Axis2/Java client throws exception with mustUnderstand=1
--------------------------------------------------------
Key: RAMPART-281
URL: https://issues.apache.org/jira/browse/RAMPART-281
Project: Rampart
Issue Type: Bug
Affects Versions: 1.4
Environment: Server: Linux, Axis2/C
Client: Windows, Axis2/Java
Reporter: Russell Tempero
Assignee: Ruchith Udayanga Fernando
We have implemented our service with the following security policy:
<wsp:Policy wsu:Id="SyncPolicy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
On the client, we are able to use Rampart to send out the correct security
headers as expected by the server:
<soapenv:Header>
<wsse:Security
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
soapenv:mustUnderstand='1'>
<wsse:UsernameToken
xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
wsu:Id='UsernameToken-12864392'>
<wsse:Username>admin</wsse:Username>
<wsse:Password
Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>admin</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
However, in the response, the server send back a blank security header:
<soapenv:Header>
<wsse:Security
xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
soapenv:mustUnderstand='1'></wsse:Security>
</soapenv:Header>
When the client receives this blank security header, it throws the following
exception:
Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
: Security
Is the blank security header required/allowed in the response according to the
WS-Security specification? If so, the Rampart implementation on the client
needs to be changed to be able to accept this header. If the blank header is
not allowed, the server needs to be changed to not send it.
Note: we came up with the following workaround on the client:
.
.
.
ConfigurationContext configurationContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("C:\\Program
Files\\axis2-1.5.1\\repository", null);
AxisConfiguration ac =
configurationContext.getAxisConfiguration();
((Phase)ac.getInFlowPhases().get(0)).addHandler(new
BasicCreate.SecurityHandler());
.
.
.
public static class SecurityHandler extends AbstractHandler
{
@Override
public InvocationResponse invoke(MessageContext msgContext) throws
AxisFault
{
org.apache.axiom.soap.SOAPEnvelope envelope =
msgContext.getEnvelope();
if (envelope.getHeader() == null)
{
return InvocationResponse.CONTINUE;
}
// Get all the headers targeted to us
Iterator headerBlocks =
envelope.getHeader().getHeadersToProcess((RolePlayer)msgContext.getConfigurationContext().getAxisConfiguration().getParameterValue("rolePlayer"));
while (headerBlocks.hasNext())
{
SOAPHeaderBlock headerBlock = (SOAPHeaderBlock)
headerBlocks.next();
QName headerName = headerBlock.getQName();
if(headerName.getLocalPart().equals("Security"))
{
headerBlock.setProcessed();
}
}
return InvocationResponse.CONTINUE;
}
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
