I'm using synapse v0.91, client is axis2 1.1.1.
|
> |
Hi Katsch Could you let me know which version of Synapse you are trying this with? Meanwhile I will check this on the latest trunk and get back to you ASAP asankha Kastch wrote: |
Hello!
I use synapse, to mediate (proxy) secure request from secure client (client is axis2 1.1.1, secured by rampart module), to a service, that does not understand security headers, encryption and signing.
For test, i tried to implement such scheme, using example 103, but all I've got, is strange Exception:
java.lang.NullPointerException
at org.apache.ws.security.util.WSSecurityUtil.findElementById(WSSecurityUtil.java:298)
at org.apache.ws.security.util.WSSecurityUtil.getElementByWsuId(WSSecurityUtil.java:438)
at org.apache.ws.security.message.token.SecurityTokenReference.getTokenElement(SecurityTokenReference.java:176)
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:186)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:71)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:69)
at org.apache.axis2.engine.Phase.invoke(Phase.java:382)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:522)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:487)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:276)
at org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:202)
at ru.krai.ws.StockQuoteProxyStub.Test(StockQuoteProxyStub.java:154)
at ru.krai.ws.security.test.main(test.java:39)
As i tried to find out what's wrong, i found that exception occures, inside a cycle, that is searching elements (xml tags) with given id. Exception is thrown when, after several iterations, processedNode variable contains null (variable foundElement contains tag, with X509 certificate). I tried to surround this piece of code with try/catch, another exception was thrown. This exception indicates, thet a signature verification failed (as i can see form the debug, the signature, is a one, signed by X509 certificate, and search procedure has found x509 certificate included as BST into message);
P.S. When i try to connect to a sample axis2 services, everything goes fine, no exceptions is thrown
Response that came from synapse is:
<wsdl:definitions xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:chead="http://www.intersystems.com/SOAPheaders" xmlns:s0="http://ws.krai.ru" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://ws.krai.ru"><wsdl:types><s:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://ws.krai.ru">
<s:element name="Test">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" name="Param" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="TestResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" name="TestResult" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
</s:schema><s:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://www.intersystems.com/SOAPheaders">
<s:element name="CSPCHD" type="chead:CSPCHD" />
<s:complexType name="CSPCHD">
<s:sequence>
<s:element name="id" type="s:string" />
</s:sequence>
</s:complexType>
</s:schema>
</wsdl:types>
<wsdl:message name="TestSoapIn">
<wsdl:part name="part1" element="s0:Test" />
</wsdl:message><wsdl:message name="CacheSessionHeader"><wsdl:part name="CSPCHD" element="chead:CSPCHD" /></wsdl:message><wsdl:message name="TestSoapOut"><wsdl:part name="part1" element="s0:TestResponse" /></wsdl:message><wsdl:message name="CacheSessionHeader"><wsdl:part name="CSPCHD" element="chead:CSPCHD" /></wsdl:message><wsdl:portType name="StockQuoteProxyPortType"><wsdl:operation name="Test"><wsdl:input xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" message="s0:TestSoapIn" wsaw:Action="">"http://ws.krai.ru/KrAI.Test.Service.Test" /><wsdl:output xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" message="s0:TestSoapOut" wsaw:Action="">"http://ws.krai.ru/TestServiceSoap/TestResponse" /></wsdl:operation></wsdl:portType><wsdl:binding name="StockQuoteProxySOAP11Binding" type="s0:StockQuoteProxyPortType"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256 /></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict /></wsp:Policy></sp:Layout><sp:IncludeTimestamp /><sp:OnlySignEntireHeadersAndBody /></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier /><sp:MustSupportRefIssuerSerial /></sp:Policy></sp:Wss10><sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /><wsdl:operation