Hi Ruwan,
thanks for the reply. The situation is we have a machine sitting
externally at a client site, and this has to proxy some web services on
internal machines at the client site. The client (a big client with
stringent security requirements) require that all web service requests
to go through a certain point (the Synapse setup) and that the web
services aren't on the external layer of their network. Also there are
other software vendors writing .NET web services that will be used
through Synapse in a similar way. The future plan is to do some
mediation, such as aggregation of web services.
Also, I'm not sure if anyone is aware but I managed to get the setup I
required working with the latest nightly snapshot build of Synapse. So
it looks like the architecture stuff has been done already? I then
managed to get it setup in an axis2 running inside Tomcat, which took a
bit of fiddling around to get everything working. The synapse.xml file
I used is:
<definitions xmlns="http://ws.apache.org/ns/synapse";>
<proxy name="DataHubVehicleService-1.0.0">
<target>
<inSequence>
<send>
<endpoint>
<address
uri="http://tnz017:8080/tnz/services/DataHubVehicleService-1.0.0";
optimize="swa"/>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
</target>
<publishWSDL
uri="file:C:/Projects/data-hub/data-hub-vehicle-service/resources/DataHubVehicleService-1.0.0.wsdl"/>
</proxy>
</definitions>
Ruwan Linton wrote:
Hi Anthony,
AFAIK, this is a limitation of synapse according to the current
architecture. We thought of re-architecture synapse to handle these cases
which ended up in introducing a new module called synapse-handler.mar which
can handle these kind of situations. But we have not tested this (especially
with proxy services and security)??
I have filed a JIRA [1] on this and we will look in to this ASAP
(1.1release time frame may not gonna scale for this and may not be
able to fix
this for 1.1)
BTW: why do you need to proxy a service with security and just pass through
the message without doing any thing (no mediation)? I am trying to
understand your use case and why do you need synapse in there ...
[1] - https://issues.apache.org/jira/browse/SYNAPSE-152
Thanks,
Ruwan
On 10/16/07, Anthony Bull <[EMAIL PROTECTED]> wrote:
Hi, I have been trying to set up a proxy for some axis2 web services,
and have been having trouble with WS-Security.
The entire message including the WS-Security headers are intended for my
endpoint (axis2 service), however Synapse is trying to handle the
WS-Security headers (see error message below). How can I get Synapse to
ignore the security headers and simply send the message to the endpoint
no matter what?
The error message at Synapse is:
org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
Here is the SOAP message that is being sent to Synapse:
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope
">
<soapenv:Header>
<wsse:Security
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
soapenv:mustUnderstand="true">
<wsu:Timestamp
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
wsu:Id="Timestamp-5311938">
<wsu:Created>2007-10-15T21:36:59.163Z</wsu:Created>
<wsu:Expires>2007-10-15T21:41:59.163Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
wsu:Id="UsernameToken-30318493">
<wsse:Username>bgilbert</wsse:Username>
<wsse:Password
Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
">x</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<GetVehicleInformationRequest
xmlns="urn:toyota-co-nz:vehicle:vehicle-info-request-1.0.0
"><Registration>rav4</Registration></GetVehicleInformationRequest>
</soapenv:Body>
</soapenv:Envelope>
thanks,
Anthony.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Anthony
-------------------------------------
Anthony Bull
Senior Developer
Black Coffee Software Ltd
PO Box 10-192 The Terrace
Wellington, New Zealand
[EMAIL PROTECTED]
Ph +64 4 472 8818
Fax +64 4 472 8811
-------------------------------------
www.bcsoft.co.nz
---------------------------------------------------------------
This email may contain confidential or privileged information,
and is intended for use only by the addressee, or addressees.
If you are not the intended recipient please advise the sender
immediately and do not copy, use or disclose the contents to
any other person or organisation.
Black Coffee Software Ltd accepts no responsibility for viruses
received with this email, or to any changes made to the original
content. Any views or opinions expressed in this email may be
personal to the sender and are not necessarily those of Black
Coffee Software Ltd.
---------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
