Thanks for the information. Hmm, I'm not completely with you. At least It seems Rampart 1.7.0 has some breaking changes with no backward compatibility, so I want some docs or hints for using it :)
I've created a issue as the perspective. https://issues.apache.org/jira/browse/RAMPART-436 Thanks! On Fri, Jul 15, 2016 at 3:43 AM Martin Gainty <mgai...@hotmail.com> wrote: > > > > > > ------------------------------ > From: lanabe.lan...@gmail.com > Date: Thu, 14 Jul 2016 16:39:07 +0000 > > Subject: Re: Axis2 1.7.3 + Rampart 1.7.0 WS-Security not invoked > To: java-user@axis.apache.org > > Martin, Thank you for your reply. > > Before filing a issue, I have a question about missing WSDoAllHandler. > > The following commit deleted WSDoAllHandler says: > --- > Removing the deprecated basic configuration (This was deprecated since > version 1.1). > > > https://github.com/apache/rampart/commit/1863364037019275f70e66cf77d1f092bf3bd984 > --- > > And Rampart 1.7.0 release notes says: > --- > Please note that Apache Rampart uses a configuration model based on > WS-Policy and WS-Security Policy and that the Apache Rampart 1.0 style > configuration (already deprecated since Rampart 1.1) is no longer supported > in 1.7.0. > > http://axis.apache.org/axis2/java/rampart/release-notes/1.7.0.html > --- > > I guess Rampart already provides more suitable way to use WS-Security > because WSDoAllHandler seems to be deprecated(so removed). > > MG>the caveat is WSDoAllHandler is deprecated ...IF.. wss4j (specifically > WSS4JHandler) > is present > MG>If WSS4JHandler not on classpath then Axis 2 throws Exception with > "mustUnderstand header not detected" > > MG>0 WSHandler (with no default) TestCase Scenario: > MG>anyone who has worked with providers would know that without default > provider a 0 providers test always throws Exception > MG>reliance on any one transient dependent provider/handler is never a > good idea unless there exists a default provider > MG>(otherwise missing provider/handler exceptions will be thrown in the > field will come back to haunt the architect) > > MG>the Ruchith disagreement with WSS4J author Werner Dittman extends back > to 2006: > > Ruchith>The module.xml file in this module archive has > Ruchith>instructions to place the handlers in the appropriate message > flows MG>(Inflow, Outflow and FaultFlow) > MG>Thus 3 different handlers for 3 different flows is a well architected > solution vs Werners contention of one WSS4JHandler fits MG>like a glove > for all all 3 flows..Werners design stipulates without documentation or > testcases borders on "one WSS4JHandler MG>should work" is not grounded to > accomodate InFlow,OutFlow and FaultFlow phases > > https://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200602.mbox/%3c559c463d0602040034t203a184co317d0cccabc7e...@mail.gmail.com%3E > > MG>I agree with Rucith on promoting WSDoAllHandler family of Handlers > instead of one size fits all Handler implementing MG>WSS4JHandler > > https://wiki.apache.org/ws/FrontPage/Architecture/Deployment > > > What do you think? > > On Fri, Jul 15, 2016 at 12:28 AM Martin Gainty <mgai...@hotmail.com> > wrote: > > > > > > > ------------------------------ > From: lanabe.lan...@gmail.com > Date: Thu, 14 Jul 2016 08:16:46 +0000 > Subject: Re: Axis2 1.7.3 + Rampart 1.7.0 WS-Security not invoked > To: java-user@axis.apache.org > > Hi, apparently I found a workaround. > Axis2 1.7.3 + Rampart 1.6.4 works fine(ofc, I suspect there should be more > proper way with Rampart 1.7.0). > I noticed that Rampart 1.7.0 doesn't have WSDoAllHandler which processes > WS-Security Header. > > > MG>Ianabe please file Urgent priority JIRA bug on missing WSDoAllHandler > for Rampart 1.70 > > > https://issues.apache.org/jira/browse/RAMPART/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel > > > > > > So, I should change the question. Should I use Rampart 1.6.4? Or, is there > any proper way to use Rampart 1.7.0? > > On Wed, Jul 13, 2016 at 10:29 PM lanabe <lanabe.lan...@gmail.com> wrote: > > Hi, I'm working on using WS-Security with Axis2 1.7.3 . > > Axis2 1.6.4 + Rampart 1.6.4 works perfectly, but in Axis2 1.7.3 + Rampart > 1.7.0, I got the following error. > > --- > 13-Jul-2016 22:10:21.222 SEVERE [http-nio-8080-exec-4] > org.apache.axis2.engine.AxisEngine.receive Must Understand check failed for > headers: { > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security > org.apache.axis2.AxisFault: Must Understand check failed for headers: { > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security > at > org.apache.axis2.jaxws.handler.HandlerUtils.checkMustUnderstand(HandlerUtils.java:160) > at > org.apache.axis2.jaxws.server.EndpointController.inboundHeaderAndHandlerProcessing(EndpointController.java:336) > at > org.apache.axis2.jaxws.server.EndpointController.handleRequest(EndpointController.java:258) > at > org.apache.axis2.jaxws.server.EndpointController.invoke(EndpointController.java:101) > [...] > --- > > It seems not to be enable the settings for InflowSecurity. > > I've created a simple reproducer, which has 2 projects in each > version(1.6.4, 1.7.3). > https://github.com/emag-notes/axis2-ws-security > > Any Idea? > >
