APAR status
Closed as program error.
Error description
When implementing a SOAP 1.2 WebService, problems with the SOAP Fault Codes that the WebService delivers can be found. The Faults follow the SOAP 1.2 syntax and use the SOAP 1.2 namespace. However, the value in the node soapenv:Value follow the SOAP 1.1 specification. The soapenv:Value delivered by WS-Security is not on the list of SOAP 1.2 allowed codes.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server Feature * * Pack for Web Services users of WS-Security * * enabled web services applications and SOAP * * 1.2 * **************************************************************** * PROBLEM DESCRIPTION: WS-Security SOAP 1.2 fault codes are * * incorrectly emitted with SOAP 1.1 * * fault codes * **************************************************************** * RECOMMENDATION: Install a fix pack that contains this APAR. * **************************************************************** When the WS-Security runtime emits a SOAP Fault in response to a SOAP 1.2 message, instead of returning a valid SOAP 1.2 fault code, it returns a SOAP 1.1 fault code. For example: <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv=" http://www.w3.org/2003/05/soap-envelope"> <soapenv:Body> <soapenv:Fault xmlns:axis2ns71="http://schemas.xmlsoap. org/soap/envelope/"> <soapenv:Code> <soapenv:Value>axis2ns71:Server. securityException</soapenv:Value> </soapenv:Code> <soapenv:Reason> <soapenv:Text xml:lang="en-US">CWWSS6521E: The Login failed because of an exception: javax.security.auth.login. LoginException: CWWSS7062E: Failed to check username [BITS_was_00] and password in the UserRegsitry: WSSUserRegistryProcessor.checkRegistry() =false</soapenv:Text> </soapenv:Reason> <soapenv:Detail/> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> Using the above example, the SOAP 1.2 fault code that should be returned by the WS-Security runtime should be "soapenv:Sender".
Problem conclusion
The WS-Security runtime is updated to emit the proper SOAP 1.2 fault code when a fault is returned in response to a SOAP 1.2 message. In order to enable this behavior, the following WS-Security general custom property must be set to true: com.ibm.wsspi.wssecurity.login.useSoap12FaultCodes Valid values for this property are true and false; the default is false. This property should be set in the WS-Secrutiy "Inbound" or "Inbound and Outbound" custom properties: (bindingName)->WS-Security->Custom Properties Following is an example of a valid SOAP 1.2 fault that will be returned when the property is set to true: <?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv=" http://www.w3.org/2003/05/soap-envelope"> <soapenv:Body> <soapenv:Fault> <soapenv:Code> <soapenv:Value>soapenv:Sender</soapenv:Value> <soapenv:Subcode> <soapenv:Value xmlns:axis2ns1="http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-wssecurity-secext-1.0.xsd"> axis2ns1:FailedAuthentication</soapenv:Value> </soapenv:Subcode> </soapenv:Code> <soapenv:Reason> <soapenv:Text>CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS7062E: Failed to check username [user1] and password in the UserRegsitry: WSSUserRegistryProcessor.checkRegistry()=false </soapenv:Text> </soapenv:Reason> <soapenv:Detail></soapenv:Detail> </soapenv:Fault> </soapenv:Body> </soapenv:Envelope> The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.35. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM19639
Reported component name
WEBSERVIC FEATU
Reported component ID
5724J0850
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-08-02
Closed date
2010-09-28
Last modified date
2010-09-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSERVIC FEATU
Fixed component ID
5724J0850
Applicable component levels
R610 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
10 February 2022