Hi,
Thanks for you help.
Here is how i am dispatching the request to the service. Do you think i am
doing anything wrong here that is causing Rampart not to be engaged
correctly?
ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(System.getProperty("configuration.context"),
null);
SadFileStub stub = new SadFileStub(ctx,
System.getProperty("endpoint.url"));
stub._getServiceClient().getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy(System.getProperty("policy.file")));
stub._getServiceClient().engageModule("addressing");
stub._getServiceClient().engageModule("rampart");
SadFileStub.EdiCustomsDeclaration ediCustomsDeclaration=
(SadFileStub.EdiCustomsDeclaration)(org.apache.axis2.databinding.ADBBean)
SadFileStub.EdiCustomsDeclaration.class.newInstance();
theString.setIEEdifactString(START_TAG.concat(strContent.toString()).concat(END_TAG));
ediCustomsDeclaration.setEdiCustomsDeclaration(theString);
SadFileStub.MessageAcknowledgement result =
stub.SadEdifactFile(ediCustomsDeclaration);
Here are the values on the properties referenced in the code above.
System.getProperty("endpoint.url") = http://www.sadservice.com/sadws
System.getProperty("policy.file") = /tmpw/GwSoap/conf/policy.xml
System.getProperty("configuration.context") =
/tmpw/GwSoap/repository/modules (This is where i have rampart-1.3.mar file)
Regards
Dini
On Wed, Jul 23, 2008 at 3:02 PM, Nandana Mihindukulasooriya <
[EMAIL PROTECTED]> wrote:
>
> Rampart is engaged on the client side. it looks like if i include the
>> addresssing-1.3.mar module and engage it it seems to work and doesnt
>> generate the "Did not understand mustUnderstand" error. Why do i need this
>> addressing module?
>>
>
> I think the issue is your request should be correctly dispatched to the
> service for Rampart to work correctly. That is because policy is attached to
> the service and Rampart needs the policy to do the validation. Looking at
> the request, I am not sure whether Addressing is mandatory for your request
> to be correctly dispatched to the service before it comes to Rampart for
> security validation.
>
>
>> I still cant set the mustUnderstand value to 0. Is there a way to set it
>> to 0?
>>
>
> For security header, you can't set the mustUnderstand value to 0. Security
> header is created by Rampart module and mustUnderstand value is always set
> to 1 to comply with Web Service Security specification.
>
> thanks,
> nandana
>
>
>> On Wed, Jul 23, 2008 at 10:43 AM, Sanka Samaranayake <[EMAIL PROTECTED]>
>> wrote:
>>
>>> Usually this can happen when,
>>>
>>> a) Rampart is not engaged to your service
>>>
>>> b) A security policy is not attached to the service.
>>> -- Check whether the WSDL of the service is showing the any security
>>> policy expressions attached to the service.
>>> -- Make sure that you are sending the request the service URL which is
>>> shown by the WSDL of the service.
>>>
>>> Sanka
>>>
>>>
>>> On Wed, Jul 23, 2008 at 2:22 PM, Dini Omar <[EMAIL PROTECTED]> wrote:
>>>
>>>> Hi,
>>>>
>>>> Here are the Request and Response messages generated. I am using Axis2
>>>> 1.3 and Rampart 1.3 to sign the message.
