Re: Error page returned instead of Soap Exception when WS-Security Authentication fails in Rampart
Thanks for that Chinmoy. However, I continued to get the HTML error pages, even using the latest available nightly build of Rampart. This happened both on Axis2-1.4 and Axis2-1.5 However, I seem to have stumbled upon a fix. I was able to get the expected soap response messages and exceptions after I removed this entry from axis2.xml: module ref=rampart/ --- REMOVE I was testing an axis webapp which contained two services: 1. an unsecured service - BankService, from Axis /samples/faulthandling/ 2. and a secured service - sample03, from Rampart /samples/basic/sample03/ Now when the file /WEB-INF/conf/axis2.xml contained module ref=rampart/, I continually got a HTML error page (as described in my earlier post - see bottom of email), whether it was 1. (BankService - unsecured) - Sending a request that would generate Insufficient Funds error soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/; xmlns:exam=http://example; soapenv:Header/ soapenv:Body exam:withdraw exam:account88/exam:account exam:amount1200/exam:amount /exam:withdraw /soapenv:Body /soapenv:Envelope when running the /faulthandling example from command-line, this was the equivalent of ant run.client -Durl=http://localhost:8081/axis2/services/BankService -Daccount=88 -Damt=1200 OR 2. (sample03 - secured) Or trying to log in with incorrect login details: (In this sample, only bob is a valid Username. All others usernames should throw authentication errors) soap:Envelope xmlns:soap=http://www.w3.org/2003/05/soap-envelope; xmlns:sam=http://sample03.samples.rampart.apache.org; soap:Header wsse:Security soap:mustUnderstand=1 xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; wsse:UsernameToken wsu:Id=UsernameToken-1815911479 xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsse:Usernamebobx/wsse:Username wsse:Password Type=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText;bobPW/wsse:Password /wsse:UsernameToken /wsse:Security /soap:Header soap:Body sam:echo !--Optional:-- sam:param0echo this string/sam:param0 /sam:echo /soap:Body /soap:Envelope But after removing the rampart entry from axis2.xml, things started working as expected. I was now getting expected results like these: 1. BankService soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/; soapenv:Body soapenv:Fault faultcodesoapenv:Server/faultcode faultstringInsufficient funds/faultstring detail ns1:InsufficientFundFault xmlns:ns1=http://example; ns1:account88/ns1:account ns1:balance1000/ns1:balance ns1:requestedFund1200/ns1:requestedFund /ns1:InsufficientFundFault /detail /soapenv:Fault /soapenv:Body /soapenv:Envelope 2. sample03 soapenv:Envelope xmlns:soapenv=http://www.w3.org/2003/05/soap-envelope; soapenv:Body soapenv:Fault soapenv:Code soapenv:Valuesoapenv:Receiver/soapenv:Value /soapenv:Code soapenv:Reason soapenv:Text xml:lang=en-USWSDoAllReceiver: security processing failed/soapenv:Text /soapenv:Reason soapenv:Detail/ /soapenv:Fault /soapenv:Body /soapenv:Envelope So either we have incorrect config instructions - http://ws.apache.org/axis2/modules/rampart/1_0/security-module.html says to put the rampart module entry in axis2.xml - OR there is a bug in the way that Rampart is interacting with errors that are thrown by services in Axis, even services that *don't* use rampart end up being affected by it. Bug or Not Bug? However, when I have a web service (written code first, not generated from WSDL) that throws an Exception, I still end up getting a HTML error page - but this may be related to the way Axis handles exceptions by default (?). I thought Axis would wrap exceptions in a SoapException, but I'm not sure. Can anyone confirm this? Ellecer On Wed, Oct 21, 2009 at 10:08 PM, Chinmoy Chakraborty cch...@gmail.com wrote: I saw this error and I suppose this is fixed in 1.5..you can look at [1]. [1]. [ https://issues.apache.org/jira/browse/RAMPART-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12739525#action_12739525 ] HTH, Chinmoy On Wed, Oct 21, 2009 at 12:17 PM, Ellecer Valencia elle...@gmail.com wrote: Hi, I'm trying to set up WS-Security (just username/password-clear-text) and I'm trying to get the service to return a Soap Exception when the user logs in with the wrong details. Should be easy, right? However, I keep getting HTTP 500 error pages instead of Soap Exceptions, like this one: htmlheadtitleApache Tomcat/6.0.18 - Error
Re: Error page returned instead of Soap Exception when WS-Security Authentication fails in Rampart
