Databases
StackOverflow2013
Postsdbo
PORampart PostDispatchVerificationHandler: InvalidSecurity - Security policy not found
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PORampart PostDispatchVerificationHandler: InvalidSecurity - Security policy not found
    primarykey
    data
    text
    <p><strong>Edit:</strong></p> <p>I tweaked the Rampart configuration a little and I am now stuck at another point.</p> <p>In Rampart's PostDispatchVerificationHandler an exception is thrown, because the security header hasn't been processed. </p> <pre><code>// If a security header is there and Rampart is engaged, it has to be processed. // If it is not processed, there must have been a problem in picking the policy SOAPHeaderBlock secHeader = getSecurityHeader(msgContext); if (secHeader != null &amp;&amp; (secHeader.isProcessed() == false)) { throw new AxisFault("InvalidSecurity - Security policy not found"); } </code></pre> <p>Log:</p> <pre><code>[DEBUG] [MessageContext: logID=a5012f2f13095af97123a192575c50a7f727850f3a9ecfc5] Invoking Handler 'HTTPLocationBasedDispatcher' in Phase 'Dispatch' [DEBUG] [MessageContext: logID=a5012f2f13095af97123a192575c50a7f727850f3a9ecfc5] Invoking Handler 'Post dispatch security verification handler' in Phase 'Dispatch' [ERROR] InvalidSecurity - Security policy not found org.apache.axis2.AxisFault: InvalidSecurity - Security policy not found at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:189) at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at org.apache.axis2.engine.Phase.invoke(Phase.java:313) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at webservices.chargepoint.com.dictionary.ChargepointservicesStub.getCPNInstances(ChargepointservicesStub.java:5361) at webservices.chargepoint.com.dictionary.Chargepoint.&lt;init&gt;(Chargepoint.java:180) at webservices.chargepoint.com.dictionary.Chargepoint.main(Chargepoint.java:81) [DEBUG] [MessageContext: logID=a5012f2f13095af97123a192575c50a7f727850f3a9ecfc5] Invoking flowComplete() in Phase "Dispatch" ... org.apache.axis2.AxisFault: InvalidSecurity - Security policy not found at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:189) at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) at org.apache.axis2.engine.Phase.invoke(Phase.java:313) at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165) at webservices.chargepoint.com.dictionary.ChargepointservicesStub.getCPNInstances(ChargepointservicesStub.java:5361) at webservices.chargepoint.com.dictionary.Chargepoint.&lt;init&gt;(Chargepoint.java:180) at webservices.chargepoint.com.dictionary.Chargepoint.main(Chargepoint.java:81) </code></pre> <p>That is the security header:</p> <pre><code>&lt;wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" soapenv:mustUnderstand="1"&gt; &lt;wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"&gt; &lt;wsu:Created&gt;2013-12-16T23:07:03.868Z&lt;/wsu:Created&gt; &lt;wsu:Expires&gt;2013-12-16T23:12:03.868Z&lt;/wsu:Expires&gt; &lt;/wsu:Timestamp&gt; &lt;/wsse:Security&gt; </code></pre> <p>That is Rampart's policy file:</p> <pre><code>&lt;wsp:Policy wsu:Id="UsernameToken" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"&gt; &lt;wsp:ExactlyOne&gt; &lt;wsp:All&gt; &lt;sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"&gt; &lt;wsp:Policy&gt; &lt;sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/&gt; &lt;/wsp:Policy&gt; &lt;/sp:SupportingTokens&gt; &lt;/wsp:All&gt; &lt;/wsp:ExactlyOne&gt; &lt;/wsp:Policy&gt; </code></pre> <p>The user credentials are set in the Java code:</p> <pre><code>Options options = stubWeb._getServiceClient().getOptions(); try { options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("policy.xml")); } catch (XMLStreamException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } options.setUserName("xxx"); options.setPassword("yyy"); stubWeb._getServiceClient().setOptions(options); stubWeb._getServiceClient().engageModule("rampart"); </code></pre> <p><strong>Original Post:</strong></p> <p>I've been googling this error for days but I am out of ideas. </p> <p>The code is generated by Axis2 for a SOAP webservice based on this WSDL: <a href="https://webservices.chargepoint.com/cp_api_4.1.wsdl">https://webservices.chargepoint.com/cp_api_4.1.wsdl</a></p> <p>With soapUI everything works well and I can also get some mock responses with my code from my local Tomcat server. When trying to connect to the web