Hi, You can download the latest build ( but this not a RC ) from
http://people.apache.org/~nandana/rampart/distribution/rampart-dist-SNAPSHOT-bin.zip regards, /nandana On Feb 7, 2008 3:14 AM, <[EMAIL PROTECTED]> wrote: > zooming to the last entry for the bug: > Jan 10 08 Fixed in revision 610736. We have to add the security phase to in > the axis2.xml to use Rampart from now on. Will include a note about this in > the READ_ME file. > > should be checked into trunk > anyone to generate the RC and update the mirrors the last one I see is from > sept 07? > http://ftp.wayne.edu/apache/ws/rampart/1_3/ > > Thanks > M- > ----- Original Message ----- > Wrom: EXCAXZOWCONEUQZAAFXISHJEXXIMQ > To: <axis-dev@ws.apache.org> > Sent: Wednesday, February 06, 2008 4:18 PM > Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault > Messages > > > > > > > Any luck with this issue? I just tried a client using Axis2-1.3 and > rampart > > from SVN trunk and the problem is still occuring. I can't get rampart to > > handle valid fault messages from a service. > > > > Response: > > ---------- > > <?xml version='1.0' encoding='utf-8'?> > > <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" > > > > > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- > utility-1.0.xsd"> > > <s:Header> > > <o:Security > > > > > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- > secext-1.0.xsd" > > s:mustUnderstand="1"> > > <u:Timestamp u:Id="_0"> > > <u:Created>2008-02-06T21:16:00.531Z</u:Created> > > <u:Expires>2008-02-06T21:21:00.531Z</u:Expires> > > </u:Timestamp> > > </o:Security> > > </s:Header> > > <s:Body> > > <s:Fault> > > <faultcode>FCode1</faultcode> > > <faultstring xml:lang="en-US"> > > Unable to successfully complete requested action. > > </faultstring> > > <faultactor>Actor1</faultactor> > > <detail> > > <axis2ns1:MsgFault > > xmlns:axis2ns1="http://abc.com/xyz/2006/xsd"> > > </axis2ns1:MsgFault> > > </detail> > > </s:Fault> > > </s:Body> > > </s:Envelope> > > > > > > Stack Trace: > > ------------ > > org.apache.axis2.AxisFault: Must Understand check failed for header > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1. > 0.xsd > > : Security > > at > > org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86) > > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135) > > at > > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAx > isOperation.java:336) > > at > > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio > n.java:389) > > at > > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisO > peration.java:211) > > at > > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > > > > Thanks, > > Khaled > > > > > > Ruchith Fernando wrote: > > > > > > Hi Tim, > > > > > > This is not fixed yet in the latest build ... Please keep an eye on > > > the JIRA [1] we'll update it as soon as we fix it and the fix will be > > > available in the latest build of the trunk. > > > > > > Thanks, > > > Ruchith > > > > > > 1. https://issues.apache.org/jira/browse/RAMPART-90 > > > > > > On 10/29/07, Tim Munro (myDIALS) <[EMAIL PROTECTED]> wrote: > > >> Thanks for following up Ruchith, really appreciated. I look forward to > > >> this > > >> fix - will this appear in the latest builds, or will it only appear in > > >> the > > >> next "release" build. > > >> > > >> Best, > > >> Tim. > > >> -----Original Message----- > > > >> Wrom: ZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGG > > >> Sent: Monday, 29 October 2007 10:53 AM > > >> To: axis-dev@ws.apache.org > > >> Cc: [EMAIL PROTECTED] > > >> Subject: Re: [Axis2] Secured Axis2-1.3 Client "Masks" Returned Fault > > >> Messages > > >> > > >> Hi, > > >> > > >> This is an issue in Rampart because it doesn't processes the security > > >> header > > >> of fault messages. > > >> > > >> https://issues.apache.org/jira/browse/RAMPART-90 > > >> > > >> This will be fixed in the next release of Apache Rampart. > > >> > > >> Thanks, > > >> Ruchith > > >> > > >> On 10/12/07, Tim Munro (myDIALS) <[EMAIL PROTECTED]> wrote: > > >> > Hi All, > > >> > > > >> > I have developed an Axis2-1.3 client (with Rampart 1.3, using an > > >> > xmlbeans > > >> > proxy) that calls methods on a secured .NET web service service. I > can > > >> > successfully communicate with the .NET service, however when the .NET > > >> > server returns a valid fault message the xmlbeans proxy client never > > >> > receives the returned fault string; instead all the client receives > is > > >> > the following > > >> > message: > > >> > Must Understand check failed for header > > >> > > > >> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1. > > >> > 0.xsd : Security > > >> > > > >> > Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy > > >> > received the correct/expected error string. > > >> > > > >> > So, for example, if I call a method on the .NET web service with an > > >> > invalid parameter in the request document, the .NET web service > > >> > returns an informative message containing details of the problem. > > >> > Below is an example of the xml response message received from the > NET > > >> > server, and to me it appears to be a valid response: > > >> > <?xml version='1.0' encoding='utf-8'?