Rampart
  1. Rampart
  2. RAMPART-70

RAMPART Problems on building messages

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Not a Problem
    • Affects Version/s: 1.3
    • Fix Version/s: 1.6.1
    • Component/s: rampart-core
    • Labels:
      None
    • Environment:
      Windows XP SP2, Java 1.6.0, Tomcat 6.0

      Description

      I'm having some problems with rampart 1.3. Please, read 3 cases:

      First problem is fixed when changing phase order on axis2.xml in Axis2 1.3. This was the first problem:

      I'm using basic configuration on client as with 1.2 and policy on server side. Rampart is engaged in both. In server is engaged in service scope and in client at global scope. The exception was:

      org.apache.axis2.AxisFault: The org.apache.axis2.AxisFault: A required
      header representing a Message Addressing Property is not present
      at org.apache.axis2.addressing.AddressingFaultsHelper.triggerAddressingFault(AddressingFaultsHelper.java:355)
      at
      org.apache.axis2.addressing.AddressingFaultsHelper.triggerMessageAddressingRequiredFault(AddressingFaultsHelper.java:281)
      at org.apache.axis2.handlers.addressing.AddressingValidationHandler.checkMessageIDHeader(AddressingValidationHandler.java:168)
      at org.apache.axis2.handlers.addressing.AddressingValidationHandler.invoke(AddressingValidationHandler.java:56)
      at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
      at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
      at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
      at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
      at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:120)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Unknown Source)
      header is required when WS-Addressing is in use but was not sent.
      at org.apache.axis2.handlers.addressing.AddressingInFaultHandler.invoke(AddressingInFaultHandler.java:114)
      at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
      at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
      at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
      at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336)
      at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
      at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
      at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
      at client.Medici_LinkStub.validate(Medici_LinkStub.java:744)
      at client.ClientUtilities.validateTest(ClientUtilities.java:61)
      at client.Client.main(Client.java:34)

      Second, I removed configuration from client but keeping rampart engaged. In server side the configuration is the same: it expects that some elements in the message would come encrypted or signed. I receive this exception from the service:

      org.apache.axis2.AxisFault: java.lang.NullPointerException
      at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
      at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
      at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
      at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
      at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
      at client.Medici_LinkStub.validate(Medici_LinkStub.java:744)
      at client.ClientUtilities.validateTest(ClientUtilities.java:61)
      at client.Client.main(Client.java:34)

      Third, I disengage rampart in server side and the first operation I invoke works ok but for subsequent invocations. (I'm using soapsession). I see an exception ocurred in the client:

      org.apache.axis2.AxisFault: Error in extracting message properties
      at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:68)
      at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
      at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
      at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:377)
      at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:374)
      at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
      at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
      at client.Medici_LinkStub.getDetailedMonitoringStages(Medici_LinkStub.java:4413)
      at client.ClientUtilities.getDetailedMonitoringStagesTest(ClientUtilities.java:356)
      at client.Client.main(Client.java:60)
      Caused by: org.apache.rampart.RampartException: Error in extracting
      message properties
      at org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:293)
      at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:58)
      at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:62)
      ... 9 more
      Caused by: org.apache.ws.security.WSSecurityException: Error in
      converting SOAP Envelope to Document; nested exception is:
      java.lang.ClassCastException:
      org.apache.axiom.om.impl.llom.OMElementImpl cannot be cast to org.apache.axiom.soap.SOAPHeaderBlock
      at org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:157)
      at org.apache.rampart.RampartMessageData.<init>(RampartMessageData.java:150)
      ... 11 more
      Caused by: java.lang.ClassCastException:
      org.apache.axiom.om.impl.llom.OMElementImpl cannot be cast to org.apache.axiom.soap.SOAPHeaderBlock
      at org.apache.rampart.util.Axis2Util.getDocumentFromSOAPEnvelope(Axis2Util.java:107)
      ... 12 more

      1. JIRA70.rar
        151 kB
        Jorge Fernández
      2. WebServiceTest.rar
        49 kB
        Jorge Fernández

        Activity

        Hide
        Ruchith Udayanga Fernando added a comment -

        Hi,

        Have you engaged the addressing module? (Possible remedy for case #1)

        Can you please attach code for your client and service?

