Re: Timestamp in returned fault message

Thu, 27 Sep 2007 01:34:54 -0700 

Hi Balaji
This difference is that in the first case, Synapse has accepted the message and creates a fault, and uses the WS-Security policy for the reply - which makes the response timestamped. Now for the second case, the rejection takes place before Synapse gets the message - as the message has failed the WS-Security policy specified. Thus the CallbackHandler has error and Apache Rampart has sent this response back without knowledge of Synapse. 


I remember that this situation has been discussed a few days ago as 
well.. not sure if it was on the Synapse list - but I will check with 
the Rampart guys to see if they could make this consistent.


asankha

balaji hari wrote:

In case of errors returned by mediator using "makefault", the returned soap
fault is timestamped if username token authentication with timestamp
security feature is configured.

But when password callback class throws UnsupportedCallbackException the
generated AxisFault doesn't have a timestamped header.
http://www.nabble.com/file/p12889206/websvc_raterank_validate.xml

websvc_raterank_validate.xml 
http://www.nabble.com/file/p12889206/websvc_policy.xml websvc_policy.xml 
Response from Synapse:

1.  by Custom Mediator similar to schema validation error messages:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
         <wsu:Timestamp wsu:Id="Timestamp-27735295"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
            <wsu:Created>2007-09-25T21:32:30.912Z</wsu:Created>
            <wsu:Expires>2007-09-25T21:37:30.912Z</wsu:Expires>
         </wsu:Timestamp>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <soapenv:Fault>
         <faultcode
xmlns:tns="http://www.w3.org/2003/05/soap-envelope";>tns:Receiver</faultcode>
         <faultstring>User bob not allowed to access web
service</faultstring>
         <detail/>
      </soapenv:Fault>
   </soapenv:Body>
</soapenv:Envelope>

2. by CallbackHandler

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
   <soapenv:Body>
      <soapenv:Fault>
         <faultcode>soapenv:Server</faultcode>
         <faultstring>The security token could not be authenticated or
authorized</faultstring>
         <detail/>
      </soapenv:Fault>
   </soapenv:Body>
</soapenv:Envelope>

I have attached the synapse configuration files. Is it possible to make this
behavior consistent?

Balaji



  


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to