>>>>
>>>> Request
>>>>
>>>> <?xml version='1.0' encoding='UTF-8'?>
>>>> <soapenv:Envelope xmlns:soapenv="
>>>> http://schemas.xmlsoap.org/soap/envelope/";>
>>>> <soapenv:Header>
>>>> <wsse:Security xmlns:wsse="
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>>>> soapenv:mustUnderstand="1">
>>>> <wsse:BinarySecurityToken xmlns:wsu="
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>>>> EncodingType="
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>>>> ValueType="
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
>>>> wsu:Id="CertId-14049044">MIIEIzCCAwugAwIBAgIQKBcRuMVQHCyOQFpgJ/AVTDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJJRTEeMBwGA1UEChMVUmV2ZW51ZSBDb21taXNzaW9uZXJzMSAwHgYDVQQLExdSZXZlbnVlIE9uLUxpbmUgU2VydmljZTEXMBUGA1UEAxMOUk9TIFRlc3QgU3ViQ0EwHhcNMDcwNTE0MTA1NDI0WhcNMDkwNTEzMTA1NDI0WjBcMRYwFAYDVQQDEw1BRE1JTklTVFJBVE9SMRMwEQYDVQQLEwoxMTI0MzY0NTgwMSAwHgYDVQQKExdNQUMgQ09STUFDIFBST0RVQ1RTIExURDELMAkGA1UEBhMCSUUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMnP9snCBWYnJddSIbvoV1flYUg2EoEDJvisJWVrTrnRoWmViGmQnCpUYN0sRI9JOmB496FpbS/eQnyYrYb1HECag9Cub1MxptjtTKU1fgEk7L94qxkKcaFXWPqCFrZxSJ0tjRvioxEK7Dl12ohWqhnzky/FnCN50Ph1yzFNUYf5AgMBAAGjggFXMIIBUzAfBgNVHSMEGDAWgBR+mBL7lCDBGWGvXOU+g+5GKQuVOzCCAQ8GA1UdIASCAQYwggECMIH/BgsqgnS76CMBAQEBATCB7zAaBggrBgEFBQcCARYOd3d3LnJldmVudWUuaWUwgdAGCCsGAQUFBwICMIHDGoHAQ2VydGlmaWNhdGVzIGlzc3VlZCB1bmRlciB0aGlzIENQIGFyZSBxdWFsaWZpZWQgY2VydGlmaWNhdGVzIHVuZGVyIHRoZSBFbGVjdHJvbmljIENvbW1lcmNlIEFjdCAyMDAwIGZvciB1c2UgYnkgQXBwcm92ZWQgb3IgQXV0aG9yaXNlZCBwZXJzb25zIG9ubHkgdG8gY29tbXVuaWNhdGUgd2l0aCB0aGUgUmV2ZW51ZSBDb21taXNzaW9uZXJzMB0GA1UdDgQWBBQOVM9oyrEPJYNJYX4c7do0xGBSrzANBgkqhkiG9w0BAQUFAAOCAQEACwlt8PIPllCV6HQta/AIKp7HuUIpykjPK3f5ND0B9NQc/3IBZ1Uoyd/j7t1B8adw69niZ71ODxFB7smxsx3W0b+oBEt0q8rL+/3D6rw8PszUvPuqV7XC0btCzUTtDvCw6kufsIimC4XsKluugIN+fuNfMlUQ1tGu3nlJLjXHjmlh9fXu+9SDm6YUwBFo/cJxjSvaksZd19n2NzUcIB5QszBgpsgEVOTr6fYl0ne+btdO9sNWYvjbyVeN11b5MrzqSj2imvrvl9vD9BPcFAcnAuVauM1B/oIvZPANF2LNItfWupTt62wD5YdMaEbi9oXPnc+rLtk3fkgAPJ9EDCM77g==</wsse:BinarySecurityToken>
>>>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
>>>> Id="Signature-6961504">
>>>> <ds:SignedInfo>
>>>> <ds:CanonicalizationMethod Algorithm="
>>>> http://www.w3.org/2001/10/xml-exc-c14n#"; />
>>>> <ds:SignatureMethod Algorithm="
>>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
>>>> <ds:Reference URI="#Id-32816375">
>>>> <ds:Transforms>
>>>> <ds:Transform Algorithm="
>>>> http://www.w3.org/2001/10/xml-exc-c14n#"; />
>>>> </ds:Transforms>
>>>> <ds:DigestMethod Algorithm="
>>>> http://www.w3.org/2000/09/xmldsig#sha1"; />
>>>>
>>>> <ds:DigestValue>3viBbKKdsUxEZiuXaXOminAbf/s=</ds:DigestValue>
>>>> </ds:Reference>
>>>> </ds:SignedInfo>
>>>>
