Hello,
I have problems with activating ws-security on a proxy service and
getting a valid response back.
Following scenario:
client <-> synapse 1 <-> synapse 2 <-> service
*client-synapse 1:*
soap-message without security-header in request, but response has
timestamp-header
REQUEST:
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:goog="http://GooglemapsService";>
<soapenv:Header/>
<soapenv:Body>
<goog:populateCoordinatesInputType>
<goog:processId>234u93243</goog:processId>
<goog:latitude>49.977019</goog:latitude>
<goog:longitude>8.281000</goog:longitude>
<goog:classification>feuer</goog:classification>
</goog:populateCoordinatesInputType>
</soapenv:Body>
</soapenv:Envelope>
RESPONSE (timestamp header should not be sent with it):
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<soapenv:Header>
*<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsu:Timestamp wsu:Id="Timestamp-27221385"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsu:Created>2008-03-13T16:54:52.333Z</wsu:Created>
<wsu:Expires>2008-03-13T16:59:52.333Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security> *
<wsa:MessageID>urn:uuid:62955C685D3E22D53431406868732763-1660440106</wsa:MessageID>
<wsa:Action>http://de..com./GooglemapsService/GooglemapsInterface/populateCoordinatesResponse</wsa:Action>
<wsa:RelatesTo>urn:uuid:462444BD3778D494871205427517872</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body>
<ns1:populateCoordinatesOutputType
xmlns:ns1="http://de..com./GooglemapsService";>http://localhost:8180/Googlemaps/GooglemapsHandler?processId=234u93243</ns1:populateCoordinatesOutputType>
</soapenv:Body>
</soapenv:Envelope>
*synapse 1-synapse 2:*
soap-message where ws-security is enabled for sending soap-message to
synapse 2, but Synapse 2 only answers with Timestamp-headers and does
not send usernameToken- Is that correct?
REQUEST:
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:goog="http://GooglemapsService";
xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-462609">
<wsu:Created>2008-03-13T16:58:37.591Z</wsu:Created>
<wsu:Expires>2008-03-13T17:03:37.591Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="UsernameToken-29969295">
<wsse:Username>bob</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:To>http://9.155.20.209:8382/soap/22bGooglemapsProxy</wsa:To>
<wsa:MessageID>urn:uuid:62955C685D3E22D53431400123784173-56486361</wsa:MessageID>
<wsa:Action>http://de..googlemapsService/populateCoordinates</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<goog:populateCoordinatesInputType>
<goog:processId>234u93243</goog:processId>
<goog:latitude>49.977019</goog:latitude>
<goog:longitude>8.281000</goog:longitude>
<goog:classification>feuer</goog:classification>
</goog:populateCoordinatesInputType>
</soapenv:Body>
</soapenv:Envelope>0
RESPONSE:
0
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-27221385">
<wsu:Created>2008-03-13T16:54:52.333Z</wsu:Created>
<wsu:Expires>2008-03-13T16:59:52.333Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:MessageID>urn:uuid:74A25FFFDAA9E8986D29673771955380-1939614347</wsa:MessageID>
<wsa:Action>http://de..com./GooglemapsService/GooglemapsInterface/populateCoordinatesResponse</wsa:Action>
<wsa:RelatesTo>urn:uuid:62955C685D3E22D53431400123784173-56486361</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body>
<ns1:populateCoordinatesOutputType
xmlns:ns1="http://de..com.GooglemapsService";>http://localhost:8180/Googlemaps/Google
65
mapsHandler?processId=234u93243</ns1:populateCoordinatesOutputType>
</soapenv:Body>
</soapenv:Envelope>
*synapse 2- service:*
soap-message is sent from synapse2 to service without security-header-
works very well!! But sends back to synapse 1 a wrong response (see above).
