Any luck with this issue? I just tried a client using Axis2-1.3 and rampart from SVN trunk and the problem is still occuring. I can't get rampart to handle valid fault messages from a service.
Response: ---------- <?xml version='1.0' encoding='utf-8'?> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <s:Header> <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; s:mustUnderstand="1"> <u:Timestamp u:Id="_0"> <u:Created>2008-02-06T21:16:00.531Z</u:Created> <u:Expires>2008-02-06T21:21:00.531Z</u:Expires> </u:Timestamp> </o:Security> </s:Header> <s:Body> <s:Fault> <faultcode>FCode1</faultcode> <faultstring xml:lang="en-US"> Unable to successfully complete requested action. </faultstring> <faultactor>Actor1</faultactor> <detail> <axis2ns1:MsgFault xmlns:axis2ns1="http://abc.com/xyz/2006/xsd";> </axis2ns1:MsgFault> </detail> </s:Fault> </s:Body> </s:Envelope> Stack Trace: ------------ org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:336) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) Thanks, Khaled Ruchith Fernando wrote: > > Hi Tim, > > This is not fixed yet in the latest build ... Please keep an eye on > the JIRA [1] we'll update it as soon as we fix it and the fix will be > available in the latest build of the trunk. > > Thanks, > Ruchith > > 1. https://issues.apache.org/jira/browse/RAMPART-90 > > On 10/29/07, Tim Munro (myDIALS) <[EMAIL PROTECTED]> wrote: >> Thanks for following up Ruchith, really appreciated. I look forward to >> this >> fix - will this appear in the latest builds, or will it only appear in >> the >> next "release" build. >> >> Best, >> Tim. >> -----Original Message----- >> From: Ruchith Fernando [mailto:[EMAIL PROTECTED] >> Sent: Monday, 29 October 2007 10:53 AM >> To: axis-dev@ws.apache.org >> Cc: [EMAIL PROTECTED] >> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault >> Messages >> >> Hi, >> >> This is an issue in Rampart because it doesn't processes the security >> header >> of fault messages. >> >> https://issues.apache.org/jira/browse/RAMPART-90 >> >> This will be fixed in the next release of Apache Rampart. >> >> Thanks, >> Ruchith >> >> On 10/12/07, Tim Munro (myDIALS) <[EMAIL PROTECTED]> wrote: >> > Hi All, >> > >> > I have developed an Axis2-1.3 client (with Rampart 1.3, using an >> > xmlbeans >> > proxy) that calls methods on a secured .NET web service service. I can >> > successfully communicate with the .NET service, however when the .NET >> > server returns a valid fault message the xmlbeans proxy client never >> > receives the returned fault string; instead all the client receives is >> > the following >> > message: >> > Must Understand check failed for header >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1. >> > 0.xsd : Security >> > >> > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy >> > received the correct/expected error string. >> > >> > So, for example, if I call a method on the .NET web service with an >> > invalid parameter in the request document, the .NET web service >> > returns an informative message containing details of the problem. >> > Below is an example of the xml response message received from the .NET >> > server, and to me it appears to be a valid response: >> > <?xml version='1.0' encoding='utf-8'?> <s:Envelope >> > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; >> > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec >> > urity- >> > utility-1.0.xsd"> >> > <s:Header> >> > <o:Security >> > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec >> > urity- >> > secext-1.0.xsd" s:mustUnderstand="1"> >> > <u:Timestamp u:Id="_0"> >> > >> > <u:Created>2007-10-12T01:02:16.796Z</u:Created> >> > >> > <u:Expires>2007-10-12T01:07:16.796Z</u:Expires> >> > </u:Timestamp> >> > </o:Security> >> > </s:Header> >> > <s:Body> >> > <s:Fault> >> > <faultcode>s:UnexpectedFault</faultcode> >> > <faultstring xml:lang="en-US">An unexpected >> > error has occurred in the service. >> > System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva >> > lidReq >> > uestFault]: The dimension member 'Midlands' was included in a >> > dimension