Rampart
  1. Rampart
  2. RAMPART-324

Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignE nvelope: Element to encrypt/sign not found: {http://ws.apache.org/axis2}args0)

    Details

      Description

      Here I am trying to run a multiplication service in which I pass 2 parameters. In these two parameters I am trying to encrypt and sign only single element. For this I am using <SignedElements> and <EncryptedElements> assertions. I am calling the service using Client stub in which the namaspace generated is xmlns:ns1="http://ws.apache.org/axis2". I amt trying to use Xpath for that element as <sp:XPath>/soapenv:Envelope/soapenv:Body/ns1:mul/ns1:args0</sp:XPath> where soapenv is xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope">.
      When this got error i changed Xpath to:
      <sp:XPath>descendant::ns1:args0</sp:XPath>
      But i am getting an error which is
      Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignE nvelope: Element to encrypt/sign not found:

      {http://ws.apache.org/axis2}

      args0)

      Abhinav
      Abhinav Mishra
      Exception in thread "main" org.apache.axis2.AxisFault: Error during encryption
      at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
      at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
      at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
      at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
      at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
      at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java
      :229)
      at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
      at org.apache.ws.axis2.Multiplication4Stub.mul(Multiplication4Stub.java:187)
      at org.apache.ws.axis2.Client.main(Client.java:38)
      Caused by: org.apache.rampart.RampartException: Error during encryption
      at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding
      Builder.java:544)
      at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:9
      3)
      at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
      at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
      ... 8 more
      Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignE
      nvelope: Element to encrypt/sign not found:

      {http://ws.apache.org/axis2}

      args0)
      at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:496)
      at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:454)
      at org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecEncrypt.java:351)
      at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding
      Builder.java:530)
      ... 11 more

      So,please help me to solve this issue.
      Here i am attaching my code and services.xml file.
      Thanks in advance!!!

      1. services.xml
        4 kB
        Abhinav Mishra
      2. service.jks
        2 kB
        Abhinav Mishra
      3. RAMPART-324.diff
        19 kB
        Amila Jayasekara
      4. PWCBHandler.java
        0.9 kB
        Abhinav Mishra
      5. PWCBHandler.java
        1 kB
        Abhinav Mishra
      6. Multiplication4Stub.java
        77 kB
        Abhinav Mishra
      7. Multiplication4CallbackHandler.java
        2 kB
        Abhinav Mishra
      8. Multiplication4.java
        0.1 kB
        Abhinav Mishra
      9. client.jks
        2 kB
        Abhinav Mishra
      10. Client.java
        2 kB
        Abhinav Mishra

        Issue Links

          Activity

          Hide
          Hudson added a comment -

          Integrated in rampart-1.5 #60 (See https://builds.apache.org/job/rampart-1.5/60/)

          • RAMPART-324: Merged r1178193 to the 1.5 branch.
          • Also merged r1075676 (addition of a test case) to avoid a merge conflict.

          veithen :
          Files :

          • /axis/axis2/java/rampart/branches/1_5_x
          • /axis/axis2/java/rampart/branches/1_5_x/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/pom.xml
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/resources/rampart/policy/32.xml
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/resources/rampart/policy/33.xml
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/resources/rampart/services-32.xml
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/resources/rampart/services-33.xml
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RequiredElementsBuilder.java
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ContentEncryptedElementsBuilder.java
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredElementsBuilder.java
          • /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
          Show
          Hudson added a comment - Integrated in rampart-1.5 #60 (See https://builds.apache.org/job/rampart-1.5/60/ ) RAMPART-324 : Merged r1178193 to the 1.5 branch. Also merged r1075676 (addition of a test case) to avoid a merge conflict. veithen : Files : /axis/axis2/java/rampart/branches/1_5_x /axis/axis2/java/rampart/branches/1_5_x/modules/documentation/src/site/xdoc/download/1.5.1/download.xml /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/pom.xml /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/resources/rampart/policy/32.xml /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/resources/rampart/policy/33.xml /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/resources/rampart/services-32.xml /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-integration/src/test/resources/rampart/services-33.xml /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RequiredElementsBuilder.java /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ContentEncryptedElementsBuilder.java /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredElementsBuilder.java /axis/axis2/java/rampart/branches/1_5_x/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
          Hide
          Hudson added a comment -

          Integrated in Rampart #584 (See https://builds.apache.org/job/Rampart/584/)
          RAMPART-324: Added the test case provided by Amila Jayasekara, but implemented a proper fix based on the feature added by AXIOM-388.

          veithen :
          Files :

