Hello, could it be that this a similiar problem like I have with my RAMPART 1.3? My service fault is signed but it seems to be signed wrong because the clients (JAVA abd .NET) calculate always a different hash for the signed body then the delivered hash in the security header from the server.
Greetings Christian -----Ursprüngliche Nachricht----- Von: Nandana Mihindukulasooriya (JIRA) [mailto:j...@apache.org] Gesendet: Donnerstag, 5. März 2009 09:48 An: rampart-dev@ws.apache.org Betreff: [jira] Updated: (RAMPART-193) Missing signature in SOAP fault messages [ https://issues.apache.org/jira/browse/RAMPART-193?page=com.atlassian.jira.pl ugin.system.issuetabpanels:all-tabpanel ] Nandana Mihindukulasooriya updated RAMPART-193: ----------------------------------------------- Priority: Blocker (was: Major) > Missing signature in SOAP fault messages > ---------------------------------------- > > Key: RAMPART-193 > URL: https://issues.apache.org/jira/browse/RAMPART-193 > Project: Rampart > Issue Type: Bug > Affects Versions: 1.4 > Environment: Windows Vista > Apache Tomcat 5.5.26 > Axis2 1.4 > Rampart 1.4 > Java JRE: 1.5.0.14 > Reporter: Edem Alipui > Assignee: Ruchith Udayanga Fernando > Priority: Blocker > Fix For: 1.4 > > Attachments: RampartMessageData.class, RampartMessageData.java, RampartMessageData.patch > > > Hi, > I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side, > the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with > AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports > (http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of > Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help. > This is a normal message when there is no faults: > [INFO] Deploying module: addressing-1.4 - > file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa isDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar > [INFO] Deploying module: rahas-1.4 - > file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa isDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar > [INFO] Deploying module: rampart-1.4 - > file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa isDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar > [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa isDeploiementWS14Client_1/lib/mex- > 1.4-impl.jar > [INFO] Verification successful for URI "#Id-30303804" > [INFO] Verification successful for URI "#id-20457766" > [INFO] Verification successful for URI "#id-1412294" > [INFO] Verification successful for URI "#Timestamp-2746929" > Voici le resultat de l'appel: > 1721 > ========================================================== > This is the message I'm getting when a fault is generated. > ========================================================== > [INFO] Deploying module: addressing-1.4 - > file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa isDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar > [INFO] Deploying module: rahas-1.4 - > file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa isDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar > [INFO] Deploying module: rampart-1.4 - > file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa isDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar > [INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essa isDeploiementWS14Client_1/lib/mex- > 1.4-impl.jar > [ERROR] Missing wsse:Security header in request > org.apache.axis2.AxisFault: Missing wsse:Security header in request > at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(Ram partReceiver.java:172) > ============================================== > This is the soap enveloppe sent to the Client. > ============================================== > <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> > <soapenv:Body> > <soapenv:Fault> > <soapenv:Code> > <soapenv:Value>soapenv:Receiver</soapenv:Value> > </soapenv:Code> > <soapenv:Reason> > <soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text> > </soapenv:Reason> > <soapenv:Detail/> > </soapenv:Fault> > </soapenv:Body> > </soapenv:Envelope> > ============================================================================ ======================================================= > This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client). > ============================================================================ ======================================================= > <wsp:Policy wsu:Id="SigOnly" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ eToken/AlwaysToRecipient"> > <wsp:Policy> > <sp:WssX509V3Token10 /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ eToken/Never"> > <wsp:Policy> > <sp:RequireThumbprintReference /> > <sp:WssX509V3Token10 /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:TripleDesRsa15 /> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Lax /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:OnlySignEntireHeadersAndBody /> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > <sp:Header Namespace="http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <!-- > <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> </sp:EncryptedParts> > --> > <sp:Wss11> > <wsp:Policy> > <sp:MustSupportRefKeyIdentifier /> > <sp:MustSupportRefIssuerSerial /> > <sp:MustSupportRefThumbprint /> > <sp:MustSupportRefEncryptedKey /> > <sp:MustSupportSignatureConfirmation /> > </wsp:Policy> > </sp:Wss11> > <sp:Trust10> > <wsp:Policy> > <sp:MustSupportIssuedTokens /> > <sp:RequireClientEntropy /> > <sp:RequireServerEntropy /> > </wsp:Policy> > </sp:Trust10> > <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> > <ramp:user>test</ramp:user> > <ramp:encryptionUser>test</ramp:encryptionUser> > <ramp:passwordCallbackClass> > org.example.www.essaisdeploiementwebservice2.PWCBHandler > </ramp:passwordCallbackClass> > <ramp:signatureCrypto> > <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property> > <ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks > </ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property> > </ramp:crypto> > </ramp:signatureCrypto> > <ramp:encryptionCypto> > <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property> > <ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks > </ramp:property> > <ramp:property > name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property> > </ramp:crypto> > </ramp:encryptionCypto> > </ramp:RampartConfig> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > ============================================================================ ======= > This is the parts of axis2.xml where the security is enabled in the OutFaultFlow: > ============================================================================ ======= > <phaseOrder type="OutFaultFlow"> > <!-- user can add his own phases to this area --> > <phase name="soapmonitorPhase"/> > <phase name="OperationOutFaultPhase"/> > <phase name="MessageOut"/> > <phase name="RMPhase"/> > <phase name="PolicyDetermination"/> > <phase name="Security"/> > > </phaseOrder> -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