        Thanks,
        Ruchith

        Show
        Ruchith Udayanga Fernando added a comment - Hi, Have you engaged the addressing module? (Possible remedy for case #1) Can you please attach code for your client and service? Thanks, Ruchith
        Hide
        Jorge Fernández added a comment - - edited

        Yes, I have addressing at client and server side. The header is present at client side because I'm using basic rampart configuration and I'm encrypting that header (sorry I must have specified this) and rampart doesn't complain of a missing element.

        When I don't engage rampart everything works OK.

        Sorry but I can't attach this code on the JIRA because it contains some pieces of code that can't be published.

        If you can't reproduce the JIRA, I'll try to make a sample if that's OK.

        Show
        Jorge Fernández added a comment - - edited Yes, I have addressing at client and server side. The header is present at client side because I'm using basic rampart configuration and I'm encrypting that header (sorry I must have specified this) and rampart doesn't complain of a missing element. When I don't engage rampart everything works OK. Sorry but I can't attach this code on the JIRA because it contains some pieces of code that can't be published. If you can't reproduce the JIRA, I'll try to make a sample if that's OK.
        Hide
        Ruchith Udayanga Fernando added a comment -

        Yes ... Please try to create a sample that shows the behaviour that you experience and attach it.

        Show
        Ruchith Udayanga Fernando added a comment - Yes ... Please try to create a sample that shows the behaviour that you experience and attach it.
        Hide
        Jorge Fernández added a comment -

        I tried something else that maybe changes this:

        I changed policy at server side so as to not have to encrypt wsa:To and wsa:MessageId from the client and it worked for the first case. However I kept the restriction to encrypt wsa:RelatesTo and the service does encrypt it.

        Second and third remain the same.

        Can you figure out what is happening?? I'll try to do the sample as soon as I can.

        Show
        Jorge Fernández added a comment - I tried something else that maybe changes this: I changed policy at server side so as to not have to encrypt wsa:To and wsa:MessageId from the client and it worked for the first case. However I kept the restriction to encrypt wsa:RelatesTo and the service does encrypt it. Second and third remain the same. Can you figure out what is happening?? I'll try to do the sample as soon as I can.
        Hide
        Jorge Fernández added a comment -

        Here it is the example.

        JIRA70.rar contains the eclipse project with client and server code.
        WebServiceTest.rar is the Web service.xml

        Show
        Jorge Fernández added a comment - Here it is the example. JIRA70.rar contains the eclipse project with client and server code. WebServiceTest.rar is the Web service.xml
        Hide
        Jorge Fernández added a comment - - edited

        In RC1, problems remain.

        I changed my client from basic configuration to policy and I was encrypting relatesTo ws-addressing header from the service. If I drecrypt it or not in the client, I get the following exception:

        Exception in thread "main" java.lang.ClassCastException: org.apache.axiom.om.impl.dom.ElementImpl cannot be cast to org.apache.axiom.soap.SOAPHeaderBlock
        at org.apache.rampart.util.Axis2Util.getSOAPEnvelopeFromDOMDocument(Axis2Util.java:176)
        at org.apache.rampart.RampartEngine.process(RampartEngine.java:174)
        at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:80)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:292)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132)
        at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336)
        at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
        at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
        at client.Medici_LinkStub.validate(Medici_LinkStub.java:744)
        at client.ClientUtilities.validateTest(ClientUtilities.java:61)
        at client.Client.main(Client.java:57)

        Show
        Jorge Fernández added a comment - - edited In RC1, problems remain. I changed my client from basic configuration to policy and I was encrypting relatesTo ws-addressing header from the service. If I drecrypt it or not in the client, I get the following exception: Exception in thread "main" java.lang.ClassCastException: org.apache.axiom.om.impl.dom.ElementImpl cannot be cast to org.apache.axiom.soap.SOAPHeaderBlock at org.apache.rampart.util.Axis2Util.getSOAPEnvelopeFromDOMDocument(Axis2Util.java:176) at org.apache.rampart.RampartEngine.process(RampartEngine.java:174) at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:80) at org.apache.axis2.engine.Phase.invoke(Phase.java:292) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:212) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:132) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at client.Medici_LinkStub.validate(Medici_LinkStub.java:744) at client.ClientUtilities.validateTest(ClientUtilities.java:61) at client.Client.main(Client.java:57)
        Hide
        Jorge Fernández added a comment - - edited

        The org.apache.axis2.AxisFault: The org.apache.axis2.AxisFault: A required
        header representing a Message Addressing Property is not present exception it's due to one of the new characteristics of Axis2 1.3:

        • - Added a new phase called "Addressing" and moved all the addressing
          handlers into that phase

        This phase appears before Security in the Inflow chain in axis2.xml so it finds no header because the message is still encrypted. It doesn't appear in outflow chain.

