Hi all,
thanks Ruchith's fast tip I am now able to combine any actions either in
the InflowSecurity OR the OutflowSecurity.
But if I try and combine both of them, I get a strange behaviour.
The simplest case is the following. Client and Server config are as
follows:
<parameter name="OutflowSecurity">
<action>
<items>Timestamp</items>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp</items>
</action>
</parameter>
The SOAP-Response contains the following Security Header:
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="true">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-17940412">
<wsu:Created>2006-05-22T16:03:47.031Z</wsu:Created>
<wsu:Expires>2006-05-22T16:08:47.031Z</wsu:Expires>
</wsu:Timestamp>
<wsse11:SignatureConfirmation
xmlns:wsse11="http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-secext-1.1.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SigConf-16398807" />
</wsse:Security>
It is interesting that the response contains a
"SignatureConfirmation"-element (the request does NOT contain one).
Consistently the Client throws the following exception:
Exception in thread "main" org.apache.axis2.AxisFault: WSHandler: Check
Signature confirmation: got a SC element, but no stored SV; nested
exception is:
org.apache.ws.security.WSSecurityException: WSHandler: Check
Signature confirmation: got a SC element, but no stored SV
at
org.apache.axis2.security.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:336)
at
org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:82)
at org.apache.axis2.engine.Phase.invoke(Phase.java:381)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:445)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:355)
at
org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:279)
at
org.apache.ws.axis2.ReverseWSStub.reverseString(ReverseWSStub.java:109)
at reverseTest.Test.main(Test.java:26)
Caused by: org.apache.ws.security.WSSecurityException: WSHandler: Check
Signature confirmation: got a SC element, but no stored SV
at
org.apache.ws.security.handler.WSHandler.checkSignatureConfirmation(WSHandler.java:294)
at
org.apache.axis2.security.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:196)
... 8 more
Other errors appear if I combine other actions. As mentioned, everything
works fine if I just configure the security one-way, I can use any
action-order.
Freundliche Grüße / With kind regards
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
