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:SignedSupportingTokens
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:UsernameToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
> />
> </wsp:Policy>
> </sp:SignedSupportingTokens>
>
> <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy";>
>
> <ramp:passwordCallbackClass>custom.PasswordCallbackHandler</ramp:passwordCallbackClass>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> policy.xml in client:
> <wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
>
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SupportingTokens
>
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken=
>
> "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
> <!-- <sp:HashPassword/>-->
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> Client code:
> ServiceClient sc = stub._getServiceClient();
> sc.engageModule("addressing");
> sc.engageModule("rampart");
> Options options = sc.getOptions();
> options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
> loadPolicy("axis2repo/policies/policy.xml"));
> options.setUserName(config.getServerUser());
> options.setPassword(config.getServerPassword());
> // enale MTOM optimzation in client
> options.setProperty(Constants.Configuration.ENABLE_MTOM,
> Constants.VALUE_TRUE);
> options.setTimeOutInMilliSeconds(getConnectionTimeout() * 1000);
> The facts:
> 1) This works fine for any amount of requests that are sent in sequence.
> 2) This doesnt work for multiple requests (tested with 10 requests sent at
> approx. the same time) that are received by the server right after the server
> startup. In this case one (or some?) of the first requests produce the
> mentioned security exception.
> 3) If then again 10 requests are sent in parallel all works fine again.
> Thus I assume this is a problem with the policy loading at the beginning
> (lazy loading?), e.g. something is not thread safe?
> I would like to know if this a known problem and if there is a workaround for
> this (e.g. on startup of the application could I just load everything that is
> needed to ensure Axis/rampart policy parts are fully initialized).
> Note: I also tried this with Axis 1.5.4 and rampart 1.5 but the same problem
> occured.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
