[jira] Created: (RAMPART-211) Rampart and SOAP Fault specification issue

Tue, 20 Jan 2009 04:59:24 -0800 

Rampart and SOAP Fault specification issue
------------------------------------------

                 Key: RAMPART-211
                 URL: https://issues.apache.org/jira/browse/RAMPART-211
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
            Reporter: Dobri Kitipov
            Assignee: Ruchith Udayanga Fernando


Hi everybody,

I have done a test with asymmetric binding where the service jks was missing 
from the AAR deployed at server side. As a result an Exception is throw that in 
turn is send back to client as a SOAP  Fault.  This is a correct behavior. The 
problem is that  <soapenv:Code> has the following value:

                <soapenv:Value>axis2ns2:Sender</soapenv:Value>

I have searched the Rampart JIRA and found the following related JIRA: 
https://issues.apache.org/jira/browse/RAMPART-166
I checked the WSS 1.1 spec, too, but there is something that is not correct I 
think.

IMHO, in the above mentioned scenario, we should have "axis2ns2:Receiver" as 
Value, because it is the Server side that is not set correct (the AAR is 
missing the needed server side jks)? Currently the Value is hardcoded into 
RampartReceiver method to "axis2ns2:Sender":

    private void setFaultCodeAndThrowAxisFault(MessageContext msgContext,
Exception e) throws AxisFault {

        msgContext.setProperty(RampartConstants.SEC_FAULT, Boolean.TRUE);

        String soapVersionURI =
msgContext.getEnvelope().getNamespace().getNamespaceURI();
        QName invalidSecurity = new
QName(WSConstants.INVALID_SECURITY.getNamespaceURI(),WSConstants.INVALID_SECURITY.getLocalPart(),"wsse");

        if
(soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI) ) {

            throw new AxisFault(invalidSecurity,e.getMessage(),e);

        } else if
(soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI))
{
            List subfaultCodes = new ArrayList();
            subfaultCodes.add(invalidSecurity);
            throw new
AxisFault(Constants.FAULT_SOAP12_SENDER,subfaultCodes,e.getMessage(),e);

        }
    }

The line of code we are interested in is the last one : 

throw new 
AxisFault(Constants.FAULT_SOAP12_SENDER,subfaultCodes,e.getMessage(),e);

where the Constants.FAULT_SOAP12_SENDER is hardcoded into the thrown AxisFault. 
I think that a flag should be set into the RampartException/MessageCtx so it is 
possible to check if the problem was caused by a Sender or a Receiver.

Regards,
Dobri


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to