[jira] Created: (SYNAPSE-151) Can't stop and return error for POX request without using Makefault. But with Makefault, SOAP envelope is returned to the client, and also headers - including Basic Authorization!

Mon, 15 Oct 2007 08:46:53 -0700 

Can't stop and return error for POX request without using Makefault. But with 
Makefault, SOAP envelope is returned to the client, and also headers - 
including Basic Authorization!
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                 Key: SYNAPSE-151
                 URL: https://issues.apache.org/jira/browse/SYNAPSE-151
             Project: Synapse
          Issue Type: Bug
    Affects Versions: 1.0
         Environment: JDK6 on RHEL3
            Reporter: Paul Anderson
            Priority: Minor


I can't stop and return error for a POX request (here, on BASIC auth failure) 
without using Makefault (see config below).

But with Makefault, the fault in its SOAP envelope is returned to the client, 
and also the http request headers - including Basic Authorization! Not very 
secure.
As a workaround, I strip out the Authorization header manually.

If there is no fault, no SOAP envelope is returned - just the POX payload. This 
is correct.

<sequence name="myfault">
          <makefault>
            <code value="tns:Receiver" 
xmlns:tns="http://www.w3.org/2003/05/soap-envelope"/>
            <reason value="Authorization failed!"/>
          </makefault>
          <log level="full"/>
          <property name="RESPONSE" value="true" />
          <property name="Authorization" action="remove" scope="transport"/>
          <send/>
</sequence>
<filter source="get-property('To')" regex=".*/AService">
        <log level="full"/>
        <property name="SOAPAction" action="set" expression="'doIt'" 
scope="transport"/>
        <sequence name="basic" onError="myfault">
        <class name="de.subnatural.synapse.BasicAuthenticationMediator">
          <property name="reqUsername" value="***"/>
          <property name="reqPassword" value="***"/>
        </class>
<send>
                   <endpoint>
                        <address uri="http://***"; format="soap">
                        </address>
                    </endpoint>
</send>
        </sequence>
</filter>
<out>
<header name="wsse:Security" action="remove"
                
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 />
        <log level="full"/>
<send/>
</out>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to