          • /axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml
          • /axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
          • /axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/33.xml
          • /axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-33.xml
          • /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
          • /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RequiredElementsBuilder.java
          • /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
          • /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ContentEncryptedElementsBuilder.java
          • /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
          • /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredElementsBuilder.java
          • /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
          Show
          Hudson added a comment - Integrated in Rampart #584 (See https://builds.apache.org/job/Rampart/584/ ) RAMPART-324 : Added the test case provided by Amila Jayasekara, but implemented a proper fix based on the feature added by AXIOM-388 . veithen : Files : /axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml /axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java /axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/33.xml /axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-33.xml /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RequiredElementsBuilder.java /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ContentEncryptedElementsBuilder.java /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredElementsBuilder.java /axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
          Hide
          Andreas Veithen added a comment -

          Both the existing code and the proposed patch are incorrect. In order to construct the namespace context in which the XPath expression is interpreted, it is not sufficient to look at the namespaces declared on a single element (the sp:XPath element in the existing code and the sp:EncryptedElements element in the patch). Instead, the namespace context must be constructed by looking at the namespace declarations of sp:XPath as well as all of its ancestors.

          This is an example of what I described in AXIOM-388.

          Show
          Andreas Veithen added a comment - Both the existing code and the proposed patch are incorrect. In order to construct the namespace context in which the XPath expression is interpreted, it is not sufficient to look at the namespaces declared on a single element (the sp:XPath element in the existing code and the sp:EncryptedElements element in the patch). Instead, the namespace context must be constructed by looking at the namespace declarations of sp:XPath as well as all of its ancestors. This is an example of what I described in AXIOM-388 .
          Hide
          Thilina Buddhika added a comment - - edited

          Hi Amila,

          Thanks for the patch and it fixes the namespace interpretation issue of XPath expressions.

          But it seems like this fix is not applied to secpolicy12/builders/SignedElementsBuilder.java. Can you please attach the updated patch with this fix.

          Thanks,
          Thilina

          Show
          Thilina Buddhika added a comment - - edited Hi Amila, Thanks for the patch and it fixes the namespace interpretation issue of XPath expressions. But it seems like this fix is not applied to secpolicy12/builders/SignedElementsBuilder.java. Can you please attach the updated patch with this fix. Thanks, Thilina
          Hide
          Amila Jayasekara added a comment -

          Fix is relative to http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk and modified on revision 1171410.

          Thanks
          AmilaJ

          Show
          Amila Jayasekara added a comment - Fix is relative to http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk and modified on revision 1171410. Thanks AmilaJ
          Hide
          Amila Jayasekara added a comment -

          Attaching a diff with a proper fix for this issue.
          Also a test case is added.

          Thanks
          AmilaJ

          Show
          Amila Jayasekara added a comment - Attaching a diff with a proper fix for this issue. Also a test case is added. Thanks AmilaJ
          Hide
          Thilina Buddhika added a comment -

          Since there is a workaround for this issue, i.e. to use the ns1 as the namespace prefix, reducing the priority to Critical from Blocker. Anyway this is a serious bug that needs to be fixed in the next patch release.

          Show
          Thilina Buddhika added a comment - Since there is a workaround for this issue, i.e. to use the ns1 as the namespace prefix, reducing the priority to Critical from Blocker. Anyway this is a serious bug that needs to be fixed in the next patch release.
          Hide
          Amila Jayasekara added a comment -

          Hi Thilina, Abhinav,

          I also faced a similar issue when running some rampart samples. Therefore I tried to reproduce this issue in the trunk. So here are my findings,

          It seems rampart does not take into account the namespaces specified in the policy for EncryptedElements. So if you add following assertion to policy

          <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
                                            xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:serns="http://ws.apache.org/axis2">
                          <sp:XPath>soapenv:Body/serns:mul/serns:args0</sp:XPath>
          </sp:EncryptedElements>

          rampart would not recognize prefix “ serns”.

          But if you add following assertion,
          <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
                                            xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://ws.apache.org/axis2">
                          <sp:XPath>soapenv:Body/ns1:mul/ns1:args0</sp:XPath>
          </sp:EncryptedElements>

          rampart will not complain about the namespace. In other words inorder to work this you must have namespace prefix “ns1”. The reason for “ns1” to work is that it is the default namespace prefix given when message generation. Here I am pasting a part of a message which is generated before encrypting elements,
          ….
          ….
          </ds:KeyInfo>

          </ds:Signature></wsse:Security></soapenv:Header><soapenv:Body><ns1:add xmlns:ns1="http://service.wso2.org"><a>3</a><b>4</b></ns1:add></soapenv:Body></soapenv:Envelope>

          As you can see ns1 is the default namespace given when message generation. But even you are able to get through with namespace issue, rampart will not sign nor encrypt the message elements you specified in the policy. This is in return a result of not reading elements from the policy (I think).