service with my Java client I always receive this error:</p> <blockquote> <p>org.apache.axis2.AxisFault: Must Understand check failed for header <a href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</a> : Security</p> </blockquote> <p>That's my code (username and password are hidden):</p> <pre><code>public static void main(String[] args) { log4j.getRootLogger().setLevel(Level.DEBUG); GetCPNInstancesResponse resp = new GetCPNInstancesResponse(); ChargepointservicesStub stubWeb = null; try { ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("/Users/jonas/projects/workspace_openHAB/axis2-1.6.2_clean/repository", null); stubWeb = new ChargepointservicesStub(ctx); GetCPNInstances cpn = new GetCPNInstances(); SOAPFactory sfac = OMAbstractFactory.getSOAP11Factory(); stubWeb._getServiceClient().engageModule("rampart"); OMFactory omFactory = OMAbstractFactory.getOMFactory(); OMNamespace wsseNamespace = omFactory.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse"); OMElement omSecurityElement = omFactory.createOMElement("Security", wsseNamespace); // omSecurityElement.addAttribute("soapenv:mustUnderstand", "1", null); // OMNamespace soapenv = omFactory.createOMNamespace("http://schemas.xmlsoap.org/soap/envelope/", "soapenv"); // omSecurityElement.addAttribute("mustUnderstand", "1", soapenv); OMElement omusertoken = omFactory.createOMElement("UsernameToken", wsseNamespace); OMElement omuserName = omFactory.createOMElement("Username", wsseNamespace); omuserName.setText("yyy"); OMElement omPassword = omFactory.createOMElement("Password", wsseNamespace); omPassword.setText("xxx"); omPassword.addAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText", null); omusertoken.addChild(omuserName); omusertoken.addChild(omPassword); omSecurityElement.addChild(omusertoken); SOAPHeaderBlock block = ElementHelper.toSOAPHeaderBlock(omSecurityElement, sfac); block.setMustUnderstand(true); stubWeb._getServiceClient().addHeader(block); resp = stubWeb.getCPNInstances(cpn); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } </code></pre> <p>That generates this request:</p> <pre><code>[DEBUG] &gt;&gt; "&lt;?xml version='1.0' encoding='UTF-8'?&gt; &lt;soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"&gt; &lt;soapenv:Header&gt; &lt;wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"&gt; &lt;wsse:UsernameToken&gt; &lt;wsse:Username&gt;yyy&lt;/wsse:Username&gt; &lt;wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"&gt;xxx&lt;/wsse:Password&gt; &lt;/wsse:UsernameToken&gt; &lt;/wsse:Security&gt; &lt;/soapenv:Header&gt; &lt;soapenv:Body&gt; &lt;ns1:getCPNInstances xmlns:ns1="urn:dictionary:com.chargepoint.webservices" /&gt; &lt;/soapenv:Body&gt; &lt;/soapenv:Envelope&gt;" </code></pre> <p>The exact same request works with soapUI. </p> <p>I also receive a correct response by the server with my code: </p> <pre><code>&lt;?xml version='1.0' encoding='utf-8'?&gt; &lt;soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"&gt; &lt;soapenv:Header&gt; &lt;wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"&gt;&lt;wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"&gt; &lt;wsu:Created&gt;2013-10-25T16:54:30.767Z&lt;/wsu:Created&gt; &lt;wsu:Expires&gt;2013-10-25T16:59:30.767Z&lt;/wsu:Expires&gt;&lt;/wsu:Timestamp&gt; &lt;/wsse:Security&gt; &lt;/soapenv:Header&gt; &lt;soapenv:Body&gt; &lt;ns1:getCPNInstancesResponse xmlns:ns1="urn:dictionary:com.chargepoint.webservices"&gt; &lt;CPN&gt; &lt;cpnID&gt;1&lt;/cpnID&gt; &lt;cpnName&gt;USA&lt;/cpnName&gt; &lt;cpnDescription&gt;ChargePoint Operations&lt;/cpnDescription&gt; &lt;/CPN&gt; &lt;CPN&gt; &lt;cpnID&gt;2&lt;/cpnID&gt; &lt;cpnName&gt;EU&lt;/cpnName&gt; &lt;cpnDescription&gt;ChargePoint Europe&lt;/cpnDescription&gt; &lt;/CPN&gt; &lt;CPN&gt; &lt;cpnID&gt;3&lt;/cpnID&gt; &lt;cpnName&gt;AU&lt;/cpnName&gt; &lt;cpnDescription&gt;ChargePoint Australia&lt;/cpnDescription&gt; &lt;/CPN&gt; &lt;/ns1:getCPNInstancesResponse&gt; &lt;/soapenv:Body&gt; &lt;/soapenv:Envelope&gt; </code></pre> <p>But then the security module messes something up.