[jira] Closed: (SYNAPSE-151) Can't stop and return error for POX request without using Makefault. But with Makefault, SOAP envelope is returned to the client, and also headers - including Basic Authorization!

[Paul Anderson (JIRA)]

     [ 
https://issues.apache.org/jira/browse/SYNAPSE-151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Paul Anderson closed SYNAPSE-151.
---------------------------------

    Resolution: Invalid

Thanks a lot for the explanation. Indeed, it's a POX payload even though it's 
in the SOAP namespace.
It might be worth documenting. Also to document that when you turn 
RESPONSE="true" it turns an In message directly into an Out message, with all 
its headers.

> Can't stop and return error for POX request without using Makefault. But with 
> Makefault, SOAP envelope is returned to the client, and also headers - 
> including Basic Authorization!
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SYNAPSE-151
>                 URL: https://issues.apache.org/jira/browse/SYNAPSE-151
>             Project: Synapse
>          Issue Type: Bug
>    Affects Versions: 1.0
>         Environment: JDK6 on RHEL3
>            Reporter: Paul Anderson
>            Priority: Minor
>
> I can't stop and return error for a POX request (here, on BASIC auth failure) 
> without using Makefault (see config below).
> But with Makefault, the fault in its SOAP envelope is returned to the client, 
> and also the http request headers - including Basic Authorization! Not very 
> secure.
> As a workaround, I strip out the Authorization header manually.
> If there is no fault, no SOAP envelope is returned - just the POX payload. 
> This is correct.
> <sequence name="myfault">
>           <makefault>
>             <code value="tns:Receiver" 
> xmlns:tns="http://www.w3.org/2003/05/soap-envelope"/>
>             <reason value="Authorization failed!"/>
>           </makefault>
>           <log level="full"/>
>           <property name="RESPONSE" value="true" />
>           <property name="Authorization" action="remove" scope="transport"/>
>           <send/>
> </sequence>
> <filter source="get-property('To')" regex=".*/AService">
>         <log level="full"/>
>         <property name="SOAPAction" action="set" expression="'doIt'" 
> scope="transport"/>
>         <sequence name="basic" onError="myfault">
>         <class name="de.subnatural.synapse.BasicAuthenticationMediator">
>           <property name="reqUsername" value="***"/>
>           <property name="reqPassword" value="***"/>
>         </class>
> <send>
>                    <endpoint>
>                         <address uri="http://***"; format="soap">
>                         </address>
>                     </endpoint>
> </send>
>         </sequence>
> </filter>
> <out>
> <header name="wsse:Security" action="remove"
>                 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  />
>         <log level="full"/>
> <send/>
> </out>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]