Hello,
please see attached. request is generated by synapse, response is answer from
the service.
Pavel
Asankha C. Perera napsal(a):
Pavel
Can you share your configuration and any steps to reproduce this with
the samples, and/or any TCPmon traces of the response message received
asankha
Pavel Křehula wrote:
Hello,
I'm going to use synapse for signing soap messages.
When I send signed message to server, I get error:
2008-06-06 09:54:39,596 [192.168.0.84-PAVEL3] [HttpClientWorker-1]
ERROR ClientWorker Fault processing response message through Axis2
org.apache.axis2.AxisFault: SOAP header missing
at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.synapse.transport.nhttp.ClientWorker.run(ClientWorker.java:200)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.rampart.RampartException: SOAP header missing
at
org.apache.rampart.RampartEngine.process(RampartEngine.java:99)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
which in fack I'm able to understand because server response message
indeed is not signed and does not contain any header.
My question is how to configure rampart to accept such response.
I'm using same wss policy as client_policy_3.xml and Synapse 1.2
--
Best regards,
Pavel Krehula
<!--
~ Licensed to the Apache Software Foundation (ASF) under one
~ or more contributor license agreements. See the NOTICE file
~ distributed with this work for additional information
~ regarding copyright ownership. The ASF licenses this file
~ to you under the Apache License, Version 2.0 (the
~ "License"); you may not use this file except in compliance
~ with the License. You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<!--<sp:IncludeTimestamp/>-->
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
<!--
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:EncryptedParts>
-->
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>xxxxx</ramp:user>
<ramp:encryptionUser>xxxxx</ramp:encryptionUser>
<ramp:passwordCallbackClass>samples.userguide.PWCallback</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">repository/conf/file.p12</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">xxxxx</ramp:property>
<!--<ramp:property name="org.apache.ws.security.crypto.merlin.alias.password">123456</ramp:property>-->
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">repository/conf/file.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">xxxx</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:con="urn://fsb.belgium.be/fphp/v3_0/context" xmlns:open="http://www.openuri.org/"; xmlns:sear1="urn://fsb.belgium.be/fphp/v3_0/searchfilter" xmlns:com="urn://fsb.belgium.be/fphp/v3_0/common" xmlns:sear="urn://fsb.belgium.be/fphp/v3_0/searchcriteria" xmlns:v3="urn://fsb.belgium.be/fphp/v3_0" xmlns:quer="urn://fsb.belgium.be/fphp/v3_0/query"><soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-10408342">MIIEEDCCAvigAwIBAgILAQAAAAABGU0j/wYwDQYJKoZIhvcNAQEFBQAwNDELMAkGA1UEBhMCQkUxFjAUBgNVBAMTDUdvdmVybm1lbnQgQ0ExDTALBgNVBAUTBDIwMDgwHhcNMDgwNDE0MTMzMzM0WhcNMDkwNzE0MTMzMzM0WjByMRUwEwYDVQQDDAxHU0ItTktHVy1BQ0MxCzAJBgNVBAYTAkJFMREwDwYDVQQHDAhCcnVzc2VsczEQMA4GA1UECAwHQnJhYmFudDESMBAGA1UECwwJTktHVy1EYXRhMRMwEQYDVQQKDAowMjQwNzQ4NzUzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqLYNIyUhD16uQ7O3E/XPYDCGhg04wWq7diOYLlzQwQFQG9gzcowo79LaRmlepXgM9VSNCsXvVZ7n07XEFZvo38qf/gG0X/wTXW5zQ7pBMHKILzoiNeP0UzRZ9xb5Z60bRjoRvNZBmSEbDJSpZTUPwBNShTn60atmJrxYU4RskawIDAQABo4IBZzCCAWMwHwYDVR0jBBgwFoAUlfXX69OX7CgWOA3VkPkaq4PbjSIwbgYIKwYBBQUHAQEEYjBgMDYGCCsGAQUFBzAChipodHRwOi8vY2VydHMucGtpLmJlbGdpdW0uYmUvYmVsZ2l1bXJzMi5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnBraS5iZWxnaXVtLmJlMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgdgOAkBAQMDMC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LnBraS5iZWxnaXVtLmJlMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucGtpLmJlbGdpdW0uYmUvZ292ZXJubWVudDIwMDguY3JsMA4GA1UdDwEB/wQEAwIE8DARBglghkgBhvhCAQEEBAMCBLAwHQYDVR0OBBYEFEtJAUmkmKDVbVKDgyQbjEVfFal5MA0GCSqGSIb3DQEBBQUAA4IBAQB6FsBwJq5bUhi7wBqVaXuW4dQObGFJFX0PB7taiI+BDRODtW88uOV9wBj68cDJNPBIMbLA1Oa+yH1YR8f1C3fwz6a5igpnDKOtuQvuCx81mwCSrIYlAP7tqLHFEOV8ghwwwT2+pDE9ev4Y6HBpRl7M/Y+CFG+1eaRrH0LMubUYxiFPxRtq3xVUTAzqznOiL0KwTuur2FWarO/1iQLar1RLBGxgOPE95BzbFY0k1Pm0rcyuZG51pglXge761ADnS/jP4BN79pYT5OFBTbc/YPBOKWIB7HPyeF6l7i2SECa5Ljobu+0xLNEbpyEYgOmtzZhexrZrpTE4IUNeJr5Xq5QS</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-11887961">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#id-20720323">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>golLp0jXjguQkb7j9JKWn/vftB4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
TSCOejeAV4HIMR73CHxWxYaj5P7uHkNlUcMA4tLix3TCtiTDhcxxAe0s0fYpe3vnE3DBe0EQPang
1vtQHss2Sweo4Pqpax7SZVaM1Qa1W7aYC3GCRDb89cCfMhJ415XxFh5cHH321+bkFsQ1f1CFP/l5
ZN2qQH0QPkKcgAUK3xY=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-17877744">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-24863096"><wsse:Reference URI="#CertId-10408342" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-20720323">