name="Test"><soap:operation soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document" /><wsdl:input><soap:body use="literal" /><soap:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:input><wsdl:output><soap:body use="literal" /><soap:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:output></wsdl:operation></wsdl:binding><wsdl:binding name="StockQuoteProxySOAP12Binding" type="s0:StockQuoteProxyPortType"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256 /></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict /></wsp:Policy></sp:Layout><sp:IncludeTimestamp /><sp:OnlySignEntireHeadersAndBody /></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier /><sp:MustSupportRefIssuerSerial /></sp:Policy></sp:Wss10><sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap12:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /><wsdl:operation name="Test"><soap12:operation soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document" /><wsdl:input><soap12:body use="literal" /><soap12:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:input><wsdl:output><soap12:body use="literal" /><soap12:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service name="StockQuoteProxy"><wsdl:port name="StockQuoteProxySOAP11port_http" binding="s0:StockQuoteProxySOAP11Binding"><soap:address location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy" /></wsdl:port><wsdl:port name="StockQuoteProxySOAP12port_http" binding="s0:StockQuoteProxySOAP12Binding"><soap12:address location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy" /></wsdl:port></wsdl:service></wsdl:definitions>
Insecure service WSDL:
<?xml version='1.0' encoding='UTF-8' ?>
<definitions xmlns:http='http://schemas.xmlsoap.org/wsdl/http/' xmlns:soap='http://schemas.xmlsoap.org/wsdl/soap/' xmlns:s='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:s0='http://ws.krai.ru' xmlns:SOAP-ENC='http://schemas.xmlsoap.org/soap/encoding/' xmlns:mime='http://schemas.xmlsoap.org/wsdl/mime/' targetNamespace = 'http://ws.krai.ru' xmlns:chead='http://www.intersystems.com/SOAPheaders' xmlns='http://schemas.xmlsoap.org/wsdl/'>
<types>
<s:schema elementFormDefault='qualified' targetNamespace = 'http://ws.krai.ru'>
<s:element name="Test">
<s:complexType>
<s:sequence>
<s:element name="Param" type="s:string" minOccurs="0" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="TestResponse">
<s:complexType>
<s:sequence>
<s:element name="TestResult" type="s:string" minOccurs="0" />
</s:sequence>
</s:complexType>
</s:element>
</s:schema>
<s:schema elementFormDefault='qualified' targetNamespace='http://www.intersystems.com/SOAPheaders'>
<s:element name='CSPCHD' type='chead:CSPCHD'/>
<s:complexType name="CSPCHD">
<s:sequence>
<s:element name="id" type="s:string" />
</s:sequence>
</s:complexType>
</s:schema>
</types>
<message name="TestSoapIn">
<part name="parameters" element="s0:Test" />
</message>
<message name="TestSoapOut">
<part name="parameters" element="s0:TestResponse" />
</message>
<message name='CacheSessionHeader'>
<part name='CSPCHD' element='chead:CSPCHD' />
</message>
<portType name='TestServiceSoap'>
<operation name='Test'>
<input message='s0:TestSoapIn' />
<output message='s0:TestSoapOut' />
</operation>
</portType>
<binding name='TestServiceSoap' type='s0:TestServiceSoap' >
<soap:binding transport='http://schemas.xmlsoap.org/soap/http' style='document' />
<operation name='Test' >
<soap:operation soapAction='http://ws.krai.ru/KrAI.Test.Service.Test' style='document' />
<input>
<soap:body use='literal' />
<soap:header message='s0:CacheSessionHeader' part='CSPCHD' use='literal' />
</input>
<output>
<soap:body use='literal' />
<soap:header message='s0:CacheSessionHeader' part='CSPCHD' use='literal' />
</output>
</operation>
</binding>
<service name='TestService' >
<port name='TestServiceSoap' binding='s0:TestServiceSoap' >
<soap:address location='http://127.0.0.1:8972/csp/user/KrAI.Test.Service.cls' />
</port>
</service>
</definitions>
Synapse service WSDL:
<wsdl:definitions xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:chead="http://www.intersystems.com/SOAPheaders" xmlns:s0="http://ws.krai.ru" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.xmlsoap.org/wsdl/" targetNamespace="http://ws.krai.ru"><wsdl:types><s:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://ws.krai.ru">
