Balaji
This has been confirmed as a bug/limitation
(https://issues.apache.org/jira/browse/RAMPART-90) in Rampart 1.3 -
which will go into Synapse 1.1
We would be able to get this fixed from the Rampart team in future and
incorporate with Synapse 1.1 or with 1.1.x or 1.2 in future. Let me know
if this is critical for your production deployment
asankha
Asankha C. Perera wrote:
Hi Balaji
This difference is that in the first case, Synapse has accepted the
message and creates a fault, and uses the WS-Security policy for the
reply - which makes the response timestamped. Now for the second case,
the rejection takes place before Synapse gets the message - as the
message has failed the WS-Security policy specified. Thus the
CallbackHandler has error and Apache Rampart has sent this response
back without knowledge of Synapse.
I remember that this situation has been discussed a few days ago as
well.. not sure if it was on the Synapse list - but I will check with
the Rampart guys to see if they could make this consistent.
asankha
balaji hari wrote:
In case of errors returned by mediator using "makefault", the
returned soap
fault is timestamped if username token authentication with timestamp
security feature is configured.
But when password callback class throws UnsupportedCallbackException the
generated AxisFault doesn't have a timestamped header.
http://www.nabble.com/file/p12889206/websvc_raterank_validate.xml
websvc_raterank_validate.xml
http://www.nabble.com/file/p12889206/websvc_policy.xml
websvc_policy.xml Response from Synapse:
1. by Custom Mediator similar to schema validation error messages:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsu:Timestamp wsu:Id="Timestamp-27735295"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsu:Created>2007-09-25T21:32:30.912Z</wsu:Created>
<wsu:Expires>2007-09-25T21:37:30.912Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<soapenv:Fault>
<faultcode
xmlns:tns="http://www.w3.org/2003/05/soap-envelope";>tns:Receiver</faultcode>
<faultstring>User bob not allowed to access web
service</faultstring>
<detail/>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
2. by CallbackHandler
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>The security token could not be authenticated or
authorized</faultstring>
<detail/>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
I have attached the synapse configuration files. Is it possible to
make this
behavior consistent?
Balaji
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
