Uploaded image for project: 'Axis2'
  1. Axis2
  2. AXIS2-5627

Axis2 1.6.2 Eclipse Plugin generated wrong code - XML message with Security Header cannot be accepted by Axis 1.6.2 Server

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.6.2
    • None
    • ide plugins
    • None
    • Client: Windows Vista, Eclipse Kepler
      Server: Ubuntu 12.04.3 LTS;Apache Tomcat/7.0.26, Axis/Rampart 1.6.2

    Description

      I generated a client stub with the Axis 1.6.2 plugin for Eclipse Kepler. With this I call my webservice, which expects a security header to be set. For this I must set the mustUnderstand flag to "1".
      The generated code creates a message like this:

      <ns1:Security xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="0" mustUnderstand="1">
      <ns1:UsernameToken>
      <ns1:Username>sales</ns1:Username>
      <ns1:Password>aaaaeEaWOqaEAJUbWw+cYI2SqFilfN6qw77Xk2K876+Ko=</ns1:Password>
      <ns1:Nonce>jJnejaaRaaaabTa042A++w==</ns1:Nonce>
      <ns1:Created>2014-02-06T11:22:42.923+01:00</ns1:Created>
      </ns1:UsernameToken>
      </ns1:Security>
      <ns3:MessageID xmlns:ns3="http://schemas.xmlsoap.org/ws/2004/08/addressing" soapenv:mustUnderstand="0">c5033a8b-1538-4a3c-a21f-c18b290720be</ns3:MessageID>
      <ns3:Action xmlns:ns3="http://schemas.xmlsoap.org/ws/2004/08/addressing" soapenv:mustUnderstand="0">urn:createLicense</ns3:Action>
      <ns3:To xmlns:ns3="http://schemas.xmlsoap.org/ws/2004/08/addressing" soapenv:mustUnderstand="0">http://127.0.0.1:8080/axis2/services/WSCmAct</ns3:To>
      <ns3:ReplyTo xmlns:ns3="http://schemas.xmlsoap.org/ws/2004/08/addressing" soapenv:mustUnderstand="0">
      <ns3:Address>http://www.w3.org/2005/08/addressing/anonymous</ns3:Address>
      <ns3:ReferenceParameters>
      <ns3:ServiceGroupId>urn:uuid:f999293a09c2422b8a64d64f820d06d</ns3:ServiceGroupId>
      </ns3:ReferenceParameters>
      </ns3:ReplyTo>
      <ns4:IPAddress xmlns:ns4="http://mycompany.com/" soapenv:mustUnderstand="0">localhost</ns4:IPAddress>

      The mustUnderstand flag for the "Security" tag is created correctly and set to "1", but additionaly a mustUnderstand flag is created for all tags in the security header and the value is set to "0".
      This is no problem, if on the server side Axis/Rampart 1.6.1 is installed. But if I use Axis/Rampart 1.6.2 the message cannot be processed. So I am currently forced to stay on 1.6.1 on server side and cannot update to 1.6.2.

      I got these exceptions with Axis 1.6.2/Rampart 1.6.2
      Caused by: org.apache.ws.security.WSSecurityException: An invalid security token was provided (An error happened processing a Username Token)
      at org.apache.ws.security.message.token.UsernameToken.checkBSPCompliance(UsernameToken.java:1021)
      at org.apache.ws.security.message.token.UsernameToken.<init>(UsernameToken.java:154)
      at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:126)
      at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:65)

      and

      org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
      at org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:216)
      at org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:85)
      at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
      at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            StefanN Stefan Nikolaus

            Dates

              Created:
              Updated:

              Slack

                Issue deployment