If you want to enable WS-security you need to engage RAMPART module. So disengaging RAMPART module is not the solution if you want WS-Security. If you don't need WS-Security then its fine. So it's a bug and that's why it is in JIRA. If you are getting the same error using latest code please comment on that JIRA entry. Chinmoy On Thu, Oct 22, 2009 at 12:06 PM, Ellecer Valencia elle...@gmail.comwrote: Thanks for that Chinmoy. However, I continued to get the HTML error pages, even using the latest available nightly build of Rampart. This happened both on Axis2-1.4 and Axis2-1.5 However, I seem to have stumbled upon a fix. I was able to get the expected soap response messages and exceptions after I removed this entry from axis2.xml: module ref=rampart/ --- REMOVE I was testing an axis webapp which contained two services: 1. an unsecured service - BankService, from Axis /samples/faulthandling/ 2. and a secured service - sample03, from Rampart /samples/basic/sample03/ Now when the file /WEB-INF/conf/axis2.xml contained module ref=rampart/, I continually got a HTML error page (as described in my earlier post - see bottom of email), whether it was 1. (BankService - unsecured) - Sending a request that would generate Insufficient Funds error soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/; xmlns:exam=http://example; soapenv:Header/ soapenv:Body exam:withdraw exam:account88/exam:account exam:amount1200/exam:amount /exam:withdraw /soapenv:Body /soapenv:Envelope when running the /faulthandling example from command-line, this was the equivalent of ant run.client -Durl=http://localhost:8081/axis2/services/BankService -Daccount=88 -Damt=1200 OR 2. (sample03 - secured) Or trying to log in with incorrect login details: (In this sample, only bob is a valid Username. All others usernames should throw authentication errors) soap:Envelope xmlns:soap=http://www.w3.org/2003/05/soap-envelope; xmlns:sam=http://sample03.samples.rampart.apache.org; soap:Header wsse:Security soap:mustUnderstand=1 xmlns:wsse= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd wsse:UsernameToken wsu:Id=UsernameToken-1815911479 xmlns:wsu= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd wsse:Usernamebobx/wsse:Username wsse:Password Type= http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText bobPW/wsse:Password /wsse:UsernameToken /wsse:Security /soap:Header soap:Body sam:echo !--Optional:-- sam:param0echo this string/sam:param0 /sam:echo /soap:Body /soap:Envelope But after removing the rampart entry from axis2.xml, things started working as expected. I was now getting expected results like these: 1. BankService soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/ soapenv:Body soapenv:Fault faultcodesoapenv:Server/faultcode faultstringInsufficient funds/faultstring detail ns1:InsufficientFundFault xmlns:ns1=http://example; ns1:account88/ns1:account ns1:balance1000/ns1:balance ns1:requestedFund1200/ns1:requestedFund /ns1:InsufficientFundFault /detail /soapenv:Fault /soapenv:Body /soapenv:Envelope 2. sample03 soapenv:Envelope xmlns:soapenv=http://www.w3.org/2003/05/soap-envelope; soapenv:Body soapenv:Fault soapenv:Code soapenv:Valuesoapenv:Receiver/soapenv:Value /soapenv:Code soapenv:Reason soapenv:Text xml:lang=en-USWSDoAllReceiver: security processing failed/soapenv:Text /soapenv:Reason soapenv:Detail/ /soapenv:Fault /soapenv:Body /soapenv:Envelope So either we have incorrect config instructions - http://ws.apache.org/axis2/modules/rampart/1_0/security-module.html says to put the rampart module entry in axis2.xml - OR there is a bug in the way that Rampart is interacting with errors that are thrown by services in Axis, even services that *don't* use rampart end up being affected by it. Bug or Not Bug? However, when I have a web service (written code first, not generated from WSDL) that throws an Exception, I still end up getting a HTML error page - but this may be related to the way Axis handles exceptions by default (?). I thought Axis would wrap exceptions in a SoapException, but I'm not sure. Can anyone confirm this? Ellecer On Wed, Oct 21, 2009 at 10:08 PM, Chinmoy Chakraborty cch...@gmail.com wrote: I saw this error and I suppose this is fixed in 1.5..you can look at [1]. [1]. [
Re: Error page returned instead of Soap Exception when WS-Security Authentication fails in Rampart