          We will further investigate on this and will work on a patch.

          Thanks
          AmilaJ

          Show
          Amila Jayasekara added a comment - Hi Thilina, Abhinav, I also faced a similar issue when running some rampart samples. Therefore I tried to reproduce this issue in the trunk. So here are my findings, It seems rampart does not take into account the namespaces specified in the policy for EncryptedElements. So if you add following assertion to policy <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"                                   xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:serns="http://ws.apache.org/axis2">                 <sp:XPath>soapenv:Body/serns:mul/serns:args0</sp:XPath> </sp:EncryptedElements> rampart would not recognize prefix “ serns”. But if you add following assertion, <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"                                   xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://ws.apache.org/axis2">                 <sp:XPath>soapenv:Body/ns1:mul/ns1:args0</sp:XPath> </sp:EncryptedElements> rampart will not complain about the namespace. In other words inorder to work this you must have namespace prefix “ns1”. The reason for “ns1” to work is that it is the default namespace prefix given when message generation. Here I am pasting a part of a message which is generated before encrypting elements, …. …. </ds:KeyInfo> </ds:Signature></wsse:Security></soapenv:Header><soapenv:Body><ns1:add xmlns:ns1="http://service.wso2.org"><a>3</a><b>4</b></ns1:add></soapenv:Body></soapenv:Envelope> As you can see ns1 is the default namespace given when message generation. But even you are able to get through with namespace issue, rampart will not sign nor encrypt the message elements you specified in the policy. This is in return a result of not reading elements from the policy (I think). We will further investigate on this and will work on a patch. Thanks AmilaJ
          Hide
          Abhinav Mishra added a comment -

          Hi Thilina,
          Thank you for your reply.

          May I know which namespace prefix you are using while specifying the policy.

          Thanks,
          Abhinav

          Show
          Abhinav Mishra added a comment - Hi Thilina, Thank you for your reply. May I know which namespace prefix you are using while specifying the policy. Thanks, Abhinav
          Hide
          Thilina Buddhika added a comment -

          This works fine when the client policy is manually attached at the client side. I am wondering whether it is a issue when using the policy attached with the generated client.

          I will check this.

          Thanks,
          Thilina

          Show
          Thilina Buddhika added a comment - This works fine when the client policy is manually attached at the client side. I am wondering whether it is a issue when using the policy attached with the generated client. I will check this. Thanks, Thilina
          Hide
          Abhinav Mishra added a comment -

          Hi Thilina,

          Should i use EncryptedElements assertion in supporting token so as to encrypt single element?

          Thanks,
          Abhinav

          Show
          Abhinav Mishra added a comment - Hi Thilina, Should i use EncryptedElements assertion in supporting token so as to encrypt single element? Thanks, Abhinav
          Hide
          Abhinav Mishra added a comment -

          Hi Thilina,
          Thanks for reply.

          Here I am generating client stub corresponding to wsdl of Service using wsdl2java provided in Axis2. So, I just specifying rampart configuration in Client code and as far as Client side policy is concerned it is include in client stub code as it is generated corresponding to wsdl of service which contains policy specified. please go through my Client.java, Multiplication4Stub and services.xml files. i am following this approach by referring to the [1].

          [1] http://wso2.org/library/3415

          I am not able to attach the request message as it is not generated in TCPMon because of the exception generated as I mentioned in description.

          Thanks,
          Abhinav

          Show
          Abhinav Mishra added a comment - Hi Thilina, Thanks for reply. Here I am generating client stub corresponding to wsdl of Service using wsdl2java provided in Axis2. So, I just specifying rampart configuration in Client code and as far as Client side policy is concerned it is include in client stub code as it is generated corresponding to wsdl of service which contains policy specified. please go through my Client.java, Multiplication4Stub and services.xml files. i am following this approach by referring to the [1] . [1] http://wso2.org/library/3415 I am not able to attach the request message as it is not generated in TCPMon because of the exception generated as I mentioned in description. Thanks, Abhinav
          Hide
          Thilina Buddhika added a comment -

          Hi Abhinav,

          Can you please attach a sample request message? Also how do you specify the client side policy ?

          Thanks,
          Thilina

          Show
          Thilina Buddhika added a comment - Hi Abhinav, Can you please attach a sample request message? Also how do you specify the client side policy ? Thanks, Thilina
          Hide
          Abhinav Mishra added a comment -

          Hi Thilina,

          I applied EncryptedElement assertion in every possible way I could. So,could you please provide me some other way of specifying the
          policy to encrypt only single element.

