[jira] Commented: (RAMPART-166) Wrong SoapFault code accessing a Secure endpoint without security

[Nandana Mihindukulasooriya (JIRA)]

    [ 
https://issues.apache.org/jira/browse/RAMPART-166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12597810#action_12597810
 ] 

Nandana Mihindukulasooriya commented on RAMPART-166:
----------------------------------------------------

Yes, According to the WSS 1.1 spec, 

"For SOAP 1.2, the Fault/Code/Value is env:Sender (as defined in SOAP 1.2) and 
the Fault/Code/Subcode/Value is the faultcode below and the Fault/Reason/Text 
is the faultstring below ... ". So we must have the Fault code value as 
env:Sender. 

Changed Rampart to return the SOAP Fault like this. 

         <soapenv:Fault 
xmlns:axis2ns1="http://www.w3.org/2003/05/soap-envelope";>
            <soapenv:Code>
               <soapenv:Value>axis2ns1:Sender</soapenv:Value>
               <soapenv:Subcode>
                  <soapenv:Value 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>wsse:InvalidSecurity</soapenv:Value>
               </soapenv:Subcode>
            </soapenv:Code>
            <soapenv:Reason>
               <soapenv:Text xml:lang="en-US">Missing wsse:Security header in 
request</soapenv:Text>
            </soapenv:Reason>
            <soapenv:Detail>
               <Exception>org.apache.axis2.AxisFault: Missing wsse:Security 
header in request   at ....</Exception>
            </soapenv:Detail>
         </soapenv:Fault>

BTW, when serializing this message "http://www.w3.org/2003/05/soap-envelope"; 
declared twice with two prefixes. I think it is valid but it would have been 
nice if the latter one used previously declared prefix.  

thanks,
nandana

> Wrong SoapFault code accessing a Secure endpoint without security 
> ------------------------------------------------------------------
>
>                 Key: RAMPART-166
>                 URL: https://issues.apache.org/jira/browse/RAMPART-166
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.4
>         Environment: Axis2 1.4. Rampart branch_1_4.
>            Reporter: Hans G Knudsen
>            Assignee: Ruchith Udayanga Fernando
>
> Hi!
> If I send a request without Security to an Axis2/Rampart endpoint requiring 
> Security the Fault Code is set to 'Receiver' :
>               <soapenv:Fault>
>                       <soapenv:Code>
>                               <soapenv:Value>soapenv:Receiver</soapenv:Value>
>                               <soapenv:Subcode>
>                                       <soapenv:Value 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>wsse:InvalidSecurity</soapenv:Value>
>                               </soapenv:Subcode>
>                       </soapenv:Code>
>                       <soapenv:Reason>
>                               <soapenv:Text xml:lang="en-US">Missing 
> wsse:Security header in request</soapenv:Text>
>                       </soapenv:Reason>
>               </soapenv:Fault>
> Is Rampart not expected to return 'Sender'  - to indicate that the client is 
> not configured correctly ?
> /hans

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.