reference for the 'Products' dimension, but is not valid. >> > (Fault Detail is equal to >> MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring> >> > </s:Fault> >> > </s:Body> >> > </s:Envelope> >> > >> > When I interact with this returned message (through the xmlbeans >> > proxy), the error message I see is the "Must Understand check failed >> for >> header ..." >> > rather than the value contained in the faultstring elemrnt of the >> > returned document. >> > >> > The issue appears to be that the received message header contains a >> > (valid) timestamp, as indicated above, however the Axis2 response >> > handler never seems to to process this timestamp in the header, >> > meaning that when the >> > AxisEngine.checkMustUnderstand() performs the >> > headerBlock.isProcessed() test, the result is false and so the "Must >> understand check failed ..." >> > exception is thrown and my xmlbeans proxy never sees the real >> > faultstring message. >> > >> > I am struggling to understand what is going wrong here ... any >> > guidance on what to fault-find next would be greatly appreciated as >> > after a few days looking at this I am unsure if it is a problem in >> > returned document, or my policy.xml. >> > >> > Thanks, >> > Tim Munro >> > =================== >> > >> > Below is my policy.xml document: >> > <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly" >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss >> > ecurit y-utility-1.0.xsd" >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> >> > <wsp:ExactlyOne> >> > <wsp:All> >> > <sp:TransportBinding >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> > <wsp:Policy> >> > <sp:TransportToken> >> > <wsp:Policy> >> > <sp:HttpsToken >> > RequireClientCertificate="false"/> >> > </wsp:Policy> >> > </sp:TransportToken> >> > <sp:AlgorithmSuite> >> > <wsp:Policy> >> > <sp:Basic256/> >> > </wsp:Policy> >> > </sp:AlgorithmSuite> >> > <sp:Layout> >> > <wsp:Policy> >> > <sp:Lax/> >> > </wsp:Policy> >> > </sp:Layout> >> > <sp:IncludeTimestamp/> >> > </wsp:Policy> >> > </sp:TransportBinding> >> > <sp:EndorsingSupportingTokens >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> > <wsp:Policy> >> > <sp:X509Token >> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ >> > Includ >> > eToken/AlwaysToRecipient"> >> > <wsp:Policy> >> > >> > <sp:WssX509V3Token10/> >> > </wsp:Policy> >> > </sp:X509Token> >> > </wsp:Policy> >> > </sp:EndorsingSupportingTokens> >> > <sp:Wss10 >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> > <wsp:Policy> >> > >> <sp:MustSupportRefKeyIdentifier/> >> > >> <sp:MustSupportRefIssuerSerial/> >> > </wsp:Policy> >> > </sp:Wss10> >> > >> > <ramp:RampartConfig >> > xmlns:ramp="http://ws.apache.org/rampart/policy";> >> > >> > <ramp:timestampTTL>300</ramp:timestampTTL> >> > >> > <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew> >> > >> > <ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6 >> > e69109 >> > 3f9d</ramp:user> >> > <!-- passwordCallbackClass is set in >> > mydials config --> >> > <!-- >> > <ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:pas >> > swordC >> > allbackClass> --> >> > >> > <ramp:signatureCrypto> >> > <ramp:crypto >> > provider="org.apache.ws.security.components.crypto.Merlin"> >> > <ramp:property >> > name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp >> > :prope >> > rty> >> > <ramp:property >> > name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp >> > :prope >> > rty> >> > <ramp:property >> > name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:p >> > ropert >> > y> >> > </ramp:crypto> >> > </ramp:signatureCrypto> >> > </ramp:RampartConfig> >> > >> > </wsp:All> >> > </wsp:ExactlyOne> >> > </wsp:Policy> >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> >> >> -- >> http://blog.ruchith.org >> http://wso2.org >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > -- > http://blog.ruchith.org > http://wso2.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned-Fault-Messages-tp13167907p15312797.html Sent from the Axis - Dev mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