<s:element name="Test">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" name="Param" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
<s:element name="TestResponse">
<s:complexType>
<s:sequence>
<s:element minOccurs="0" name="TestResult" type="s:string" />
</s:sequence>
</s:complexType>
</s:element>
</s:schema><s:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://www.intersystems.com/SOAPheaders">
<s:element name="CSPCHD" type="chead:CSPCHD" />
<s:complexType name="CSPCHD">
<s:sequence>
<s:element name="id" type="s:string" />
</s:sequence>
</s:complexType>
</s:schema></wsdl:types><wsdl:message name="TestSoapIn"><wsdl:part name="part1" element="s0:Test" /></wsdl:message><wsdl:message name="CacheSessionHeader"><wsdl:part name="CSPCHD" element="chead:CSPCHD" /></wsdl:message><wsdl:message name="TestSoapOut"><wsdl:part name="part1" element="s0:TestResponse" /></wsdl:message><wsdl:message name="CacheSessionHeader"><wsdl:part name="CSPCHD" element="chead:CSPCHD" /></wsdl:message><wsdl:portType name="StockQuoteProxyPortType"><wsdl:operation name="Test"><wsdl:input xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" message="s0:TestSoapIn" wsaw:Action="">"http://ws.krai.ru/KrAI.Test.Service.Test" /><wsdl:output xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" message="s0:TestSoapOut" wsaw:Action="">"http://ws.krai.ru/TestServiceSoap/TestResponse" /></wsdl:operation></wsdl:portType><wsdl:binding name="StockQuoteProxySOAP11Binding" type="s0:StockQuoteProxyPortType"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256 /></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict /></wsp:Policy></sp:Layout><sp:IncludeTimestamp /><sp:OnlySignEntireHeadersAndBody /></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier /><sp:MustSupportRefIssuerSerial /></sp:Policy></sp:Wss10><sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /><wsdl:operation name="Test"><soap:operation soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document" /><wsdl:input><soap:body use="literal" /><soap:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:input><wsdl:output><soap:body use="literal" /><soap:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:output></wsdl:operation></wsdl:binding><wsdl:binding name="StockQuoteProxySOAP12Binding" type="s0:StockQuoteProxyPortType"><wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" Id="SigEncr"><wsp:ExactlyOne><wsp:All><sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:InitiatorToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:InitiatorToken><sp:RecipientToken><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"><wsp:Policy><sp:WssX509V3Token10 /></wsp:Policy></sp:X509Token></wsp:Policy></sp:RecipientToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256 /></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict /></wsp:Policy></sp:Layout><sp:IncludeTimestamp /><sp:OnlySignEntireHeadersAndBody /></wsp:Policy></sp:AsymmetricBinding><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Policy><sp:MustSupportRefKeyIdentifier /><sp:MustSupportRefIssuerSerial /></sp:Policy></sp:Wss10><sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:SignedParts><sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><sp:Body /></sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy><soap12:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" /><wsdl:operation name="Test"><soap12:operation soapAction="http://ws.krai.ru/KrAI.Test.Service.Test" style="document" /><wsdl:input><soap12:body use="literal" /><soap12:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:input><wsdl:output><soap12:body use="literal" /><soap12:header use="literal" part="CSPCHD" message="s0:CacheSessionHeader" /></wsdl:output></wsdl:operation></wsdl:binding><wsdl:service name="StockQuoteProxy"><wsdl:port name="StockQuoteProxySOAP11port_http" binding="s0:StockQuoteProxySOAP11Binding"><soap:address location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy" /></wsdl:port><wsdl:port name="StockQuoteProxySOAP12port_http" binding="s0:StockQuoteProxySOAP12Binding"><soap12:address location="http://127.0.0.1:8080/axis2/services/StockQuoteProxy" /></wsdl:port></wsdl:service></wsdl:definitions>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