> <s:Envelope > > >> > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" > > >> > > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > > >> > urity- > > >> > utility-1.0.xsd"> > > >> > <s:Header> > > >> > <o:Security > > >> > > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > > >> > urity- > > >> > secext-1.0.xsd" s:mustUnderstand="1"> > > >> > <u:Timestamp u:Id="_0"> > > >> > > > >> > <u:Created>2007-10-12T01:02:16.796Z</u:Created> > > >> > > > >> > <u:Expires>2007-10-12T01:07:16.796Z</u:Expires> > > >> > </u:Timestamp> > > >> > </o:Security> > > >> > </s:Header> > > >> > <s:Body> > > >> > <s:Fault> > > >> > <faultcode>s:UnexpectedFault</faultcode> > > >> > <faultstring xml:lang="en-US">An unexpected > > >> > error has occurred in the service. > > >> > > System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.Inva > > >> > lidReq > > >> > uestFault]: The dimension member 'Midlands' was included in a > > >> > dimension reference for the 'Products' dimension, but is not valid. > > >> > (Fault Detail is equal to > > >> MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring> > > >> > </s:Fault> > > >> > </s:Body> > > >> > </s:Envelope> > > >> > > > >> > When I interact with this returned message (through the xmlbeans > > >> > proxy), the error message I see is the "Must Understand check failed > > >> for > > >> header ..." > > >> > rather than the value contained in the faultstring elemrnt of the > > >> > returned document. > > >> > > > >> > The issue appears to be that the received message header contains a > > >> > (valid) timestamp, as indicated above, however the Axis2 response > > >> > handler never seems to to process this timestamp in the header, > > >> > meaning that when the > > >> > AxisEngine.checkMustUnderstand() performs the > > >> > headerBlock.isProcessed() test, the result is false and so the "Must > > >> understand check failed ..." > > >> > exception is thrown and my xmlbeans proxy never sees the real > > >> > faultstring message. > > >> > > > >> > I am struggling to understand what is going wrong here ... any > > >> > guidance on what to fault-find next would be greatly appreciated as > > >> > after a few days looking at this I am unsure if it is a problem in > > >> > returned document, or my policy.xml. > > >> > > > >> > Thanks, > > >> > Tim Munro > > >> > =================== > > >> > > > >> > Below is my policy.xml document: > > >> > <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly" > > >> > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > >> > ecurit y-utility-1.0.xsd" > > >> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> > > >> > <wsp:ExactlyOne> > > >> > <wsp:All> > > >> > <sp:TransportBinding > > >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > >> > <wsp:Policy> > > >> > <sp:TransportToken> > > >> > <wsp:Policy> > > >> > > <sp:HttpsToken > > >> > RequireClientCertificate="false"/> > > >> > </wsp:Policy> > > >> > </sp:TransportToken> > > >> > <sp:AlgorithmSuite> > > >> > <wsp:Policy> > > >> > > <sp:Basic256/> > > >> > </wsp:Policy> > > >> > </sp:AlgorithmSuite> > > >> > <sp:Layout> > > >> > <wsp:Policy> > > >> > <sp:Lax/> > > >> > </wsp:Policy> > > >> > </sp:Layout> > > >> > <sp:IncludeTimestamp/> > > >> > </wsp:Policy> > > >> > </sp:TransportBinding> > > >> > <sp:EndorsingSupportingTokens > > >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > >> > <wsp:Policy> > > >> > <sp:X509Token > > >> > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > > >> > Includ > > >> > eToken/AlwaysToRecipient"> > > >> > <wsp:Policy> > > >> > > > >> > <sp:WssX509V3Token10/> > > >> > </wsp:Policy> > > >> > </sp:X509Token> > > >> > </wsp:Policy> > > >> > </sp:EndorsingSupportingTokens> > > >> > <sp:Wss10 > > >> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> > > >> > <wsp:Policy> > > >> > > > >> <sp:MustSupportRefKeyIdentifier/> > > >> > > > >> <sp:MustSupportRefIssuerSerial/> > > >> > </wsp:Policy> > > >> > </sp:Wss10> > > >> > > > >> > <ramp:RampartConfig > > >> > xmlns:ramp="http://ws.apache.org/rampart/policy"> > > >> > > > >> > <ramp:timestampTTL>300</ramp:timestampTTL> > > >> > > > >> > <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew> > > >> > > > >> > > <ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6 > > >> > e69109 > > >> > 3f9d</ramp:user> > > >> > <!-- passwordCallbackClass is set in > > >> > mydials config --> > > >> > <!-- > > >> > > <ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:pas > > >> > swordC > > >> > allbackClass> --> > > >> > > > >> > <ramp:signatureCrypto> > > >> > <ramp:crypto > > >> > provider="org.apache.ws.security.components.crypto.Merlin"> > > >> > <ramp:property > > >> > > name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp > > >> > :prope > > >> > rty> > > >> > <ramp:property > > >> > > name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp > > >> > :prope > > >> > rty> > > >> > <ramp:property > > >> > > name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:p > > >> > ropert > > >> > y> > > >> > </ramp:crypto> > > >> > </ramp:signatureCrypto> > > >> > </ramp:RampartConfig> > > >> > > > >> > </wsp:All> > > >> > </wsp:ExactlyOne> > > >> > </wsp:Policy> > > >> > > > >> > > > >> > --------------------------------------------------------------------- > > >> > To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> > For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > > >> > > > >> > > >> > > >> -- > > >> http://blog.ruchith.org > > >> http://wso2.org > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > > > > > > > > -- > > > http://blog.ruchith.org > > > http://wso2.org > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > -- > > View this message in context: > http://www.nabble.com/-Axis2--Secured-Axis2-1.3-Client-%22Masks%22-Returned- > Fault-Messages-tp13167907p15312797.html > > Sent from the Axis - Dev mailing list archive at Nabble.com. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > http://nandana83.blogspot.com/ http://nandanasm.wordpress.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]