Do you see any errors during the service deployment when an external policy reference is used?
I guess, the policy is not properly attached to the service which is the most probable reason for the Must Understand check failed error. Thanks, Thilina On Thu, Feb 24, 2011 at 5:03 PM, Thomas Fielenbach < [email protected]> wrote: > Hi all, > > Currently I'm working on securing messages with rampart. Therefore I just > add Username/Pass/Timestamp in a policy. This works all fine (at client and > at server-side) using a code first approach and defining the policy as well > as the rampart-config in the services.xml. > services.xml (partially): > <service name="UserNameTokenService"> > <parameter name="ServiceClass" locked="false">unt.UserNameToken > </parameter> > <operation name="add"> > <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver" > /> > </operation> > <module ref="rampart" /> > <wsp:Policy wsu:Id="UsernameTokenOverHTTP" > ... > <sp:SignedSupportingTokens > xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:UsernameToken > sp:IncludeToken=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; > /> > </wsp:Policy> > </sp:SignedSupportingTokens> > <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> > <ramp:passwordCallbackClass>unt.PWCBHandler</ramp:passwordCallbackClass> > </ramp:RampartConfig> > </wsp:All> > ... > > When I want to use contract first and load a policy document from an > external source (e.g. http://ip:port/axis2/external-policy.xml), the > Axis2-framework responds with " > Exception in thread "main" org.apache.axis2.AxisFault: Must Understand > check failed for header > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd: > Security at > org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:446) > ..." > > The (relevant) part of the WSDL: > <wsdl:portType name="UserNameTokenExternalPolicyServicePortType"> > <wsdl:operation name="add"> > <wsdl:input message="ns:addRequest" wsaw:Action="urn:add"> > </wsdl:input> > <wsdl:output message="ns:addResponse" wsaw:Action="urn:addResponse"> > </wsdl:output> > </wsdl:operation> > <wsp:PolicyReference URI=" > http://localhost:7080/axis2/external-policy.xml#TS_AUTH-UNT-PASS"; > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"/> > </wsdl:portType> > > The services.xml is the same like above but wss- policy is deleted. I have > tried to define the rampart-config 1) in the services.xml 2) in the > external-policy.xml, but both times the error stated above occurs. > > Tracking the request with TCPMon shows that the client sends a valid > request to the server. > > Is it generally possbile to use references to policies with rampart? If so, > how do I have to change my code for that? > > Thanks in advance & Best regards > > > -- > ************************* > Universität Siegen > Institut: Wirtschaftsinformatik, Bereich: IT-Sicherheit > Hölderlinstr. 3 > 57068 Siegen > > Raum: H-C 8329/3 > Tel.: +49-271-740-3041 > Fax: +49-271-740-3444 > Mail: [email protected] > > Web: http://www.uni-siegen.de/fb5/itsec/index.html?lang=de > ************************* > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Thilina Mahesh Buddhika http://blog.thilinamb.com