>>>> <ds:SignatureValue>T+Mnk2IKaktcj3pHumnlUsFEJHG/SlWa6bWfsImi0+JuoyGR1qPkIEFxemrjx6g7KbkqvGSMwq0IQIo8L4nB4xva19WCGGm54XB5FE5Vhej3WXFS3JE4IreC8wMVZAKppfOGECB063QcksrMVMFioHDCuUOFiTfbLM1f/eReoxg=</ds:SignatureValue>
>>>> <ds:KeyInfo Id="KeyId-31248093">
>>>> <wsse:SecurityTokenReference xmlns:wsu="
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>>>> wsu:Id="STRId-26285376">
>>>> <wsse:Reference URI="#CertId-14049044" ValueType="
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
>>>> />
>>>> </wsse:SecurityTokenReference>
>>>> </ds:KeyInfo>
>>>> </ds:Signature>
>>>> </wsse:Security>
>>>> </soapenv:Header>
>>>> <soapenv:Body xmlns:wsu="
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>>>> wsu:Id="Id-32816375">
>>>> <s4:EdiCustomsDeclaration xmlns:s4="
>>>> http://www.ros.ie/schemas/customs/edisad/v1
>>>> "><![CDATA[adsfdsfdasfadsdasfdfdasffdasfdsfdasf
]]></s4:EdiCustomsDeclaration>
>>>> </soapenv:Body>
>>>> </soapenv:Envelope>
>>>>
>>>> Response
>>>>
>>>> <?xml version='1.0' encoding='UTF-8'?>
>>>> <soapenv:Envelope xmlns:soapenv="
>>>> http://schemas.xmlsoap.org/soap/envelope/";>
>>>> <soapenv:Body>
>>>> <soapenv:Fault>
>>>> <faultcode>soapenv:MustUnderstand</faultcode>
>>>> <faultstring>Must Understand check failed for header
>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:
>>>> Security</faultstring>
>>>> <detail />
>>>> </soapenv:Fault>
>>>> </soapenv:Body>
>>>> </soapenv:Envelope>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Jul 23, 2008 at 4:49 AM, Sanka Samaranayake <[EMAIL PROTECTED]>
>>>> wrote:
>>>>
>>>>> Can you post the request / response SOAP messages ?
>>>>>
>>>>> Sanka
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Jul 22, 2008 at 6:52 PM, Dini Omar <[EMAIL PROTECTED]> wrote:
>>>>>
>>>>>> Does anyone konw how i can resolve this error?
>>>>>>
>>>>>> Thanks in advance..
>>>>>>
>>>>>> org.apache.axis2.AxisFault: Did not understand "MustUnderstand"
>>>>>> header(s):
>>>>>> at
>>>>>> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:486)
>>>>>> at
>>>>>> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:343)
>>>>>> at
>>>>>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:389)
>>>>>> at
>>>>>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:211)
>>>>>> at
>>>>>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>>>>>> at
>>>>>> ie.ros.www.schemas.customs.service.sadfile.client.SadFileStub.SadEdifactFile(SadFileStub.java:169)
>>>>>> at com.alp.ccs21.soapgw.gw.ToDHLCli.readFiles(ToDHLCli.java:411)
>>>>>> at com.alp.ccs21.soapgw.gw.ToDHLCli.run(ToDHLCli.java:197)
>>>>>>
>>>>>> Here is my configuration
>>>>>>
>>>>>> <wsp:Policy wsu:Id="SigOnly"
>>>>>> xmlns:wsu="
>>>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>>>>>>
>>>>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>>>>>> <wsp:ExactlyOne>
>>>>>> <wsp:All>
>>>>>> <sp:AsymmetricBinding xmlns:sp="
>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>>>>> <wsp:Policy>
>>>>>> <sp:InitiatorToken>
>>>>>> <wsp:Policy>
>>>>>> <sp:X509Token sp:IncludeToken="
>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>>>>> ">
>>>>>> <wsp:Policy>
>>>>>> <sp:WssX509V3Token10/>
>>>>>> </wsp:Policy>
>>>>>> </sp:X509Token>
>>>>>> </wsp:Policy>
>>>>>> </sp:InitiatorToken>
>>>>>> <sp:RecipientToken>
>>>>>> <wsp:Policy>
>>>>>> <sp:X509Token sp:IncludeToken="
>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
>>>>>> ">
>>>>>> <wsp:Policy>
>>>>>> <sp:WssX509V3Token10/>
>>>>>> </wsp:Policy>
>>>>>> </sp:X509Token>
>>>>>> </wsp:Policy>webservices.soap.aep.signed.stub
>>>>>> </sp:RecipientToken>
>>>>>> <sp:AlgorithmSuite>
>>>>>> <wsp:Policy>
>>>>>> <sp:TripleDesRsa15/>
>>>>>> </wsp:Policy>
>>>>>> </sp:AlgorithmSuite>
>>>>>> <sp:Layout>
>>>>>> <wsp:Policy>
>>>>>> <sp:Strict/>
>>>>>> </wsp:Policy>
>>>>>> </sp:Layout>
>>>>>> <sp:OnlySignEntireHeadersAndBody/>
>>>>>> </wsp:Policy>
>>>>>> </sp:AsymmetricBinding>
>>>>>> <sp:Wss10 xmlns:sp="
>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>>>>> <wsp:Policy>
>>>>>> <sp:MustSupportRefKeyIdentifier/>
>>>>>> <sp:MustSupportRefIssuerSerial/>
>>>>>> </wsp:Policy>
>>>>>> </sp:Wss10>
>>>>>> <sp:SignedParts xmlns:sp="
>>>>>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>>>>>> <sp:Body/>
>>>>>> </sp:SignedParts>
>>>>>>
>>>>>> <ramp:RampartConfig xmlns:ramp="
>>>>>> http://ws.apache.org/rampart/policy";>
>>>>>> <ramp:user>257804</ramp:user>
>>>>>> <ramp:encryptionUser>service</ramp:encryptionUser>
>>>>>>
>>>>>> <ramp:passwordCallbackClass>ie.ros.www.schemas.customs.service.sadfile.client.PWCBHandler</ramp:passwordCallbackClass>
>>>>>> <ramp:signatureCrypto>
>>>>>> <ramp:crypto
>>>>>> provider="org.apache.ws.security.components.crypto.Merlin">
>>>>>> <ramp:property
>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>>>>>> <ramp:property
>>>>>> name="org.apache.ws.security.crypto.merlin.file">C:\Documents and
>>>>>> Settings\702723344\My
>>>>>> Documents\alp.workspace\eclipse.workspace\alp.ccs21.webservice.soapgw\keystore\newstore.jks</ramp:property>
>>>>>> <ramp:property
>>>>>> name="org.apache.ws.security.crypto.merlin.keystore.password">newpass</ramp:property>
>>>>>> </ramp:crypto>
>>>>>> </ramp:signatureCrypto>
>>>>>> </ramp:RampartConfig>
>>>>>> </wsp:All>
>>>>>> </wsp:ExactlyOne>
>>>>>> </wsp:Policy>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Sanka Samaranayake
>>>>> WSO2 Inc.
>>>>>
>>>>> http://sankas.blogspot.com/
>>>>> http://www.wso2.org/
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Sanka Samaranayake
>>> WSO2 Inc.
>>>
>>> http://sankas.blogspot.com/
>>> http://www.wso2.org/
>>>
>>
>>
>
>
> --
> Nandana Mihindukulasooriya
> WSO2 inc.
>
> http://nandana83.blogspot.com/
>