But this is where we seem to be doing different things. I'm getting the error, but only if I have a rampart entry in axis2.xml. Once I remove it, I don't get the HTML error page anymore. I get the Soap Faults I was expecting. It looks like WS-Security is actually enabled, even without the axis2.xml entry. I find the instructions a bit ambiguous on this: Since rampart module inserts handlers in the system specific pre-dispatch phase, it must be engaged globally. But it is possible to activate rampart module for the inflow or the outflow when required by the service or the clients. Now what does this actually mean? Should the module reference always be present in axis2.xml or not? The second sentence seems to imply that it doesn't. Later on, the instructions say: At the server it is possible to provide security on a per service basis. The configuration parameters should be set in the service.xml file of the service. The client side config parameters should be set in the axis2.xml of the client's Axis2 repository. So isn't this saying if you are a *client* of a WS-Security enabled service, you need the entry in your axis2.xml, but if you are running a service, you can either have rampart enabled globally in the axis2.xml, or inside individual services, in their service.xml? Could we get some feedback from people involved in Rampart (and rewrite some parts of that page if needed)? As I showed in my previous post, I was able to get a Soap Fault from sample03 service when authentication failed. I didn't have an entry for rampart in axis2.xml. I only had it in the service.xml file for sample03. The fact that the auth details were processed means Rampart *is* enabled. Ellecer On Thu, Oct 22, 2009 at 6:26 PM, Chinmoy Chakraborty cch...@gmail.com wrote: If you want to enable WS-security you need to engage RAMPART module. So disengaging RAMPART module is not the solution if you want WS-Security. If you don't need WS-Security then its fine. So it's a bug and that's why it is in JIRA. If you are getting the same error using latest code please comment on that JIRA entry. Chinmoy On Thu, Oct 22, 2009 at 12:06 PM, Ellecer Valencia elle...@gmail.com wrote: Thanks for that Chinmoy. However, I continued to get the HTML error pages, even using the latest available nightly build of Rampart. This happened both on Axis2-1.4 and Axis2-1.5 However, I seem to have stumbled upon a fix. I was able to get the expected soap response messages and exceptions after I removed this entry from axis2.xml: module ref=rampart/ --- REMOVE I was testing an axis webapp which contained two services: 1. an unsecured service - BankService, from Axis /samples/faulthandling/ 2. and a secured service - sample03, from Rampart /samples/basic/sample03/ Now when the file /WEB-INF/conf/axis2.xml contained module ref=rampart/, I continually got a HTML error page (as described in my earlier post - see bottom of email), whether it was 1. (BankService - unsecured) - Sending a request that would generate Insufficient Funds error soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/; xmlns:exam=http://example; soapenv:Header/ soapenv:Body exam:withdraw exam:account88/exam:account exam:amount1200/exam:amount /exam:withdraw /soapenv:Body /soapenv:Envelope when running the /faulthandling example from command-line, this was the equivalent of ant run.client -Durl=http://localhost:8081/axis2/services/BankService -Daccount=88 -Damt=1200 OR 2. (sample03 - secured) Or trying to log in with incorrect login details: (In this sample, only bob is a valid Username. All others usernames should throw authentication errors) soap:Envelope xmlns:soap=http://www.w3.org/2003/05/soap-envelope; xmlns:sam=http://sample03.samples.rampart.apache.org; soap:Header wsse:Security soap:mustUnderstand=1 xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd; wsse:UsernameToken wsu:Id=UsernameToken-1815911479 xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd; wsse:Usernamebobx/wsse:Username wsse:Password Type=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText;bobPW/wsse:Password /wsse:UsernameToken /wsse:Security /soap:Header soap:Body sam:echo !--Optional:-- sam:param0echo this string/sam:param0 /sam:echo /soap:Body /soap:Envelope But after removing the rampart entry from axis2.xml, things started working as expected. I was now getting expected results like these: 1. BankService soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/; soapenv:Body soapenv:Fault faultcodesoapenv:Server/faultcode faultstringInsufficient funds/faultstring
Re: Error page returned instead of Soap Exception when WS-Security Authentication fails in Rampart
I saw this error and I suppose this is fixed in 1.5..you can look at [1].
