Issue Details (XML | Word | Printable)

Key: WSIT-1451
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: kumarjayanti
Reporter: montebove
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
wsit

WSIT not compliant to WS-I Basic Profile R1126

Created: 02/Jul/10 03:43 AM   Updated: 08/Dec/10 03:51 AM   Resolved: 08/Dec/10 03:51 AM
Component/s: jaxws-runtime
Affects Version/s: 2.0
Fix Version/s: 2.1

Time Tracking:
Not Specified

Environment:

Operating System: All
Platform: All


Issuezilla Id: 1,451
Tags:
Participants: jitu, kumarjayanti, kumarjayanti, m_potociar, montebove and montebove


 Description  « Hide

When using Metro 2.0.1 without any WSS policy, when a server throws an Exception
it is returned as a SOAPFault in the SOAPBody and the HTTP return code is as
expected 500 (according to WS-I Basic Profile R1126 "An INSTANCE MUST return a
"500 Internal Server Error" HTTP status code if the response envelope is a Fault.").

But, when adding any WSS policy with WSIT like a simple XML Signature like this one:
<wsp:Policy wsu:Id="Sign">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
...
</sp:RecipientToken>
...
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts>
<sp:Body/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

the server behaviour in presence of a SOAPFault changes:
the SOAPFault is generated and also signed correctly, according to the policy,
but the HTTP code is now 200 not respecting WS-I Basic Profile R1126.

Luciano



m_potociar added a comment - 13/Oct/10 10:52 AM

Reassigning to security as it seems to be related to the security


kumarjayanti added a comment - 14/Oct/10 08:20 AM

started


kumarjayanti added a comment - 06/Dec/10 06:19 AM

I can see http response code 200 if body of the fault response is encrypted and an exception is thrown from the webservice.

================
[#|2010-12-06T19:28:43.260+0530|SEVERE|glassfish3.1|com.sun.xml.ws.server.sei.EndpointMethodHandler|_ThreadID=20;_ThreadName=Thread-1;|javax.acti
vation.DataHandler cannot be cast to com.sun.xml.internal.ws.developer.StreamingDataHandler
java.lang.ClassCastException: javax.activation.DataHandler cannot be cast to com.sun.xml.internal.ws.developer.StreamingDataHandler
at test.NewWebService.ping(NewWebService.java:38)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.glassfish.webservices.InstanceResolverImpl$1.invoke(InstanceResolverImpl.java:143)
at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:150)
at com.sun.xml.ws.server.sei.EndpointMethodHandler.invoke(EndpointMethodHandler.java:261)
at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:100)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:116)
at org.glassfish.webservices.MonitoringPipe.process(MonitoringPipe.java:142)
at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482)
at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:116)
at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:212)
at com.sun.enterprise.security.webservices.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:144) at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:119)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:641)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:600)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:585)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:482) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:314)
at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:615)
at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:269)
at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:148)

[#|2010-12-06T19:33:18.364+0530|INFO|glassfish3.1|null|_ThreadID=20;_ThreadName=Thread-1;|--[HTTP response - http://localhost:8080/1081/NewWebServiceService - 200]--|#][#|2010-12-06T19:33:18.364+0530|INFO|glassfish3.1|null|_ThreadID=20;_ThreadName=Thread-1;|null: HTTP/1.1 200 OK|#][#|2010-12-06T19:33:18.364+0530|INFO|glassfish3.1|null|_ThreadID=20;_ThreadName=Thread-1;|Content-Type: multipart/related;start="<rootpart*ba0546ae-882b-4db6-8df0-884c992be1d9@example.jaxws.sun.com>";type="application/xop+xml";boundary="uuid:ba0546ae-882b-4db6-8df0-884c992be1d9";start-info="text/xml"|#]

=========================

I have checked the VerifiedStreamMessage.java class where we properly overridden the

public String getPayloadLocalPart() { return payloadLocalName; }


kumarjayanti added a comment - 06/Dec/10 06:24 AM - edited

assign to jitu. I believe JAXWS will have to check the action header when fault payload is encrypted:

<Action xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5003">http://www.w3.org/2005/08/addressing/fault</Action><MessageID xmlns="http://www.w3.org/2005/08/addressing" wsu:Id="_5002">

And whenever we have to throw a soap-fault from security tube we use the following code:

} catch (WssSoapFaultException ex) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), ex); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(ex, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } catch (XWSSecurityException xwse) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), xwse); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(xwse, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } catch (XWSSecurityRuntimeException xwse) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), xwse); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(xwse, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } catch (WebServiceException xwse) { log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), xwse); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(xwse, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } } catch (WSSecureConversationRuntimeException wsre){
log.log(Level.SEVERE,
LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), wsre);
thereWasAFault = true;
QName faultCode = wsre.getFaultCode();
if (faultCode != null){ faultCode = new QName(wsscVer.getNamespaceURI(), faultCode.getLocalPart()); }
SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(faultCode, wsre, soapFactory, soapVersion);
msg = Messages.create(sfe, soapVersion);
} catch(SOAPException se){ // internal error log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), se); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(se, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); } catch (Exception ex) { //NPE's from server need to be handled as well log.log(Level.SEVERE, LogStringsMessages.WSITPVD_0035_ERROR_VERIFY_INBOUND_MSG(), ex); thereWasAFault = true; SOAPFaultException sfe = SOAPUtil.getSOAPFaultException(ex, soapFactory, soapVersion); msg = Messages.create(sfe, soapVersion); }


jitu added a comment - 06/Dec/10 10:30 AM

What does your security message impl return for the following method in case of fault

Message#isFault() ?

Based on that, JAX-WS sends an appropriate HTTP status code.


montebove added a comment - 07/Dec/10 03:22 AM

I don't know if this is the message class used when security is enabled but in
com.sun.xml.ws.security.opt.impl.message.MessageWrapper
there is an implementation that returns always false:

public boolean isFault() { return false; }


kumarjayanti added a comment - 08/Dec/10 03:51 AM

fixed.