<v3:findPerson>
<quer:query version="1.0">
<quer:context version="1.0">
<con:client>
<con:nationalNumber>6743204235312115646</con:nationalNumber>
<con:callerId>TEST</con:callerId>
<con:language>nl</con:language>
</con:client>
<con:message>
<con:messageId>1</con:messageId>
<con:correlationId>22</con:correlationId>
</con:message>
<con:application>
<con:application>gsb</con:application>
</con:application>
</quer:context>
<quer:criteria version="1.0">
<sear:registers>
<sear:register>RR</sear:register>
</sear:registers>
<sear:searchByNumber version="1.0">
<sear:number>1903134343421934331</sear:number>
</sear:searchByNumber>
</quer:criteria>
<quer:filter version="1.0">
<sear1:summary>true</sear1:summary>
<sear1:details>NONE</sear1:details>
<sear1:itList>
<sear1:it>IT000</sear1:it>
</sear1:itList>
</quer:filter>
</quer:query>
</v3:findPerson>
</soapenv:Body></soapenv:Envelope><?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
<SOAP-ENV:Body>
<ns:findPersonResponse xmlns:ns='urn://fsb.belgium.be/fphp/v3_0'><per:personList xmlns:per='urn://fsb.belgium.be/fphp/v3_0/person' xmlns:quer='urn://fsb.belgium.be/fphp/v3_0/query' xmlns:open='http://www.openuri.org/' xmlns:com='urn://fsb.belgium.be/fphp/v3_0/common' xmlns:sear1='urn://fsb.belgium.be/fphp/v3_0/searchfilter' xmlns:con='urn://fsb.belgium.be/fphp/v3_0/context' xmlns:sear='urn://fsb.belgium.be/fphp/v3_0/searchcriteria' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' release='2008050501' version='1.0'><per:context version='1.0'>
<con:client>
<con:nationalNumber>674234501245115646</con:nationalNumber>
<con:callerId>TEST</con:callerId>
<con:language>nl</con:language>
</con:client>
<con:message>
<con:messageId>1</con:messageId>
<con:correlationId>22</con:correlationId>
</con:message>
<con:application>
<con:application>gsb</con:application>
</con:application>
</per:context><per:searchCriteria version='1.0'>
<sear:registers>
<sear:register>RR</sear:register>
</sear:registers>
<sear:searchByNumber version='1.0'>
<sear:number>19234230343193434331</sear:number>
</sear:searchByNumber>
</per:searchCriteria><per:searchFilter version='1.0'>
<sear1:summary>true</sear1:summary>
<sear1:details>NONE</sear1:details>
<sear1:itList>
<sear1:it>IT000</sear1:it>
</sear1:itList>
</per:searchFilter><per:person version='1.0'><per:summary version='1.2'><sum:source xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>RR</sum:source><sum:number xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>13249324103131933123</sum:number><sum:status xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>0</sum:status><sum:gender xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>1</sum:gender><sum:lastName xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>xxxx</sum:lastName><sum:firstName xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>Jxxxx</sum:firstName><sum:birthDate xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'><com:century>19</com:century><com:year>19</com:year><com:month>03</com:month><com:day>13</com:day></sum:birthDate><sum:birth_place_nis_code xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>23077</sum:birth_place_nis_code><sum:birth_place_description xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>Sxxxxxxxx</sum:birth_place_description><sum:nationality_code xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>BE</sum:nationality_code><sum:isAlive xmlns:sum='urn://fsb.belgium.be/fphp/v3_0/summary'>false</sum:isAlive></per:summary></per:person><per:nb_calls RN_NR='1' BCSS_KSZ='0'></per:nb_calls></per:personList></ns:findPersonResponse> </SOAP-ENV:Body>
</SOAP-ENV:Envelope><definitions xmlns="http://ws.apache.org/ns/synapse";>
<property scope="axis2-client" name="FORCE_HTTP_1.0" value="true"/>
<localEntry key="sec_policy" src="file:repository/conf/policy.xml"/>
<log level="full"/>
<sequence name="remove-wsse-header">
<header name="wsse:Security" action="remove" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; />
</sequence>
<sequence name="fault">
<log level="custom">
<property name="text" value="SYNAPSE (LOCAL) error"/>
<property name="message" expression="get-property('ERROR_MESSAGE')"/>
</log>
<makefault>
<code value="tns:Receiver" xmlns:tns="http://www.w3.org/2003/05/soap-envelope"/>
<reason expression="get-property('ERROR_MESSAGE')"/>
</makefault>
<property name="RESPONSE" value="true"/>
<sequence key="remove-wsse-header"/>
<send/>
</sequence>
<in>
<filter source="get-property('Action')" regex=".*findPerson.*">
<send>
<endpoint>
<address uri="https://e-depottest.smals-mvm.be/fphp/3.1/ws/PersonQuery.jws";>
<!--<address uri="http://localhost:8888";>-->
<enableAddressing/>
<enableSec policy="sec_policy"/>
<timeout>
<duration>10</duration>
<action>fault</action>
</timeout>
</address>
</endpoint>
</send>
<drop/>
</filter>
</in>
<out>
<sequence key="remove-wsse-header"/>
<send/>
</out>
<drop>
</drop>
</definitions>
