Hi Jeff, If you enable addressing to the outbound message then synapse should be sending the ReplyTo header as appropriate. May be amazon is not accepting anonymous ReplyTo headers, so assuming that you are using the 1.2 build here is the proposed solution to this;
<definitions xmlns="http://ws.apache.org/ns/synapse";> <localEntry key="sec_policy" src="file:repository/conf/sample/resources/policy/amazon.xml"/> <in> <send> <endpoint name="secure"> <address uri="http://localhost:8086";> <enableSec policy="sec_policy"/> <enableAddressing separateListener="true"/> </address> </endpoint> </send> </in> <out> <header name="wsse:Security" action="remove" xmlns:wsse=" http://www.w3.org/2005/08/addressing"/> <send/> </out> </definitions> The above configuration should work, but please note that you need to change the address uri of the endpoint in the above configuration from " http://localhost:8086"; to "AMAZON_URL" If this is not working could you please attach the TCPMon out put of the outbound message which is going to AMAZON (after changing important information) and the message received from AMAZON. If you don't want to post it publicly you may send it to me (mailto:[EMAIL PROTECTED] <[EMAIL PROTECTED]>) Thanks, Ruwan On Sun, Jun 8, 2008 at 7:01 AM, Jeff Davis <[EMAIL PROTECTED]> wrote: > I did a little research, and I haven't seen anything in the standard that > indicates WS-Security requires WS-Addressing. Unfortunately, it doesn't > appear as though setting the header has any impact (further, if it did, the > ReplyTo has a child element for the Address, so not sure how that would be > added). Here's my configuration: > > <definitions xmlns="http://ws.apache.org/ns/synapse";> > <localEntry key="sec_policy" > src="file:repository/conf/sample/resources/policy/amazon.xml"/> > > <in> > <header name="ReplyTo" action="set" value=""/> > <send> > <endpoint name="secure"> > <address uri="http://localhost:8086";> > <enableSec policy="sec_policy"/> > <enableAddressing/> > </address> > </endpoint> > </send> > </in> > <out> > <send/> > </out> > </definitions> > > In lieu of the above header, I also tried: > > <header name="wsse:Security" action="remove" > xmlns:wsse="http://www.w3.org/2005/08/addressing"/> > > (I also tried removing the <enableAddressing/> node for each test). > > To recap my issue, it seems as though Amazon AWS (at least for SimpleDB > service) requires the ReplyTo WS-Addressing element, if WS-Addressing is > used. I haven't found a way to remove WS-Addressing generated automatically > by Synapse when WS-Security is used, and I haven't figure out how to add > ReplyTo (and it's child Address node) to the outbound message. > > Anyone have any work-arounds? Maybe I'll try chaining together some things > to see if I can devise something. > > Thanks, > > jeff > > > On Sat, Jun 7, 2008 at 9:25 AM, Asankha C. Perera <[EMAIL PROTECTED]> > wrote: > > > Hi Jeff > > > >> To be honest, I'm not entirely certain how to add it in the Header > >> mediator, > >> as you allude to. I did try various permutations of using the property > and > >> header nodes within the <in>, but nothing ever appeared. > >> > >> > > I am sorry.. I had made a mistake in my reply earlier.. to set the > ReplyTo > > header to something, you will use "<header name="ReplyTo" value="..."/> > > format.. If you are familiar with using TCPMon, you can place it between > > your service and Amazon and route the message through it to get a trace > of > > the messages. This will help you and us to solve any problems. > > > >> Obviously, Amazon's service is not entirely compliant with the > WS-Security > >> standards. Even in their section under WS-Security SOAP, they state that > >> "if > >> you're using WS-Addressing, we recommend you also sign the Action and To > >> header elements" (I haven't figured out how to do that yet, but I'll dig > >> into that). > >> > >> > > If you are ok to share your configuration/scenario with us or let us try > > some simple sample to reproduce the issue you are facing, one of the > > developers would be able to tell you exactly whats wrong, and what you > could > > do to get past the problem > > > > asankha > > > -- Ruwan Linton http://www.wso2.org - "Oxygenating the Web Services Platform"
