Missing signature in SOAP fault messages
----------------------------------------
Key: RAMPART-193
URL: https://issues.apache.org/jira/browse/RAMPART-193
Project: Rampart
Issue Type: Bug
Affects Versions: 1.4
Environment: Windows Vista
Apache Tomcat 5.5.26
Axis2 1.4
Rampart 1.4
Java JRE: 1.5.0.14
Reporter: Edem Alipui
Assignee: Ruchith Udayanga Fernando
Fix For: 1.4
Hi,
I'm working with Axis2 and Rampart to create secure web services, and I have
the following issue: Whenever an Axis fault is generated on the server's side,
the SOAP fault message send back to the client is not signed. It results in an
error since the client is expecting a signed SOAP enveloppe. I'm working with
AXIS2 1.4 and Rampart 1.4. I've tried to find out in the Issue Tracking section
of Rampart web site. According to the following reports
(http://issues.apache.org/jira/browse/RAMPART-18 and
http://issues.apache.org/jira/browse/RAMPART-90 ) the issue is said to have
been fixed in version 1.4 of
Rampart so I'm wondering if I'm doing something wrong or if somehow the issue
persists. Any clue will be very welcome. Thanks for the help.
This is a normal message when there is no faults:
[INFO] Deploying module: addressing-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
[INFO] Deploying module: rahas-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
[INFO] Deploying module: rampart-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
[INFO] Deploying module: metadataExchange -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
1.4-impl.jar
[INFO] Verification successful for URI "#Id-30303804"
[INFO] Verification successful for URI "#id-20457766"
[INFO] Verification successful for URI "#id-1412294"
[INFO] Verification successful for URI "#Timestamp-2746929"
Voici le resultat de l'appel:
1721
==========================================================
This is the message I'm getting when a fault is generated.
==========================================================
[INFO] Deploying module: addressing-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/addressing-1.4.mar
[INFO] Deploying module: rahas-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rahas-1.4.mar
[INFO] Deploying module: rampart-1.4 -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/ressources/modules/rampart-1.4.mar
[INFO] Deploying module: metadataExchange -
file:/C:/Data/projets/WebServices20080613/code/espaceDeTravail_20080709/essaisDeploiementWS14Client_1/lib/mex-
1.4-impl.jar
[ERROR] Missing wsse:Security header in request
org.apache.axis2.AxisFault: Missing wsse:Security header in request
at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
==============================================
This is the soap enveloppe sent to the Client.
==============================================
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
<soapenv:Body>
<soapenv:Fault>
<soapenv:Code>
<soapenv:Value>soapenv:Receiver</soapenv:Value>
</soapenv:Code>
<soapenv:Reason>
<soapenv:Text xml:lang="en-US">ERREUR TEST ----- ERREUR TEST -----
ERREUR TEST</soapenv:Text>
</soapenv:Reason>
<soapenv:Detail/>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
===================================================================================================================================
This is the Policy file I'm using. Besides the locations of the Keystore, it is
the same policy on both ends (service and client).
===================================================================================================================================
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body />
<sp:Header
Namespace="http://www.w3.org/2005/08/addressing"; />
</sp:SignedParts>
<!--
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body /> </sp:EncryptedParts>
-->
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier />
<sp:MustSupportRefIssuerSerial />
<sp:MustSupportRefThumbprint />
<sp:MustSupportRefEncryptedKey />
<sp:MustSupportSignatureConfirmation />
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>test</ramp:user>
<ramp:encryptionUser>test</ramp:encryptionUser>
<ramp:passwordCallbackClass>
org.example.www.essaisdeploiementwebservice2.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file"> ressources\keys\ws.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">
changeit</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">ressources\keys\ws.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">
changeit</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
===================================================================================
This is the parts of axis2.xml where the security is enabled in the
OutFaultFlow:
===================================================================================
<phaseOrder type="OutFaultFlow">
<!-- user can add his own phases to this area -->
<phase name="soapmonitorPhase"/>
<phase name="OperationOutFaultPhase"/>
<phase name="MessageOut"/>
<phase name="RMPhase"/>
<phase name="PolicyDetermination"/>
<phase name="Security"/>
</phaseOrder>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
