proxy - WSO2 SECURITY USERNAMETOKEN ESB AND DSS -

-

proxyi'm trying build web service using esb wso2. service use dataservice data database need connect esb dss. when proxy , dataservice aren't securice work ok, when securice follow error

  <soapenv:fault xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">      <faultcode>wsse:invalidsecurity</faultcode>      <faultstring>nonce value : 8/bkmsfns2gtj58fxyv43q==, seen before user name : usuarioprueba1. possibly replay attack.</faultstring>      <detail/>   </soapenv:fault>

securizing dataservice not proxy work ok. send usernametoken , password created in user , roles esb , dss

one possible scenario error is, if using header mediator send custom soap security header.

for example, created proxy in [1], , may notice have put following element in soap message security header.

<wsse:nonce encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary">95euudnp5wt7nt3bads9tw==</wsse:nonce>

since i'm sending same nonce everytime backened, detected possible replay attack backend.

to rid of error, remove above 'nonce' element. backend stopped giving error

"nonce value : 95euudnp5wt7nt3bads9tw==, seen before user name : admin. possibly replay attack."

anymore.

only if send 'nonce' element in soap security header, backend check possible replay attacks. removing element 1 way of getting rid of error.

this means that, solution if don't want backend evaluate nonce value detecting replay attacks.

i know question 1 year-old; thought add answer reference.

[1]

    <?xml version="1.0" encoding="utf-8"?> <proxy xmlns="http://ws.apache.org/ns/synapse"        name="insuranceserviceproxy2"        transports="https,http"        statistics="disable"        trace="disable"        startonload="true">    <target>       <insequence>          <header scope="default">             <wsse:security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"                            xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"                            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"                            soapenv:mustunderstand="1">                <wsu:timestamp wsu:id="ts-23">                   <wsu:created>2015-06-13t03:07:55z</wsu:created>                </wsu:timestamp>                <wsse:usernametoken wsu:id="usernametoken-22">                   <wsse:username>admin</wsse:username>                   <wsse:password type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#passwordtext">admin</wsse:password>                   <wsse:nonce encodingtype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#base64binary">95euudnp5wt7nt3bads9tw==</wsse:nonce>                   <wsu:created>2015-06-13t03:07:55.091z</wsu:created>                </wsse:usernametoken>             </wsse:security>          </header>          <property name="authorization"                    value="basic ywrtaw46ywrtaw4="                    scope="transport"                    type="string"/>       </insequence>       <outsequence>          <send/>       </outsequence>       <endpoint>          <address uri="https://localhost:8243/services/insuranceservicebeproxy2"/>       </endpoint>    </target>    <description/> </proxy>

Comments

Post a Comment

Popular posts from this blog

database - VFP Grid + SQL server 2008 - grid not showing correctly -

-
i having problem, have grid called "gridbasica" , this: thisform.gridbase.recordsource = "sgviemp" sgviemp cursor made executing select sqlserver command sqlexec. when want modify registry, go form , the update there. so, when come form grid, grid isnt grid anymore, big white rectangle. reading around said: delete recordsource , asingt again. thisform.gridbase.recordsource = "" *--i sqlexe here thisform.gridbase.recordsource = "sgviemp" i , works, but, when click button modify again cursos updated modify form doesnt load fields did first time. could me out that? thanks in advance. --------------- edit ------------------ i have been doing recommended: lnselect = select(0) n = sqlexec(thisform.conexion,"select emp_ccodigo codigo, emp_cnombre 'nombre o razon social', emp_cnumrif 'r.i.f' sgviempr","sgviemp1") set echo on suspend select sgviemp zap in sgviemp *-- browse *--zaps correct
Read more

jquery - Set jPicker field to empty value -

-
im using jpicker color selector in form. have clear value set window/icon 'no color selected' state. i've tried following: $(':input[name="color"]').val(''); //access value directly. (does not affect jpicker) 2: $.jpicker.list[0].color.active.val('hex', '', this); //set color black , input value 000000, instead of empty string 3: $.jpicker.list[0].color.active.val(null, '', this); //does nothing none of 3 methods seems behave properly. in advance. this works me :) $.jpicker.list[0].color.active.val('v', null); here example: http://jsfiddle.net/3up7n/
Read more

.htaccess - htaccess convert request to clean url and add slash at the end of the url -

-
ok , searched more 4 days , more 20 posts here in stach or in websites without kind of success first here htaccess file rewriteengine on rewriterule ^([a-za-z0-9_]+)/?$ index.php?page=$1 [nc] rewriterule ^([a-za-z0-9_]+)\/([a-za-z0-9_]+)\/?$ index.php?page=$1&action=$2 [nc] i tried many codes 1 worked me can call request , works me www.example.com/pagename => www.example.com/index.php?page=pagename here questions , please provide me information "in detail" understand code well 1- how convert request automatically www.example.com/index.php?page=pagename www.example.com/pagename 2- if tried add slash @ end shows me page without images or styling mean www.example.com/pagename => works www.example.com/pagename/ => doesn't work that's :) for first part need 301 rule this: rewritecond %{the_request} /index\.php\?page=([^\s&]+) [nc] rewriterule ^ /%1? [r=301,l] for second part use absolute path in css, js, images files r
Read more