        When I changed the order of those phases, that problem dissapeared

        Show
        Jorge Fernández added a comment - - edited The org.apache.axis2.AxisFault: The org.apache.axis2.AxisFault: A required header representing a Message Addressing Property is not present exception it's due to one of the new characteristics of Axis2 1.3: - Added a new phase called "Addressing" and moved all the addressing handlers into that phase This phase appears before Security in the Inflow chain in axis2.xml so it finds no header because the message is still encrypted. It doesn't appear in outflow chain. When I changed the order of those phases, that problem dissapeared
        Hide
        Ruchith Udayanga Fernando added a comment -

        Lets fix this post rampart-1.3

        Show
        Ruchith Udayanga Fernando added a comment - Lets fix this post rampart-1.3
        Hide
        Jorge Fernández added a comment -

        Exception number 3, also appears with timestamp

        Show
        Jorge Fernández added a comment - Exception number 3, also appears with timestamp
        Hide
        Ruchith Udayanga Fernando added a comment -

        Hi Jorge,

        I noticed that you changed the phase order in the axis2.xml. Can you please use the original axis2.xml file.
        Also I noticed that you are using

        <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
        <!--<sp:XPath>descendant::wsa:MessageID</sp:XPath>
        <sp:XPath>descendant::wsa:To</sp:XPath>-->
        <sp:XPath>descendant::wsa:RelatesTo</sp:XPath>
        <sp:XPath>descendant::axis2:ServiceGroupId</sp:XPath>
        </sp:EncryptedElements>

        This means that the addressing handler and dispatcher that runs before the security handlers cannot extract addressing information to dispatch the service/operation. Please see this conversation here [1]

        Thanks,
        Ruchith

        [1] http://marc.info/?l=axis-dev&m=118530711330870&w=2

        Show
        Ruchith Udayanga Fernando added a comment - Hi Jorge, I noticed that you changed the phase order in the axis2.xml. Can you please use the original axis2.xml file. Also I noticed that you are using <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <!--<sp:XPath>descendant::wsa:MessageID</sp:XPath> <sp:XPath>descendant::wsa:To</sp:XPath>--> <sp:XPath>descendant::wsa:RelatesTo</sp:XPath> <sp:XPath>descendant::axis2:ServiceGroupId</sp:XPath> </sp:EncryptedElements> This means that the addressing handler and dispatcher that runs before the security handlers cannot extract addressing information to dispatch the service/operation. Please see this conversation here [1] Thanks, Ruchith [1] http://marc.info/?l=axis-dev&m=118530711330870&w=2
        Hide
        Jorge Fernández added a comment -

        Hi Ruchith,

        Sorry but I didn't understand what you said. If I use the original axis2.xml I get the exception described in first place if I'm encrypting wsa header elements and I read the conversation and also I didn't understand a lot.

        Does that mean that it should work without changing the order in axis2.xml?

        Is there another solution that implies not changing configuration file, or does this means that I can't encrypt wsa headers?

        Thanks,

        Jorge Fernández

        Show
        Jorge Fernández added a comment - Hi Ruchith, Sorry but I didn't understand what you said. If I use the original axis2.xml I get the exception described in first place if I'm encrypting wsa header elements and I read the conversation and also I didn't understand a lot. Does that mean that it should work without changing the order in axis2.xml? Is there another solution that implies not changing configuration file, or does this means that I can't encrypt wsa headers? Thanks, Jorge Fernández
        Hide
        Ruchith Udayanga Fernando added a comment -

        Rampart can encrypt was headers.
        Verified with version : 1.6.1

        Show
        Ruchith Udayanga Fernando added a comment - Rampart can encrypt was headers. Verified with version : 1.6.1

          People

          • Assignee:
            Unassigned
            Reporter:
            Jorge Fernández
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development