Thanks Amila. It work.!!!!
Jorge.
-----Mensaje original-----
De: [email protected] [mailto:[email protected]] En
nombre de Amila Jayasekara
Enviado el: sábado, 02 de abril de 2011 14:20
Para: [email protected]
Asunto: Re: [Carbon-dev] Security scenario 15. Issue with header missing or
InputStream NULL
Hi Jorge,
Sorry for the late response. I've been trying to reproduce this issue and I
got stuck with some other work.
Until yesterday I was trying to reproduce the issue using the proxy
configuration in [1]. According to proxy configuration [1] I defined an
endpoint pointing to HelloService in WSAS and used that endpoint in a
sequence called CustomSequence. Then used CustomSequence in
HelloProxy.
With this [1] proxy configuration I was not able to reproduce the issue
mentioned in this mail thread.
Then I created a proxy service similar to one you are using [2]. With this
[2] proxy service I was able to reproduce the intermittent issue you
mentioned. Thus in my case, I didnt see a pattern, rather it was failing
most of the time and getting success for about 1 in 7 requests. Also, I
found some ERROR logs in ESB logs for both success and fail requests
(esbConsoleMessages.txt). I am not exactly sure what is the cause for this
issue.
As a workaround please use a proxy configuration similar to [1]. We will
investigate the issue in proxy configuration [2]. Issue [3] is created to
investigate this behaviour.
I am attaching all the artifacts I used in this experiment.
Note: If you are switching between HelloProxy and Secureproxy3,
remember to change SERVICE_EPR in client code and proxy URL in XACML policy.
Also, please ignore my previous reply about third party token issuer
[4] (I used STS in IS).
Thanks
AmilaJ
[1]
<proxy name="HelloProxy" transports="https http" startOnLoad="true"
trace="disable">
<target inSequence="CustomSequence" outSequence="CustomSequence"/>
<publishWSDL
uri="http://192.168.100.188:9765/services/HelloService?wsdl"/>
<policy
key="conf:/repository/axis2/service-groups/HelloProxy/services/HelloProxy/po
licies/SecConSgnEncrUsername"/>
<enableSec/>
</proxy>
<endpoint name="HelloEndpoint">
<address uri="http://192.168.100.188:9765/services/HelloService/";>
<enableAddressing/>
</address>
</endpoint>
<sequence name="CustomSequence">
<in>
<entitlementService
remoteServiceUrl="https://localhost:9444/services/";
remoteServiceUserName="admin" remoteServicePassword="admin"/>
<header
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
name="wsse:Security" action="remove"/>
<send>
<endpoint key="HelloEndpoint"/>
</send>
</in>
<out>
<send/>
</out>
</sequence>
[2]
<proxy name="Secureproxy3" transports="https http" startOnLoad="true"
trace="disable">
<target>
<endpoint
name="endpoint_urn_uuid_BB7F94575A9CFBD9B029470951711769-2054221907">
<address
uri="http://127.0.0.1:9765/services/HelloService/"/>
</endpoint>
<inSequence>
<entitlementService
remoteServiceUrl="https://localhost:9444/services/";
remoteServiceUserName="admin" remoteServicePassword="admin"/>
<header
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
name="wsse:Security" action="remove"/>
<send/>
</inSequence>
<outSequence>
<log level="full"/>
<send/>
</outSequence>
<faultSequence>
<log level="full"/>
</faultSequence>
</target>
<publishWSDL
uri="http://192.168.100.188:9765/services/HelloService?wsdl"/>
<policy
key="conf:/repository/axis2/service-groups/Secureproxy3/services/Secureproxy
3/policies/SecConSgnEncrUsername"/>
<enableSec/>
</proxy>
[3] https://wso2.org/jira/browse/CARBON-9243
[4] http://www.mail-archive.com/[email protected]/msg11579.html
On Sat, Apr 2, 2011 at 8:27 AM, Thilina Buddhika <[email protected]> wrote:
> Hi Jorge,
> I will try to reproduce this issue at our end and get back to you.
> Thanks,
> Thilina
> On Sat, Apr 2, 2011 at 9:12 AM, Jorge Infante Osorio <[email protected]>
wrote:
>>
>> If you search the thread in the list archive you will see the client
>> code, ESB proxy service configuration, XACML policy, Service Policy,
>> the errors I received in ESB log and in the Eclipse console.
>>
>> Also I can send you again the information so you can reproduce the error.
>>
>> Thanks a lot for your help in this.
>>
>> Jorge.
>>
>> -----Mensaje original-----
>> De: [email protected] [mailto:[email protected]]
>> En nombre de Supun Kamburugamuva Enviado el: viernes, 01 de abril de
>> 2011 22:41
>> Para: [email protected]
>> Asunto: Re: [Carbon-dev] Security scenario 15. Issue with header
>> missing or InputStream NULL
>>
>> On Sat, Apr 2, 2011 at 7:19 AM, Afkham Azeez <[email protected]> wrote:
>> > One small question, are you sending the request to the ESB port
>> > 8280 from your client?
>> >
>>
>> Yes, exactly. If he is sending to 9763 this behavior can happen.
>>
>> Thanks,
>> Supun..