</p> <p>This is part of the debug log:</p> <pre><code>[DEBUG] XMLStreamWriter is org.apache.axiom.util.stax.dialect.WoodstoxStreamWriterWrapper [DEBUG] Calling MTOMXMLStreamWriter.flush [DEBUG] forceExpand: expanding element {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security [DEBUG] forceExpand stack java.lang.Exception: Debug Stack Trace at org.apache.axiom.om.impl.llom.OMSourcedElementImpl.forceExpand(OMSourcedElementImpl.java:264) at org.apache.axiom.om.impl.llom.OMSourcedElementImpl.getAttribute(OMSourcedElementImpl.java:416) at org.apache.axiom.soap.impl.llom.SOAPHeaderBlockImpl.setAttribute(SOAPHeaderBlockImpl.java:91) at org.apache.axiom.soap.impl.llom.soap11.SOAP11HeaderBlockImpl.setMustUnderstand(SOAP11HeaderBlockImpl.java:105) at chargepoint.com.dictionary.Chargepoint.main(Chargepoint.java:74) </code></pre> <p>When I use </p> <blockquote> <p>omSecurityElement.addAttribute("soapenv:mustUnderstand", "1", null);</p> </blockquote> <p>instead of </p> <blockquote> <p>block.setMustUnderstand(true);</p> </blockquote> <p>The exception above is gone and I get this error:</p> <pre><code>[DEBUG] serialize OutputStream optimisation: false [DEBUG] getReader [DEBUG] XMLStreamReader is org.apache.axiom.util.stax.dialect.WoodstoxStreamReaderWrapper org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxParsingException: Undeclared namespace prefix "soapenv" (for attribute "mustUnderstand") at [row,col {unknown-source}]: [1,137] at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:296) at org.apache.axiom.om.impl.llom.OMDocumentImpl.buildNext(OMDocumentImpl.java:153) at org.apache.axiom.om.impl.llom.OMDocumentImpl.getFirstOMChild(OMDocumentImpl.java:242) at org.apache.axiom.om.impl.llom.OMDocumentImpl.getChildren(OMDocumentImpl.java:204) </code></pre> <p>With this code the error is gone but the issue remains. </p> <pre><code>OMNamespace soapenv = omFactory.createOMNamespace("http://schemas.xmlsoap.org/soap/envelope/", "soapenv"); omSecurityElement.addAttribute("mustUnderstand", "1", soapenv); </code></pre> <p>That are the most interesting parts from the debug log:</p> <pre><code>[DEBUG] [MessageContext: logID=ca3f0db9a4fb557a33edc579a48f31508ff1f2b457c617f6] Invoking phase "Security" [DEBUG] [MessageContext: logID=ca3f0db9a4fb557a33edc579a48f31508ff1f2b457c617f6] Invoking Handler 'SecurityOutHandler' in Phase 'Security' [DEBUG] WSDoAllReceiver: enter invoke() [DEBUG] Signature crypto property file is not set. Property file key - signaturePropFile [DEBUG] Signature crypto property file is not set. Property file key - signaturePropFile [DEBUG] WSDoAllReceiver: exit invoke() ... [DEBUG] [MessageContext: logID=ba3f0db9a4fb557a33edc579a48f31508ff1f2b457c617f6] Checking post-conditions for phase "OperationInPhase" [DEBUG] MustUnderstand header not processed or registered as understood{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security [DEBUG] org.apache.axis2.i18n.resource::handleGetObject(mustunderstandfailed) [ERROR] Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:105) </code></pre> <p>Here you can see the whole debug log: <a href="https://drive.google.com/file/d/0B_iw7qzMyYhOSDNEMW5oOHgzY0k/edit?usp=sharing">https://drive.google.com/file/d/0B_iw7qzMyYhOSDNEMW5oOHgzY0k/edit?usp=sharing</a></p> <p>If you have any advice how to solve that problem I would be very grateful.</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USJonas
    1. USJonas
    plurals
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. PORampart PostDispatchVerificationHandler: InvalidSecurity - Security policy not found
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PORampart PostDispatchVerificationHandler: InvalidSecurity - Security policy not found
      1. USRónán Ó Braonáin
      1. VTFavorite
    3. VO
      singulars
      1. PORampart PostDispatchVerificationHandler: InvalidSecurity - Security policy not found
      1. This table or related slice is empty.
      1. VTUpMod
    1. COI'm guessing the h_t_t_p instead of http is not a typo but because you've too low a reputation to be allowed to post links =)
      singulars
      1. PORampart PostDispatchVerificationHandler: InvalidSecurity - Security policy not found
      1. USRónán Ó Braonáin
    2. COIs your rampart module engaged to the client? Could you please post your rampart policy file contents?
      singulars
      1. PORampart PostDispatchVerificationHandler: InvalidSecurity - Security policy not found
      1. USvzamanillo
    3. COHi, Rampart is engaged to the client and I also added the policy file to my question.
      singulars
      1. PORampart PostDispatchVerificationHandler: InvalidSecurity - Security policy not found
      1. USJonas
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload