[
https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12664527#action_12664527
]
Bob Jacoby commented on RAMPART-193:
------------------------------------
I just added a patch that should resolve the issue that I discussed in Oct. All
it does is add the last servicePolicy lookup I listed above (from the
attachedPolicyComponents) to the end of all the other lookups in the
RampartMessageData constructor. I threw this patch together based on
correspondence I had with Maik who implemented this change himself. I have not
tested this in my environment however.
Without stepping through the code in more detail I have a feeling this may be a
fix to a symptom, but not necessarily the cure. I say this because I would
think the Policy should be retrieved from one of the earlier retrieval attempts
in the constructor (e.g., from MessageContext). However, this at lease resolves
the issue of not getting signed faults back.
> Missing signature in SOAP fault messages
> ----------------------------------------
>
> Key: RAMPART-193
> URL: https://issues.apache.org/jira/browse/RAMPART-193
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.4
> Environment: Windows Vista
> Apache Tomcat 5.5.26
> Axis2 1.4
> Rampart 1.4
> Java JRE: 1.5.0.14
> Reporter: Edem Alipui
> Assignee: Ruchith Udayanga Fernando
> Fix For: 1.4
>
> Attachments: RampartMessageData.patch
>
>
> Hi,
> I'm working with Axis2 and Rampart to create secure web services, and I have
> the following issue: Whenever an Axis fault is generated on the server's
> side,
> the SOAP fault message send back to the client is not signed. It results in
> an error since the client is expecting a signed SOAP enveloppe. I'm working
> with
> AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking
> section of Rampart web site. According to the following reports
> (http://issues.apache.org/jira/browse/RAMPART-18 and
> http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have
> been fixed in version 1.4 of
> Rampart so I'm wondering if I'm doing something wrong or if somehow the issue
> persists. Any clue will be very welcome. Thanks for the help.
> This is a normal message when there is no faults:
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [INFO] Verification successful for URI "#Id-30303804"
> [INFO] Verification successful for URI "#id-20457766"
> [INFO] Verification successful for URI "#id-1412294"
> [INFO] Verification successful for URI "#Timestamp-2746929"
> Voici le resultat de l'appel:
> 1721
> ==========================================================
> This is the message I'm getting when a fault is generated.
> ==========================================================
> [INFO] Deploying module: addressing-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
> [INFO] Deploying module: rahas-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
> [INFO] Deploying module: rampart-1.4 -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
> [INFO] Deploying module: metadataExchange -
> file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
> 1.4-impl.jar
> [ERROR] Missing wsse:Security header in request
> org.apache.axis2.AxisFault: Missing wsse:Security header in request
> at
> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> ==============================================
> This is the soap enveloppe sent to the Client.
> ==============================================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
> <soapenv:Body>
> <soapenv:Fault>
> <soapenv:Code>
> <soapenv:Value>soapenv:Receiver</soapenv:Value>
> </soapenv:Code>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST
> ----- ERREUR TEST</soapenv:Text>
> </soapenv:Reason>
> <soapenv:Detail/>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> ===================================================================================================================================
> This is the Policy file I'm using. Besides the locations of the Keystore, it
> is the same policy on both ends (service and client).
> ===================================================================================================================================
> <wsp:Policy wsu:Id="SigOnly"
>
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> <wsp:Policy>
>
> <sp:RequireThumbprintReference />
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body />
> <sp:Header
> Namespace="http://www.w3.org/2005/08/addressing"; />
> </sp:SignedParts>
> <!--
> <sp:EncryptedParts
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Body /> </sp:EncryptedParts>
> -->
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> <sp:MustSupportRefThumbprint />
> <sp:MustSupportRefEncryptedKey />
> <sp:MustSupportSignatureConfirmation />
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <ramp:RampartConfig
> xmlns:ramp="http://ws.apache.org/rampart/policy";>
> <ramp:user>test</ramp:user>
> <ramp:encryptionUser>test</ramp:encryptionUser>
> <ramp:passwordCallbackClass>
>
> org.example.www.essaisdeploiementwebservice2.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.password">
> changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> <ramp:encryptionCypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
> </ramp:property>
> <ramp:property
>
> name="org.apache.ws.security.crypto.merlin.keystore.password">
> changeit</ramp:property>
> </ramp:crypto>
> </ramp:encryptionCypto>
> </ramp:RampartConfig>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> ===================================================================================
> This is the parts of axis2.xml where the security is enabled in the
> OutFaultFlow:
> ===================================================================================
> <phaseOrder type="OutFaultFlow">
> <!-- user can add his own phases to this area -->
> <phase name="soapmonitorPhase"/>
> <phase name="OperationOutFaultPhase"/>
> <phase name="MessageOut"/>
> <phase name="RMPhase"/>
> <phase name="PolicyDetermination"/>
> <phase name="Security"/>
>
> </phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
