Eclipse doesn't download the mar file when using the maven plugin so I had manually download it and save it. It was still using 1.7.1 (while I downgraded the rampart version to 1.6.4 in the pom).
After manually downloading the mar file and including it in the build path the security elements are now added. I am still getting the 403 error. At least I have the full soap message with the
usernameToken and Timestamp that I can send to the service provider.
Appreciate your help.
Thanks,
Prasanth
On 10/11/22 3:53 PM, robertlazarski wrote:
I am working on a new Rampart release now, the goal is by the end of the year.
For now, increase your rampart logging by:
log4j.category.org.apache.rampart=TRACE
I also suggest putting all your Axis2 logging at the TRACE level.
Let us know if that clarifies the HTTP 403 error. You seem not to be executing
your Rampart code.
On Tue, Oct 11, 2022 at 9:42 AM Prasanth <dbad...@pangburngroup.com> wrote:
I have talked to the service provider they don't seem to have access to the
actual request to tell me what is wrong. They keep telling me to make sure I
have username token, nonce and time stamp
in the request.
Looking at the log shouldn't I see the security details in the below SOAP
request? Also when I run it in debug mode there doesn't seem to be a call back
to my password callback class. Is the
config I have correct?
-------------From Log--------------------------------------------
2022-10-10 15:18:49,121 [main] DEBUG
org.apache.axis2.transport.http.SOAPMessageFormatter - end writeTo()
2022-10-10 15:18:49,121 [main] DEBUG httpclient.wire.content - >>
"1ed[\r][\n]"
*2022-10-10 15:18:49,121 [main] DEBUG httpclient.wire.content - >> "<?xml version='1.0'
encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";
<http://www.w3.org/2003/05/soap-envelope>><soapenv:Header/><soapenv:Body><ns1:RetrieveFacsimile
xmlns:ns1="http://cdr.ffiec.gov/public/services";
<http://cdr.ffiec.gov/public/services>><ns1:dataSeries>Call</ns1:dataSeries><ns1:reportingPeriodEndDate>06/30/2011</ns1:reportingPeriodEndDate><ns1:fiIDType>FDICCertNumber</ns1:fiIDType><ns1:fiID>57095</ns1:fiID><ns1:facsimileFormat>XBRL</ns1:facsimileFormat></ns1:RetrieveFacsimile></soapenv:Body></soapenv:Envelope>"**
*2022-10-10 15:18:49,121 [main] DEBUG httpclient.wire.content - >>
"[\r][\n]"
2022-10-10 15:18:49,121 [main] DEBUG httpclient.wire.content - >> "0"
2022-10-10 15:18:49,121 [main] DEBUG httpclient.wire.content - >>
"[\r][\n]"
2022-10-10 15:18:49,121 [main] DEBUG httpclient.wire.content - >>
"[\r][\n]"
2022-10-10 15:18:49,171 [main] DEBUG httpclient.wire.content - <<
"<html>[\r][\n]"
2022-10-10 15:18:49,171 [main] DEBUG httpclient.wire.content - << "<head><title>403
Forbidden</title></head>[\r][\n]"
2022-10-10 15:18:49,171 [main] DEBUG httpclient.wire.content - <<
"<body>[\r][\n]"
2022-10-10 15:18:49,171 [main] DEBUG httpclient.wire.content - << "<center><h1>403
Forbidden</h1></center>[\r][\n]"
2022-10-10 15:18:49,171 [main] DEBUG httpclient.wire.content - <<
"<hr><center>Microsoft-Azure-Application-Gateway/v2</center>[\r][\n]"
2022-10-10 15:18:49,171 [main] DEBUG httpclient.wire.content - <<
"</body>[\r][\n]"
2022-10-10 15:18:49,171 [main] DEBUG httpclient.wire.content - <<
"</html>[\r][\n]"
----------------------From axis2.xml---------------------
<axisconfig name="AxisJava2.0">
<module ref="rampart" />
<!-- ================================================= -->
<!-- Parameters -->
<!-- ================================================= -->
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken Timestamp</items>
<user>prasanth</user>
<passwordCallbackClass>com.nqadmin.callreports.client.PasswordCallback</passwordCallbackClass>
</action>
</parameter>
Thanks,
Prasanth
On 10/11/22 1:29 PM, robertlazarski wrote:
On Mon, Oct 10, 2022 at 10:22 AM Prasanth <dbad...@pangburngroup.com> wrote:
2022-10-10 15:18:49,171 [main] DEBUG httpclient.wire.content - << "<head><title>403
Forbidden</title></head>[\r][\n]"
Thanks,
Prasanth
The error "http 403" means "forbidden" and is a red flag.
There is something, somewhere, that is denying access to that URL.
