Hi Tim, This is not fixed yet in the latest build ... Please keep an eye on the JIRA [1] we'll update it as soon as we fix it and the fix will be available in the latest build of the trunk.
Thanks, Ruchith 1. https://issues.apache.org/jira/browse/RAMPART-90 On 10/29/07, Tim Munro (myDIALS) <[EMAIL PROTECTED]> wrote: > Thanks for following up Ruchith, really appreciated. I look forward to this > fix - will this appear in the latest builds, or will it only appear in the > next "release" build. > > Best, > Tim. > -----Original Message----- > From: Ruchith Fernando [mailto:[EMAIL PROTECTED] > Sent: Monday, 29 October 2007 10:53 AM > To: [email protected] > Cc: [EMAIL PROTECTED] > Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault > Messages > > Hi, > > This is an issue in Rampart because it doesn't processes the security header > of fault messages. > > https://issues.apache.org/jira/browse/RAMPART-90 > > This will be fixed in the next release of Apache Rampart. > > Thanks, > Ruchith > > On 10/12/07, Tim Munro (myDIALS) <[EMAIL PROTECTED]> wrote: > > Hi All, > > > > I have developed an Axis2-1.3 client (with Rampart 1.3, using an > > xmlbeans > > proxy) that calls methods on a secured .NET web service service. I can > > successfully communicate with the .NET service, however when the .NET > > server returns a valid fault message the xmlbeans proxy client never > > receives the returned fault string; instead all the client receives is > > the following > > message: > > Must Understand check failed for header > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1. > > 0.xsd : Security > > > > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy > > received the correct/expected error string. > > > > So, for example, if I call a method on the .NET web service with an > > invalid parameter in the request document, the .NET web service > > returns an informative message containing details of the problem. > > Below is an example of the xml response message received from the .NET > > server, and to me it appears to be a valid response: > > <?xml version='1.0' encoding='utf-8'?> <s:Envelope > > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > > urity- > > utility-1.0.xsd"> > > <s:Header> > > <o:Security > > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > > urity- > > secext-1.0.xsd" s:mustUnderstand="1"> > > <u:Timestamp u:Id="_0"> > > > > <u:Created>2007-10-12T01:02:16.796Z</u:Created> > > > > <u:Expires>2007-10-12T01:07:16.796Z</u:Expires> > > </u:Timestamp> > > </o:Security> > > </s:Header> > > <s:Body> > > <s:Fault> > > <faultcode>s:UnexpectedFault</faultcode> > > <faultstring xml:lang="en-US">An unexpected > > error has occurred in the service. > > System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva > > lidReq > > uestFault]: The dimension member 'Midlands' was included in a > > dimension reference for the 'Products' dimension, but is not valid. > > (Fault Detail is equal to > MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring> > > </s:Fault> > > </s:Body> > > </s:Envelope> > > > > When I interact with this returned message (through the xmlbeans > > proxy), the error message I see is the "Must Understand check failed for > header ..." > > rather than the value contained in the faultstring elemrnt of the > > returned document. > > > > The issue appears to be that the received message header contains a > > (valid) timestamp, as indicated above, however the Axis2 response > > handler never seems to to process this timestamp in the header, > > meaning that when the > > AxisEngine.checkMustUnderstand() performs the > > headerBlock.isProcessed() test, the result is false and so the "Must > understand check failed ..." > > exception is thrown and my xmlbeans proxy never sees the real > > faultstring message. > > > > I am struggling to understand what is going wrong here ... any > > guidance on what to fault-find next would be greatly appreciated as > > after a few days looking at this I am unsure if it is a problem in > > returned document, or my policy.xml. > > > > Thanks, > > Tim Munro > > =================== > > > > Below is my policy.xml document: > > <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > ecurit y-utility-1.0.xsd" > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:TransportBinding > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:TransportToken> > > <wsp:Policy> > > <sp:HttpsToken > > RequireClientCertificate="false"/> > > </wsp:Policy> > > </sp:TransportToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic256/> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Lax/> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp/> > > </wsp:Policy> > > </sp:TransportBinding> > > <sp:EndorsingSupportingTokens > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:X509Token > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > > Includ > > eToken/AlwaysToRecipient"> > > <wsp:Policy> > > > > <sp:WssX509V3Token10/> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:EndorsingSupportingTokens> > > <sp:Wss10 > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:MustSupportRefKeyIdentifier/> > > <sp:MustSupportRefIssuerSerial/> > > </wsp:Policy> > > </sp:Wss10> > > > > <ramp:RampartConfig > > xmlns:ramp="http://ws.apache.org/rampart/policy";> > > > > <ramp:timestampTTL>300</ramp:timestampTTL> > > > > <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew> > > > > <ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6 > > e69109 > > 3f9d</ramp:user> > > <!-- passwordCallbackClass is set in > > mydials config --> > > <!-- > > <ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:pas > > swordC > > allbackClass> --> > > > > <ramp:signatureCrypto> > > <ramp:crypto > > provider="org.apache.ws.security.components.crypto.Merlin"> > > <ramp:property > > name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp > > :prope > > rty> > > <ramp:property > > name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp > > :prope > > rty> > > <ramp:property > > name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:p > > ropert > > y> > > </ramp:crypto> > > </ramp:signatureCrypto> > > </ramp:RampartConfig> > > > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > -- > http://blog.ruchith.org > http://wso2.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- http://blog.ruchith.org http://wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