[1]. [
https://issues.apache.org/jira/browse/RAMPART-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12739525#action_12739525]
HTH,
Chinmoy
On Wed, Oct 21, 2009 at 12:17 PM, Ellecer Valencia elle...@gmail.comwrote:
Hi,
I'm trying to set up WS-Security (just username/password-clear-text)
and I'm trying to get the service to return a Soap Exception when the
user logs in with the wrong details. Should be easy, right? However, I
keep getting HTTP 500 error pages instead of Soap Exceptions, like
this one:
htmlheadtitleApache Tomcat/6.0.18 - Error
report/titlestyle!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B
{font-family:Tahoqma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color :
#525D76;}--/style /headbodyh1HTTP Status 500 - /h1HR
size=1 noshade=noshadepbtype/b Status
report/ppbmessage/b u/u/ppbdescription/b uThe
server encountered an internal error () that prevented it from
fulfilling this request./u/pHR size=1
noshade=noshadeh3Apache Tomcat/6.0.18/h3/body/html
Now I'm testing using axis 1.4.1, putting the exploded webapp in the
tomcat /webapps directory. When I started getting the error pages, I
thought removing the mappings for the HTTP 500 error in
/WEB-INF/web.xml would fix it, but it didn't. I've now removed
everything else in the Tomcat webapps directory, I've cleaned out the
Tomcat /work directory, I've even removed the /axis2-web directory in
the Axis webapp, just to eliminate the possiblity of any more JSPs -
*and the error pages still keep displaying*.
I came across a post from July that is having a problem similar to mine:
http://marc.info/?l=axis-userm=124662013625695w=2
However, I didn't come across any posts that resolved his problem.
The software I'm using is:
Axis 1.4.1
Rampart 1.4
Tomcat 6.0.18
Has anyone encountered this problem and what fixed it? I've tried
doing it using policy.xml and via basic rampart config, and am
getting similar results.
Actually, the curious thing is that when I get the error from a
service configured with basic rampart config, I get a stacktrace,
like this:
mhtmlheadtitleApache Tomcat/6.0.18 - Error
report/titlestyle!--H1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
H2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
H3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
BODY
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}
B
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
P
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A
{color : black;}A.name {color : black;}HR {color :
#525D76;}--/style /headbodyh1HTTP Status 500 - /h1HR
size=1 noshade=noshadepbtype/b Exception
report/ppbmessage/b u/u/ppbdescription/b uThe
server encountered an internal error () that prevented it from
fulfilling this request./u/ppbexception/b
prejava.lang.NullPointerException
org.apache.rampart.RampartMessageData.lt;initgt;(RampartMessageData.java:308)
org.apache.rampart.MessageBuilder.build(MessageBuilder.java:61)
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:64)
org.apache.axis2.engine.Phase.invoke(Phase.java:317)
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:520)
org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:416)
org.apache.axis2.transport.http.AxisServlet.processAxisFault(AxisServlet.java:379)
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:167)
javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
/pre/ppbnote/b uThe full stack trace of the root cause is
available in the Apache Tomcat/6.0.18 logs./u/pHR size=1
noshade=noshadeh3Apache Tomcat/6.0.18/h3/body/html
-- and it says Exception report instead of Status report like in
the first one. I don't know if this indicates it's a different page
that is hardcoded inside of Axis (just guessing here)?
Thanks in advance for any ideas and help from all you wonderful
members of the mailing list. =)
thanks,
Ellecer
