axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Resnicow (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AXIS2-5347) Axis returns an HTTP OK when it should return an HTTP Error response
Date Tue, 19 Jun 2012 20:16:42 GMT
Bill Resnicow created AXIS2-5347:
------------------------------------

             Summary: Axis returns an HTTP OK when it should return an HTTP Error response
                 Key: AXIS2-5347
                 URL: https://issues.apache.org/jira/browse/AXIS2-5347
             Project: Axis2
          Issue Type: Bug
    Affects Versions: 1.6.0
         Environment: RHEL
            Reporter: Bill Resnicow
            Priority: Minor


A SOAP message is sent from one server to another using Axis2 1.6.0.   Rampart is engaged
on the sender but not on the receiving server.   The Soap message contains a security header
with 'Must Understand' set to TRUE.   The receiving server processes the Soap headers and
because Rampart is not engaged, it rejects it.   But the HTTP response sent back is an HTTP
200 OK, whereas it should be an HTTP Error response.

Here is a snippet of the SOAP message:
POST /messaging/services/Messaging HTTP/1.1
Content-Type: application/soap+xml; charset=UTF-8; action="http://docs.oasis-open.org/wsn/bw-2/NotificationConsumer/Notify"
User-Agent: Axis2
Host: nob-00240-soem.wint.army.mil:8080
Content-Length: 5110

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="true">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Timestamp-41"><wsu:Created>2012-04-11T16:54:03.738Z</wsu:Created><wsu:Expires>2012-04-11T16:59:03.738Z</wsu:Expires></wsu:Timestamp>
...
Response:
HTTP/1.1 202 Accepted
Content-Length: 0
Date: Wed, 11 Apr 2012 16:54:03 GMT
Server: null


and here is the Axis log:
<WINT_Event logger="org.apache.axis2.engine.AxisEngine" timestamp="1334163243813" ddmsTimeFormat="2012-04-11T16:54:03.813Z"
level="ERROR" thread="http-0.0.0.0-8080-1">
    <WINT_Message>Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
        : Security</WINT_Message>
    <WINT_Throwable>org.apache.axis2.AxisFault: Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
        : Security at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
        at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message