0

I am working on a web-service created with embedded axis2 servlet and rampart (both version 1.4). I created correct directory structure and placed all required modules and libs.

When using it without any security policy everything works fine. Hovewer, when I add security policy, posting any request to my web-service causes:

 
org.apache.axis2.AxisFault: InvalidSecurity
    at org.apache.rampart.handler.PostDispatchVerificationHandler.invoke(PostDispatchVerificationHandler.java:143)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
    at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
    at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:131)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at pl.epoint.ow.filters.OneWebFilter.doFilter(OneWebFilter.java:46)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
    at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java)
    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:662)

Here is my service.xml file (with removed confidential details) http://pastebin.com/bPPiuRMM

Does anyone has an idea how to solve this problem?

Anna Stępień
  • 41
  • 6

1 Answers1

0

Can you please check if the security policy is being applied properly. Just check if the WSDL of the service contains the security policies. Please create a JIRA in here for this[1].

[1] - https://issues.apache.org/jira/browse/Rampart

SureshAtt
  • 1,891
  • 2
  • 17
  • 22