[
https://issues.apache.org/jira/browse/RAMPART-64?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dimuthu Leelarathne updated RAMPART-64:
---------------------------------------
Attachment: Screenshot.png.zip
the screen shot
> Issues with security configurations and useOriginalwsdl parameter
> -----------------------------------------------------------------
>
> Key: RAMPART-64
> URL: https://issues.apache.org/jira/browse/RAMPART-64
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.2
> Environment: Windows XP SP2, JDK 1.6, Eclipse 3.2
> Reporter: Jorge Fernández
> Priority: Blocker
> Attachments: eclipse_projects.rar, Screenshot.png.zip, Webservice.rar
>
>
> I'm using policy at my service, trying to force the client to send SKI
> certificate reference so I have <sp:RequireKeyIdentifierReference/> assertion
> in both Initiator Token and RecipientToken and
> <sp:MustSupportRefKeyIdentifier/>.
> In the client, I'm sending IssuerSerial references but in the service policy
> I haven't got MustSupportIssuerSerialReference, so I think the service should
> reject the request but it doesn't. Am I right?
> Also, I expected that the service should send SKI reference always, but, for
> the encryption key it sends IssuerSerial reference. Can I force it to use
> always SKI reference?
> When I replace signedParts by signedElements assertion, I can access the
> service but the WSDL is not generated (when useOriginalwsdl is false) because
> it throws an exception:
> org.apache.axis2.dataretrieval.DataRetrievalException:
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
>
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:81)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
>
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axis2.dataretrieval.DataRetrievalException:
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
>
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:136)
>
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
>
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
>
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException:
> Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
>
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:211)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
>
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
>
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
>
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
>
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
>
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
>
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
>
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
>
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
>
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
>
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
>
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> caused by
> com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "sp"
> at [row,col {unknown-source}]: [1,1028]
> com.ctc.wstx.sr.StreamScanner.throwParseError(StreamScanner.java:458)
>
> com.ctc.wstx.sr.NsInputElementStack.resolveAndValidateElement(NsInputElementStack.java:383)
>
> com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2807)
>
> com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2718)
> com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1004)
>
> org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:125)
> org.apache.axiom.om.impl.llom.OMNodeImpl.build(OMNodeImpl.java:315)
>
> org.apache.axiom.om.impl.llom.OMElementImpl.build(OMElementImpl.java:608)
>
> org.apache.axiom.om.impl.llom.OMElementImpl.detach(OMElementImpl.java:577)
> org.apache.axiom.om.impl.llom.OMNodeImpl.setParent(OMNodeImpl.java:114)
>
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:236)
>
> org.apache.axiom.om.impl.llom.OMElementImpl.addChild(OMElementImpl.java:192)
>
> org.apache.axis2.description.AxisService2OM.addPolicyAsExtElement(AxisService2OM.java:905)
>
> org.apache.axis2.description.AxisService2OM.generateSOAP11Binding(AxisService2OM.java:514)
>
> org.apache.axis2.description.AxisService2OM.generateOM(AxisService2OM.java:184)
>
> org.apache.axis2.dataretrieval.WSDLDataLocator.outputInlineForm(WSDLDataLocator.java:132)
>
> org.apache.axis2.dataretrieval.WSDLDataLocator.getData(WSDLDataLocator.java:71)
>
> org.apache.axis2.dataretrieval.AxisDataLocatorImpl.getData(AxisDataLocatorImpl.java:77)
> org.apache.axis2.description.AxisService.getData(AxisService.java:2143)
> org.apache.axis2.description.AxisService.getWSDL(AxisService.java:1007)
> org.apache.axis2.description.AxisService.printWSDL(AxisService.java:857)
>
> org.apache.axis2.transport.http.ListingAgent.processListService(ListingAgent.java:221)
> org.apache.axis2.transport.http.AxisServlet.doGet(AxisServlet.java:225)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> I found a strange behaviour in my service policy: I'm trying to encrypt
> ServiceGroupId and some of my payload elements.
> For example, in my service policy I have:
> sp:EncryptedElements
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:XPath>descendant::ns3:getPatientsResponse</sp:XPath>
> </sp:EncryptedElements>
> If the client sends elements defined with that prefix, there's no problem
> when decrypting them in the service. But when I need to encrypt elements like
> that, to send them back to the client, I have the exception:
> org.apache.axis2.AxisFault: java.lang.RuntimeException:
> org.jaxen.UnresolvableException: Cannot resolve namespace prefix 'ns3'
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:178)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
>
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>
> at
> prg.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> at java.lang.Thread.run(Unknown Source)
Caused by:
> java.lang.RuntimeException: org.jaxen.UnresolvableException: Cannot resolve
> namespace prefix 'ns3'
> at
> org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:705)
>
> at
> org.apache.rampart.util.RampartUtil.getEncryptedParts(RampartUtil.java:564)
>
> at
> org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:67)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
>
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
> ... 14 more
Caused by: org.jaxen.UnresolvableException: Cannot
> resolve namespace prefix 'ns3'
 at
> org.jaxen.expr.DefaultNameStep.matches(DefaultNameStep.java:340)
> at org.jaxen.expr.DefaultNameStep.evaluate(DefaultNameStep.java:209)
>
> at
> org.jaxen.expr.DefaultLocationPath.evaluate(DefaultLocationPath.java:140)
>
> at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
> at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:680)
> at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:219)
> at
> org.apache.rampart.util.RampartUtil.getPartsAndElements(RampartUtil.java:690)
> ... 23 more
> However, for other operations it has no problem. I have one that returns the
> same data as the one above and it works perfect. The only difference in the
> response, is the name of the operation.
> I have this operations:
> validate (In-Only OK)
> logout (In-Only OK)
> getOntologyFindings
> getOntologyFindingsByConcept (OK)
> getOntologyAbstractParameters
> getOntologyAbstractParametersByType (OK, returns the same data as the
> previous one) getOntologyUnits
> getOntologySignals
> getOntology
> getPatients
> getPrimitiveParameterData (OK)
> Operations without (OK) throw the exception described above. You can see that
> when the names are almos the same (as getPatients and getPatientsByType), the
> longer works OK but the shorter doesn't. For some other, even if their names
> are different, it doesn't work.
> In the case of encrypting ServiceGroupID, it says it cannot resolve prefix
> 'axis2'. With other elements such as addressing headers and timestamp there
> is no problem.
> For some operations, I have a response like this:
> <ns3:getPrimitiveDataResponse xmlns:ns3="http://op_messages.medici_link/xsd";>
> <parameterData xmlns="http://op_messages.medici_link/xsd";>
> <annotations \
> xmlns="http://external.communication_data_model.medici_link/xsd"; \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:nil="true" \
> />
> <dataSegments \
> xmlns="http://external.communication_data_model.medici_link/xsd";> \
> <beginMsec>1186069490203</beginMsec> <endMsec>1186069490203</endMsec>
> <data>
> <xop:Include \
> href="cid:1.urn:uuid:[EMAIL PROTECTED]" \
> xmlns:xop="http://www.w3.org/2004/08/xop/include"; /> </data>
> </dataSegments>
> </parameterData>
> </ns3:getPrimitiveDataResponse>
> and I want to sign and encrypt annotations and dataSegments so I put that in
> the policy but none of them are encrypted nor signed and neither I get any
> exception.It seems that rampart isn't able to find them. I tried identifying
> them in the policy with descendant::ns3:dataSegments and
> descendant::dataSegments.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
