Details
Critical Description
The exception in the same as in AXIS2-3999, but Im not sure if it has the same origin
org.apache.axis2.AxisFault: InvalidSecurity
at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
...
we do have 3 services and we are using MTOM in the Clients to sent attachments. Rampart engaged in the services.xml and a policy using a custom password handler as follows:
<module ref="rampart" />
<module ref="addressing" />
<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<!-- <sp:HashPassword/> -->
</wsp:Policy>
</sp:TransportToken>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:passwordCallbackClass>custom.PasswordCallbackHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
policy.xml in client:
<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken=
"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<!-- <sp:HashPassword/>-->
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Client code:
ServiceClient sc = stub._getServiceClient();
sc.engageModule("addressing");
sc.engageModule("rampart");
Options options = sc.getOptions();
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("axis2repo/policies/policy.xml"));
options.setUserName(config.getServerUser());
options.setPassword(config.getServerPassword());
// enale MTOM optimzation in client
options.setProperty(Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
options.setTimeOutInMilliSeconds(getConnectionTimeout() * 1000);
The facts:
1) This works fine for any amount of requests that are sent in sequence.
2) This doesnt work for multiple requests (tested with 10 requests sent at approx. the same time) that are received by the server right after the server startup. In this case one (or some?) of the first requests produce the mentioned security exception.
3) If then again 10 requests are sent in parallel all works fine again.
Thus I assume this is a problem with the policy loading at the beginning (lazy loading?), e.g. something is not thread safe?
I would like to know if this a known problem and if there is a workaround for this (e.g. on startup of the application could I just load everything that is needed to ensure Axis/rampart policy parts are fully initialized).
Note: I also tried this with Axis 1.5.4 and rampart 1.5 but the same problem occured.