W dniu 2011-04-01 12:32, Michal Niklas pisze:
> Hello,
>
> I have problem with axis2+rampart WS-Security response in case of server
> internal error.
> When server returns "200 OK" all seems ok. Response is checked by
> rampart if it has proper timestamp, signature and decrypts function
> response XML. But when server returns "500 Internal Server Error"
> axis2/rapart throws exception:
>
> ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand
> check failed for header
>
> I thought there is something wrong with answer and tested it with
> soapUI. There comes similar response both in secured and decrypted form.
> Those responses differ only by HTTP status, XML response code indicating
> error, and case of SOAP tags. In case of good response there is
>
> <SOAP-ENV:Envelope ...
>
> In case of error:
>
> <soap:Envelope ...
>
> Rest of the structure, including `mustUnderstand="1"` is the same.
>
> In `axis2.xml` I configured `InFlow` and `InFaultFlow` to be the same
> with order:
>
> <phase name="Addressing">...</phase>
> <phase name="Security"/>
> <phase name="PreDispatch"/>
>
> I enabled tracing of my client and in case of good reponse I see:
>
> DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter
> process(MessageContext msgCtx)
> DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext:
> logID=urn:uuid:UUID] Invoking Handler 'SecurityInHandler' in Phase
> 'Security'
> ...there is decrypted message
> DEBUG Thread-11 org.apache.rampart.handler.WSDoAllReceiver -
> WSDoAllReceiver: exit invoke()
> DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext:
> logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
> DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext:
> logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
> ...
>
> There is no such trace in the case of error:
>
> DEBUG Thread-11 org.apache.rampart.RampartEngine - Enter
> process(MessageContext msgCtx)
> DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext:
> logID=urn:uuid:UUID] Checking post-conditions for phase "Security"
> DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext:
> logID=urn:uuid:UUID] Checking pre-condition for Phase "PreDispatch"
> ...
> DEBUG Thread-11 org.apache.axis2.engine.Phase - [MessageContext:
> logID=urn:uuid:UUID] Checking post-conditions for phase "soapmonitorPhase"
> DEBUG Thread-11 org.apache.axis2.engine.AxisEngine - MustUnderstand
> header not processed or registered as
> understood{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
> DEBUG Thread-11 org.apache.axis2.i18n.ProjectResourceBundle -
> org.apache.axis2.i18n.resource::handleGetObject(mustunderstandfailed)
> ERROR Thread-11 org.apache.axis2.engine.AxisEngine - Must Understand
> check failed for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> : Security
> org.apache.axis2.AxisFault: Must Understand check failed for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> : Security
> at
> org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
>
> There is no `SecurityInHandler` invocation.
>
> I would like to see decrypted message just like in case of "200 OK"
> status or like in soapUI.
> Any ideas what is wrong with my configuration?
>
> PS This is copy of my query at:
> http://stackoverflow.com/questions/5511643/axis2rampart-must-understand-check-failed-for-header-security
I have checked that I got such error only in case of "500 Internal
Server Error". If server reply with "200 OK" and the same encrypted
content then axis2 is able to decrypt it!
Regards,
MichaĆ
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