>>
>> > On Feb 21, 2011 9:23 AM, "Jorge Infante Osorio" <[email protected]> wrote:
>> >> Hi all.
>> >>
>> >> I implement a proxy Service like this [1] with security scenario
>> >> 15, and I can use the token issued by IS and pass to the ESB, this
>> >> work fine.
>> >> I see that the entitlement mediator work fine, it login into the
>> >> ESB and the XACML policy response PERMIT.
>> >>
>> >> In the WSAS SOAP tracer I see all the request from ESB:
>> >>
>> >> <soapenv:Envelope
>> >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
>> >> <soapenv:Body
>> >>
>> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
>> >> -ws securit y-utility-1.0.xsd" wsu:Id="Id-31168594"> <ns1:greet
>> >> xmlns:ns1="http://www.wso2.org/types";>
>> >> <name>jorge infante 3</name>
>> >> </ns1:greet>
>> >> </soapenv:Body>
>> >> </soapenv:Envelope>
>> >>
>> >> This request message came without the security header, so the
>> >> header mediator work fine.
>> >>
>> >> And all the WSAS response are the same:
>> >>
>> >> <soapenv:Envelope
>> >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
>> >> <soapenv:Header />
>> >> <soapenv:Body>
>> >> <ns:greetResponse xmlns:ns="http://www.wso2.org/types";>
>> >> <return>Hello World, jorge infante 3 !!!</return>
>> >> </ns:greetResponse> </soapenv:Body> </soapenv:Envelope>
>> >>
>> >> But in the Eclipse console I see this errors in all the call I made:
>> >>
>> >> Response for Call 1:
>> >> Exception in thread "main" org.apache.axis2.AxisFault: InputStream
>> >> cannot be NULL.
>> >>
>> >> Response for call 2:
>> >> Exception in thread "main" org.apache.axis2.AxisFault: SOAP header
>> >> missing
>> >>
>> >> Response for call 3:
>> >> <ns:greetResponse xmlns:ns="http://www.wso2.org/types";
>> >> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";
>> >>
>> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss
>> >> -ws
>> >> securit
>> >> y-utility-1.0.xsd">
>> >> <return>
>> >> Hello World, jorge infante 3 !!!
>> >> </return>
>> >> </ns:greetResponse>
>> >>
>> >> Response for call 4:
>> >> Exception in thread "main" org.apache.axis2.AxisFault: InputStream
>> >> cannot be NULL.
>> >>
>> >> And so on, the response are not the same in every call, so I
>> >> wondering what could be the root cause of this behavior.
>> >>
>> >>
>> >> [1] the proxy service:
>> >> <proxy xmlns="http://ws.apache.org/ns/synapse"; name="Secureproxy3"
>> >> transports="https http" startOnLoad="true" trace="disable"
>> >> statistics="enable">
>> >> <target>
>> >> <endpoint
>> >> name="endpoint_urn_uuid_BB1AB9F8608F7EC366271152455486681545818807
>> >> "> <address uri="http://127.0.0.1:9763/services/HelloService/"/>
>> >> </endpoint>
>> >> <inSequence>
>> >> <entitlementService
>> >> remoteServiceUrl="https://localhost:9463/services/";
>> >> remoteServiceUserName="admin" remoteServicePassword="admin"/>
>> >> <header
>> >>
>> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws
>> >> s-w ssecuri ty-secext-1.0.xsd" name="wsse:Security"
>> >> action="remove"/> <send/> </inSequence> <outSequence> <log
>> >> level="full"/> <send/> </outSequence> <faultSequence> <log
>> >> level="full"/> </faultSequence> </target> <publishWSDL
>> >> uri="http://127.0.0.1:9763/services/HelloService?wsdl"/>
>> >> <policy
>> >>
>> >> key="conf:/repository/axis2/service-groups/Secureproxy3/services/S
>> >> ecu
>> >> reproxy
>> >> 3/policies/SecConSgnEncrUsername"/>
>> >> <enableSec/>
>> >> </proxy>
>> >>
>> >>
>> >> Ing. Jorge Infante Osorio.
>> >> J´Dpto Soluciones SOA.
>> >> CDAE.
>> >> UCI
>> >>
>> >>
>> >> _______________________________________________
>> >> Carbon-dev mailing list
>> >> [email protected]
>> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>> >
>> > _______________________________________________
>> > Carbon-dev mailing list
>> > [email protected]
>> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>> >
>> >
>>
>>
>>
>> --
>> Supun Kamburugamuva
>> Technical Lead & Product Manager, WSO2 Inc.; http://wso2.com Member,
>> Apache Software Foundation; http://www.apache.org
>> WSO2 Inc.; http://wso2.org
>> E-mail: [email protected]; Mobile: +94 77 431 3585
>> Blog: http://supunk.blogspot.com
>> _______________________________________________
>> Carbon-dev mailing list
>> [email protected]
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> [email protected]
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
>
> --
> Thilina Buddhika
> Senior Software Engineer
> WSO2 Inc. ; http://wso2.com
> lean . enterprise . middleware
>
> phone : +94 77 44 88 727
> blog : http://blog.thilinamb.com
>
> _______________________________________________
> Carbon-dev mailing list
> [email protected]
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
