ariel sabiguero yawelak
2016-08-19 19:09:04 UTC
Hello.
I am trying to invoke a WS using a cliente based on Axis 1.6.4 + Rampart
1.6.4. There is no access to the server to access log files or get other
information.
The WSDL includes this "simple" policy:
<wsp:Policy
wsu:Id="policy0"><wsp:ExactlyOne><wsp:All><dpe:summary><dppolicy:domain>
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512
</dppolicy:domain><description>
Implements WS Security Policy 1.1 - support SignedParts
</description></dpe:summary><sp:SignedParts><sp:Body/></sp:SignedParts></wsp:All></wsp:ExactlyOne></wsp:Policy>.
I am able to perform all steps of the invocation, getting the expected
answer (captured with wireshark), but the client stack issues the
exception of the subject:
org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
(actions mismatch)
I enabled debugging of axis2+rampart, got thousands of lines, but I was
unable to find a clue where the problem might be. I am able to invoke
other services (different WSDL that require the same policy).
Could you please suggest any means to get further information regarding
the exact cause of the exception, particularly, which action is not
matched to the expected one.
thanks in advance.
ariel
________________________-
The last lines of the debug are
[DEBUG] Expected digest: ArJioN0QbLDaEalv6/xFvl3vLUE=
[DEBUG] Actual digest: ArJioN0QbLDaEalv6/xFvl3vLUE=
[DEBUG] Reference[#Body-a242ab8e-6e16-4c36-967e-d07b76262f8d] is valid: true
[DEBUG] XMLStreamReader is
org.apache.axiom.util.stax.dialect.Woodstox3StreamReaderWrapper
[DEBUG] Starting to process SOAP 1.1 message
[DEBUG] Preparing to validate certificate path for issuer CN=Correo
Uruguayo - CA,OU=SERVICIOS ELECTRONICOS,O=ADMINISTRACION NACIONAL DE
CORREOS,C=UY
[DEBUG] Certificate path has been verified for certificate with subject
CN=DGI-RUC PRUEBA
CEDE,2.5.4.5=#130f525543323139393939383330303139,C=UY,ST=Montevideo,O=DGI-RUC
PRUEBA CEDE,OU=SOPORTE DE SISTEMAS,OU=SOPORTE TECNICO,OU=SEGURIDAD
INFORMATICA,1.2.840.113549.1.9.1=#161367646f726e656c6c406467692e6775622e7579
[DEBUG] No certificate found for subject from issuer with CN=Correo
Uruguayo - CA,OU=SERVICIOS ELECTRONICOS,O=ADMINISTRACION NACIONAL DE
CORREOS,C=UY (serial 155761856642617054135126896023459966393)
[WARN] No Subject DN Certificate Constraints were defined. This could be
a security issue
[DEBUG] Validation of Created: Everything is ok
[DEBUG] WSDoAllReceiver: exit invoke()
[ERROR] WSDoAllReceiver: security processing failed (actions mismatch)
org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
(actions mismatch)
at
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:349)
at
org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:85)
at
org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
uy.gub.dgi.WS_eFactura_ConsultasStub.eFACCONSULTARENVIOSCFE(WS_eFactura_ConsultasStub.java:284)
at com.ksasociados.dgi.Connection.main(Connection.java:63)
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() in Phase "Security"
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() for Handler 'Apache Rampart inflow handler' in Phase
'Security'
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() in Phase "Addressing"
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() for Handler 'AddressingBasedDispatcher' in Phase 'Addressing'
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() in Phase "Transport"
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() for Handler 'SOAPActionBasedDispatcher' in Phase 'Transport'
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() for Handler 'RequestURIBasedDispatcher' in Phase 'Transport'
I am trying to invoke a WS using a cliente based on Axis 1.6.4 + Rampart
1.6.4. There is no access to the server to access log files or get other
information.
The WSDL includes this "simple" policy:
<wsp:Policy
wsu:Id="policy0"><wsp:ExactlyOne><wsp:All><dpe:summary><dppolicy:domain>
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512
</dppolicy:domain><description>
Implements WS Security Policy 1.1 - support SignedParts
</description></dpe:summary><sp:SignedParts><sp:Body/></sp:SignedParts></wsp:All></wsp:ExactlyOne></wsp:Policy>.
I am able to perform all steps of the invocation, getting the expected
answer (captured with wireshark), but the client stack issues the
exception of the subject:
org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
(actions mismatch)
I enabled debugging of axis2+rampart, got thousands of lines, but I was
unable to find a clue where the problem might be. I am able to invoke
other services (different WSDL that require the same policy).
Could you please suggest any means to get further information regarding
the exact cause of the exception, particularly, which action is not
matched to the expected one.
thanks in advance.
ariel
________________________-
The last lines of the debug are
[DEBUG] Expected digest: ArJioN0QbLDaEalv6/xFvl3vLUE=
[DEBUG] Actual digest: ArJioN0QbLDaEalv6/xFvl3vLUE=
[DEBUG] Reference[#Body-a242ab8e-6e16-4c36-967e-d07b76262f8d] is valid: true
[DEBUG] XMLStreamReader is
org.apache.axiom.util.stax.dialect.Woodstox3StreamReaderWrapper
[DEBUG] Starting to process SOAP 1.1 message
[DEBUG] Preparing to validate certificate path for issuer CN=Correo
Uruguayo - CA,OU=SERVICIOS ELECTRONICOS,O=ADMINISTRACION NACIONAL DE
CORREOS,C=UY
[DEBUG] Certificate path has been verified for certificate with subject
CN=DGI-RUC PRUEBA
CEDE,2.5.4.5=#130f525543323139393939383330303139,C=UY,ST=Montevideo,O=DGI-RUC
PRUEBA CEDE,OU=SOPORTE DE SISTEMAS,OU=SOPORTE TECNICO,OU=SEGURIDAD
INFORMATICA,1.2.840.113549.1.9.1=#161367646f726e656c6c406467692e6775622e7579
[DEBUG] No certificate found for subject from issuer with CN=Correo
Uruguayo - CA,OU=SERVICIOS ELECTRONICOS,O=ADMINISTRACION NACIONAL DE
CORREOS,C=UY (serial 155761856642617054135126896023459966393)
[WARN] No Subject DN Certificate Constraints were defined. This could be
a security issue
[DEBUG] Validation of Created: Everything is ok
[DEBUG] WSDoAllReceiver: exit invoke()
[ERROR] WSDoAllReceiver: security processing failed (actions mismatch)
org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
(actions mismatch)
at
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:349)
at
org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:85)
at
org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
uy.gub.dgi.WS_eFactura_ConsultasStub.eFACCONSULTARENVIOSCFE(WS_eFactura_ConsultasStub.java:284)
at com.ksasociados.dgi.Connection.main(Connection.java:63)
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() in Phase "Security"
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() for Handler 'Apache Rampart inflow handler' in Phase
'Security'
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() in Phase "Addressing"
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() for Handler 'AddressingBasedDispatcher' in Phase 'Addressing'
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() in Phase "Transport"
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() for Handler 'SOAPActionBasedDispatcher' in Phase 'Transport'
[DEBUG] [MessageContext:
logID=6473b7f637083c2865b92991a31540228f1e651b3d26d9c7] Invoking
flowComplete() for Handler 'RequestURIBasedDispatcher' in Phase 'Transport'