Bill Resnicow created AXIS2-5347:
------------------------------------
Summary: Axis returns an HTTP OK when it should return an HTTP
Error response
Key: AXIS2-5347
URL: https://issues.apache.org/jira/browse/AXIS2-5347
Project: Axis2
Issue Type: Bug
Affects Versions: 1.6.0
Environment: RHEL
Reporter: Bill Resnicow
Priority: Minor
A SOAP message is sent from one server to another using Axis2 1.6.0. Rampart
is engaged on the sender but not on the receiving server. The Soap message
contains a security header with 'Must Understand' set to TRUE. The receiving
server processes the Soap headers and because Rampart is not engaged, it
rejects it. But the HTTP response sent back is an HTTP 200 OK, whereas it
should be an HTTP Error response.
Here is a snippet of the SOAP message:
POST /messaging/services/Messaging HTTP/1.1
Content-Type: application/soap+xml; charset=UTF-8;
action="http://docs.oasis-open.org/wsn/bw-2/NotificationConsumer/Notify";
User-Agent: Axis2
Host: nob-00240-soem.wint.army.mil:8080
Content-Length: 5110
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope
xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="true">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-41"><wsu:Created>2012-04-11T16:54:03.738Z</wsu:Created><wsu:Expires>2012-04-11T16:59:03.738Z</wsu:Expires></wsu:Timestamp>
...
Response:
HTTP/1.1 202 Accepted
Content-Length: 0
Date: Wed, 11 Apr 2012 16:54:03 GMT
Server: null
and here is the Axis log:
<WINT_Event logger="org.apache.axis2.engine.AxisEngine"
timestamp="1334163243813" ddmsTimeFormat="2012-04-11T16:54:03.813Z"
level="ERROR" thread="http-0.0.0.0-8080-1">
<WINT_Message>Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security</WINT_Message>
<WINT_Throwable>org.apache.axis2.AxisFault: Must Understand check failed
for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security at
org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97) at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
