Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
1.4
-
None
-
None
-
Windows Vista
Apache Tomcat 5.5.26
Axis2 1.4
Rampart 1.4
Java JRE: 1.5.0.14
Description
Hi,
I'm working with Axis2 and Rampart to create secure web services, and I have the following issue: Whenever an Axis fault is generated on the server's side,
the SOAP fault message send back to the client is not signed. It results in an error since the client is expecting a signed SOAP enveloppe. I'm working with
AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section of Rampart web site. According to the following reports
(http://issues.apache.org/jira/browse/RAMPART-18 and http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have been fixed in version 1.4 of
Rampart so I'm wondering if I'm doing something wrong or if somehow the issue persists. Any clue will be very welcome. Thanks for the help.
This is a normal message when there is no faults:
[INFO] Deploying module: addressing-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
[INFO] Deploying module: rahas-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
[INFO] Deploying module: rampart-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
[INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
1.4-impl.jar
[INFO] Verification successful for URI "#Id-30303804"
[INFO] Verification successful for URI "#id-20457766"
[INFO] Verification successful for URI "#id-1412294"
[INFO] Verification successful for URI "#Timestamp-2746929"
Voici le resultat de l'appel:
1721
==========================================================
This is the message I'm getting when a fault is generated.
==========================================================
[INFO] Deploying module: addressing-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
[INFO] Deploying module: rahas-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
[INFO] Deploying module: rampart-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
[INFO] Deploying module: metadataExchange - file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
1.4-impl.jar
[ERROR] Missing wsse:Security header in request
org.apache.axis2.AxisFault: Missing wsse:Security header in request
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
==============================================
This is the soap enveloppe sent to the Client.
==============================================
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code>
<soapenv:Value>soapenv:Receiver</soapenv:Value>
</soapenv:Code>
<soapenv:Reason>
<soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST ----- ERREUR TEST</soapenv:Text>
</soapenv:Reason>
<soapenv:Detail/>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
===================================================================================================================================
This is the Policy file I'm using. Besides the locations of the Keystore, it is the same policy on both ends (service and client).
===================================================================================================================================
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<!--
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body /> </sp:EncryptedParts>
-->
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
<sp:MustSupportRefThumbprint />
<sp:MustSupportRefEncryptedKey />
<sp:MustSupportSignatureConfirmation />
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>test</ramp:user>
<ramp:encryptionUser>test</ramp:encryptionUser>
<ramp:passwordCallbackClass>
org.example.www.essaisdeploiementwebservice2.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password"> changeit</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
===================================================================================
This is the parts of axis2.xml where the security is enabled in the OutFaultFlow:
===================================================================================
<phaseOrder type="OutFaultFlow">
<!-- user can add his own phases to this area -->
<phase name="soapmonitorPhase"/>
<phase name="OperationOutFaultPhase"/>
<phase name="MessageOut"/>
<phase name="RMPhase"/>
<phase name="PolicyDetermination"/>
<phase name="Security"/>
</phaseOrder>