Login/Register
How to add MessageID in SOAP request using Axis2 and Rampart
Asked Answered
xmlweb-servicessoapapache-axisrampart
S

1

13

I am trying to build a client application that consume external server application using Axis2 and rampat 1.6.

Everything seems to be fine when checking SOAP request, since SOAP get encrypted and signed as expected. Following is the policy.xml file used for that purpose:

<wsp:Policy wsu:Id="MyPolicy"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
    xmlns:wsam="http://schemas.xmlsoap.org/ws/2004/08/addressing" 
    xmlns:wst="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">
<wsp:ExactlyOne>
    <wsp:All>
        <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
            <wsp:Policy>
                <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
            </wsp:Policy>
        </sp:SignedSupportingTokens>
        <sp:SymmetricBinding>
            <wsp:Policy>
                <sp:ProtectionToken>
                    <wsp:Policy>
                        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                            <wsp:Policy>
                                <sp:RequireIssuerSerialReference/>
                                <sp:WssX509V3Token10/>
                            </wsp:Policy>
                        </sp:X509Token>
                    </wsp:Policy>
                </sp:ProtectionToken>

                <sp:AlgorithmSuite>
                    <wsp:Policy>
                        <sp:Basic128/>
                    </wsp:Policy>
                </sp:AlgorithmSuite>
                <sp:IncludeTimestamp/>
                <sp:Layout>
                    <wsp:Policy>
                        <sp:Strict/>
                    </wsp:Policy>
                </sp:Layout>
                <sp:OnlySignEntireHeadersAndBody/>
            </wsp:Policy>
        </sp:SymmetricBinding>
        <sp:EncryptedParts>
            <sp:Body />
        </sp:EncryptedParts>
        <sp:SignedParts>
            <sp:Body/>
            <sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="ReplyTo"/>
            <sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="To"/>
            <sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="From"/>
            <sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="AckRequested"/>
            <sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="CreateSequence"/>
            <sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="Sequence"/>
            <sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="MessageID"/>
            <sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="FaultTo"/>
            <sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="SequenceAcknowledgement"/>
            <sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="Action"/>
            <sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="RelatesTo"/>
        </sp:SignedParts>
        <sp:Wss11>
            <wsp:Policy>
                <sp:MustSupportRefEncryptedKey/>
                <sp:MustSupportRefIssuerSerial/>
                <sp:MustSupportRefThumbprint/>
            </wsp:Policy>
        </sp:Wss11>
        <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
            <ramp:userCertAlias>mySignAlias</ramp:userCertAlias>
            <ramp:encryptionUser>myEncryptAlias</ramp:encryptionUser>
            <ramp:user>myUser</ramp:user>
            <ramp:passwordCallbackClass>myPackage.PasswordCallBackHandler</ramp:passwordCallbackClass>
            <ramp:encryptionCypto>
                <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                    <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                    <ramp:property name="org.apache.ws.security.crypto.merlin.file">[path goes here]/clientTrustStore.jks</ramp:property>
                    <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
                </ramp:crypto>
            </ramp:encryptionCypto>

            <ramp:signatureCrypto>
                <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                    <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                    <ramp:property name="org.apache.ws.security.crypto.merlin.file">[path goes here]/clientKeyStore.jks</ramp:property>
                    <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
                </ramp:crypto>
            </ramp:signatureCrypto>
        </ramp:RampartConfig>

    </wsp:All>
</wsp:ExactlyOne>

But I am getting the following axis fault while calling external server application:

SEVERE: org.apache.axis2.AxisFault: com.sun.xml.wss.XWSSecurityException: Policy verification error:Missing target MessageID for Signature
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

The error is self descriptive, SOAP request is missing MessageID tag in SOAP header. I tired to find out how to add mentioned tag but no luck; I found out how to add custom SOAP header in this link adding authentication header to client stub axis2

But I want to avoid that since I am using PasswordCallBackHandler to add authentication proprieties.

Is there any way to add the MessageID automatically within SOAP header ? Further, there is similar tags like Action , ReplyTo ,To , and From how to add them to SOAP header ?

-- UPDATE:

From the auto generated java files using Axis2 tool - see Apache Axis2 User's Guide - Creating Clients to know how stub files has been generated - I went to the API method in the auto generated Java class ServiceStub. There is a message contxet is created to send SOAP request like the follwoing:

 // create a message context
_messageContext = new org.apache.axis2.context.MessageContext();

I used the object _messageContext to set the message ID as follow:

_messageContext.setMessageID("TEST_123456");

Further, I ran application on debug mode and I can see that TEST_123456 has been added to the SOAP request as MessageID and the server is using the same MessageID in its response. But still I am getting this wired error Policy verification error:Missing target MessageID for Signature

It is confusing me how server said he is missingMessageID although it is appearing in SOAP request and response which coming from the server only !

Is this has any thing to do with the auto signature proccess ? But even so, MessageID is already added in the SignedParts from policy file what else could be done to over come this issue ?

Switchblade answered 25/8, 2015 at 8:19 Comment(0)
H
0

You can add all properties like Message,Action,To and Other Properties in Stub::ServiceClient::Options.

ServiceClient client = serviceStub._getServiceClient();
Options options = client.getOptions();
options.setAction(action);
options.setTo(new EndpointReference(referenceURL));
options.setMessageId(UUID.randomUUID().toString());

Sample Reference

Hyperbolic answered 20/7, 2021 at 11:36 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.