          Thanks,
          Abhinav

          Show
          Abhinav Mishra added a comment - Hi Thilina, I applied EncryptedElement assertion in every possible way I could. So,could you please provide me some other way of specifying the policy to encrypt only single element. Thanks, Abhinav
          Hide
          Abhinav Mishra added a comment -

          Hi Thilina,

          Should I place EncryptedElement assertion in supporting token to make it run?

          Thanks,
          Abhinav

          Show
          Abhinav Mishra added a comment - Hi Thilina, Should I place EncryptedElement assertion in supporting token to make it run? Thanks, Abhinav
          Hide
          Abhinav Mishra added a comment -

          Hi Thilina,
          Thank you for your reply.
          i applied the EncryptedElement assertions that you mentioned in services.xml file.Still, I am getting the same error which is:

          Exception in thread "main" org.apache.axis2.AxisFault: Error in encryption
          at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70)
          at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
          at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:254)
          at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:419)
          at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
          at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java
          :229)
          at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
          at org.apache.ws.axis2.Multiplication5Stub.mul(Multiplication5Stub.java:187)
          at org.apache.ws.axis2.Client.main(Client.java:38)
          Caused by: org.apache.rampart.RampartException: Error in encryption
          at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding
          Builder.java:573)
          at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:9
          5)
          at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
          at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
          ... 8 more
          Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignE
          nvelope: Element to encrypt/sign not found:

          {http://ws.apache.org/axis2}

          args0)
          at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:507)
          at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:461)
          at org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecEncrypt.java:350)
          at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding
          Builder.java:559)
          ... 11 more

          I don't know what to do as i already tried various ways of specifying EncryptedElement assertion.So, could you please check my services.xml file. may be it contains some error in specifying policy.

          The way i defined EncryptedElement assertion is it correct?

          I also used absolute XPath but still was getting the same error.

          Initially, i was using Rampart 1.4 but, now I am using Rampart 1.5.1.

          Thanks,
          Abhinav

          Show
          Abhinav Mishra added a comment - Hi Thilina, Thank you for your reply. i applied the EncryptedElement assertions that you mentioned in services.xml file.Still, I am getting the same error which is: Exception in thread "main" org.apache.axis2.AxisFault: Error in encryption at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:70) at org.apache.axis2.engine.Phase.invoke(Phase.java:318) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:254) at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:419) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java :229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at org.apache.ws.axis2.Multiplication5Stub.mul(Multiplication5Stub.java:187) at org.apache.ws.axis2.Client.main(Client.java:38) Caused by: org.apache.rampart.RampartException: Error in encryption at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding Builder.java:573) at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:9 5) at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64) ... 8 more Caused by: org.apache.ws.security.WSSecurityException: General security error (WSEncryptBody/WSSignE nvelope: Element to encrypt/sign not found: {http://ws.apache.org/axis2} args0) at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:507) at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:461) at org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecEncrypt.java:350) at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBinding Builder.java:559) ... 11 more I don't know what to do as i already tried various ways of specifying EncryptedElement assertion.So, could you please check my services.xml file. may be it contains some error in specifying policy. The way i defined EncryptedElement assertion is it correct? I also used absolute XPath but still was getting the same error. Initially, i was using Rampart 1.4 but, now I am using Rampart 1.5.1. Thanks, Abhinav
          Hide
          Thilina Buddhika added a comment -

          Also defining an absolute XPath expression should also work. Please take a look at the sample07/policy.xml of Rampart 1.5.1.

          Are you testing this on Rampart 1.4 ?

          Thanks,
          Thilina

          Show
          Thilina Buddhika added a comment - Also defining an absolute XPath expression should also work. Please take a look at the sample07/policy.xml of Rampart 1.5.1. Are you testing this on Rampart 1.4 ? Thanks, Thilina
          Hide
          Thilina Buddhika added a comment -

          Hi Abhinav,

          Can you try using the following EncryptedElement assertions.

          <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
          xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://ws.apache.org/axis2">
          <sp:XPath>soapenv:Body/ns1:mul/ns1:args0</sp:XPath>
          </sp:EncryptedElements>

          These xpath expressions need be evaluated against the SOAP envelop as per the WS Security Policy specification.

          Thanks,
          Thilina

          Show
          Thilina Buddhika added a comment - Hi Abhinav, Can you try using the following EncryptedElement assertions. <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://ws.apache.org/axis2"> <sp:XPath>soapenv:Body/ns1:mul/ns1:args0</sp:XPath> </sp:EncryptedElements> These xpath expressions need be evaluated against the SOAP envelop as per the WS Security Policy specification. Thanks, Thilina

            People

            • Assignee:
              Thilina Buddhika
              Reporter:
              Abhinav Mishra
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 504h
                504h
                Remaining:
                Remaining Estimate - 504h
                504h
                Logged:
                Time Spent - Not Specified
                Not Specified

                  Development