axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Veithen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AXIS2-5347) Axis returns an HTTP OK when it should return an HTTP Error response
Date Thu, 21 Jun 2012 17:39:42 GMT

    [ https://issues.apache.org/jira/browse/AXIS2-5347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398626#comment-13398626
] 

Andreas Veithen commented on AXIS2-5347:
----------------------------------------

Note that your description of the issue doesn't match the SOAP response shown: the HTTP status
code is 202, not 200.
                
> Axis returns an HTTP OK when it should return an HTTP Error response
> --------------------------------------------------------------------
>
>                 Key: AXIS2-5347
>                 URL: https://issues.apache.org/jira/browse/AXIS2-5347
>             Project: Axis2
>          Issue Type: Bug
>    Affects Versions: 1.6.0
>         Environment: RHEL
>            Reporter: Bill Resnicow
>            Priority: Minor
>
> A SOAP message is sent from one server to another using Axis2 1.6.0.   Rampart is engaged
on the sender but not on the receiving server.   The Soap message contains a security header
with 'Must Understand' set to TRUE.   The receiving server processes the Soap headers and
because Rampart is not engaged, it rejects it.   But the HTTP response sent back is an HTTP
200 OK, whereas it should be an HTTP Error response.
> Here is a snippet of the SOAP message:
> POST /messaging/services/Messaging HTTP/1.1
> Content-Type: application/soap+xml; charset=UTF-8; action="http://docs.oasis-open.org/wsn/bw-2/NotificationConsumer/Notify"
> User-Agent: Axis2
> Host: nob-00240-soem.wint.army.mil:8080
> Content-Length: 5110
> <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="true">
> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-41"><wsu:Created>2012-04-11T16:54:03.738Z</wsu:Created><wsu:Expires>2012-04-11T16:59:03.738Z</wsu:Expires></wsu:Timestamp>
> ...
> Response:
> HTTP/1.1 202 Accepted
> Content-Length: 0
> Date: Wed, 11 Apr 2012 16:54:03 GMT
> Server: null
> and here is the Axis log:
> <WINT_Event logger="org.apache.axis2.engine.AxisEngine" timestamp="1334163243813"
ddmsTimeFormat="2012-04-11T16:54:03.813Z"
> level="ERROR" thread="http-0.0.0.0-8080-1">
>     <WINT_Message>Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>         : Security</WINT_Message>
>     <WINT_Throwable>org.apache.axis2.AxisFault: Must Understand check failed for
header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>         : Security at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
>         at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
>         at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:637) 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message