REQUEST:
?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsa="http://www.w3.org/2005/08/addressing";
xmlns:goog="http://de..com./GooglemapsService";>
<soapenv:Header>
<wsa:To>http://localhost:8182/Googlemaps/services/GoogleMapsService</wsa:To>
<wsa:MessageID>urn:uuid:74A25FFFDAA9E8986D29673444305636740570317</wsa:MessageID>
<wsa:Action>http://googlemapsService/populateCoordinates</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<goog:populateCoordinatesInputType>
<goog:processId>234u93243</goog:processId>
<goog:latitude>49.977019</goog:latitude>
<goog:longitude>8.281000</goog:longitude>
<goog:classification>feuer</goog:classification>
</goog:populateCoordinatesInputType>
</soapenv:Body>
</soapenv:Envelope>0
RESPONSE:
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<soapenv:Header>
<wsa:Action>http://de..com./GooglemapsService/GooglemapsInterface/populateCoordinatesResponse</wsa:Action>
<wsa:RelatesTo>urn:uuid:74A25FFFDAA9E8986D29673444305636740570317</wsa:RelatesTo>
</soapenv:Header>
<soapenv:Body>
<ns1:populateCoordinatesOutputType
xmlns:ns1="http://de..com./GooglemapsService";>http://localhost:8180/Googlemaps/GooglemapsHandler?processId=234u93243</ns1:populateCoordinatesOutputType>
</soapenv:Body>
</soapenv:Envelope>
*synapse 1 config file:*
<syn:proxy name="GooglemapsProxy" transports="https http"
startOnLoad="true" statistics="enable" trace="enable">
<syn:target>
<syn:inSequence>
<syn:log level="full" separator=","/>
<syn:send>
<syn:endpoint key="endpoints/googlemaps_endpoint.xml"/>
</syn:send>
</syn:inSequence>
<syn:outSequence>
<syn:log level="full" separator=","/>
<syn:send/>
</syn:outSequence>
</syn:target>
<syn:publishWSDL key="WSDL/GoogleMapsService.wsdl"/>
</syn:proxy>
*googlemaps_endpoint.xml:*
<endpoint xmlns="http://ws.apache.org/ns/synapse";>
<address
uri="http://localhost:8182/Googlemaps/services/GoogleMapsService";>
<enableAddressing/>
</address>
</endpoint>
*synapse 2 config file:*
<syn:proxy name="GooglemapsProxy" transports="https http"
startOnLoad="true" statistics="enable" trace="enable"
onError="myFaultHandler">
<syn:target>
<syn:inSequence>
<syn:log level="full" separator=","/>
<syn:roleBasedRouting>
<!-- possible values are: http-header,
ws-security -->
<syn:authentificationType>
ws-security
</syn:authentificationType>
<!-- possible values are: jdbc, ldap,
acegi-security !!!ONLY IMPLEMENTED JDBC!!!-->
<syn:realm type="jdbc">
<syn:driverurl>
jdbc:derby:UserDatabase;create=true
</syn:driverurl>
<syn:drivername>
org.apache.derby.jdbc.EmbeddedDriver
</syn:drivername>
<syn:username>wso2esb</syn:username>
<syn:password>wso2esb</syn:password>
</syn:realm>
</syn:roleBasedRouting>
<syn:header name="wsse:Security" action="remove"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
<syn:log level="full" separator=","/>
<syn:send>
<syn:endpoint key="endpoints/googlemaps_endpoint.xml"/>
</syn:send>
</syn:inSequence>
<syn:outSequence>
<syn:log level="full" separator=","/>
<syn:send/>
</syn:outSequence>
</syn:target>
<syn:publishWSDL key="WSDL/GoogleMapsService.wsdl"/>
<syn:policy key="policy/policy_1.xml"/>
<syn:enableSec/>
</syn:proxy>
*
googlemaps_endpoint.xml:*
<endpoint xmlns="http://ws.apache.org/ns/synapse";>
<address uri="http://pc234:8182/Googlemaps/services/GoogleMapsService";>
<enableAddressing/>
</address>
</endpoint>
*policy_1.xml for both instances of synapse:
*<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>bob</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.wso2.esb.mediator.RoleBasedPasswordCallbackhandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>*
*
I have debugged two synapse instances and password is set correctly
Any idea for fixing the problem?
Thanks,
Jens
