RE: I must understand the "must understand" fault

Mon, 29 Sep 2008 08:26:17 -0700 

If I set a breakpoint in AxisEngine and force the SOAPHeaderBlock's 
"mustUnderstand" to "0" it works.
Obviously I don't want to change that code, I don't even understand why its 
checked on the response, is it a bug at all?

The method isReceiverMustUnderstandProcessor checks if its server side and 
returns which it's not, or if the receiver's name ends in JAXWSMessageReceiver, 
if it's not null, which it is.

I've attached the policy.xml file if that has anything to do with it.



From: Taariq Levack [mailto:[EMAIL PROTECTED] 
Sent: 29 September 2008 13:13
To: [email protected]
Subject: I must understand the "must understand" fault

Hi

The exception happens at the client side, after the request is sent, 
authenticated and response returned.
Seems to me that the Axis engine doesn't expect the security header in the 
response.
SoapUi client works, and the Oracle generated client works, surprisingly.


This is the request header, simple username token....
<soapenv:Header>
         <wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 soapenv:mustUnderstand="1">
            <wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 wsu:Id="UsernameToken-3201085">
               <wsse:Username>USERNAME</wsse:Username>
               <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>PASSWORD</wsse:Password>
            </wsse:UsernameToken>
         </wsse:Security>
      </soapenv:Header>

And this is the response header
<env:Header>
      <wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"; env:mustUnderstand="1"/>
   </env:Header>

Configuration....
Axis 1.4
 Rampart 1.4.
The service is deployed in an oracle container, OC4J.
The client was generated using Axis and the config is copied from the Rampart 
samples.

Exception in thread "main" org.apache.axis2.AxisFault: Must Understand check 
failed for header 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
 : Security
      at 
org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:102)
      at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:166)
      at 
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363)
      at 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
      at 
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
      at 
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
      at 
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548)
      at 
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)

Thanks in advance for looking at the one millionth "must understand" error.

<?xml version="1.0" encoding="UTF-8"?>
<!--
 !
 ! Copyright 2006 The Apache Software Foundation.
 !
 ! Licensed under the Apache License, Version 2.0 (the "License");
 ! you may not use this file except in compliance with the License.
 ! You may obtain a copy of the License at
 !
 !      http://www.apache.org/licenses/LICENSE-2.0
 !
 ! Unless required by applicable law or agreed to in writing, software
 ! distributed under the License is distributed on an "AS IS" BASIS,
 ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 ! See the License for the specific language governing permissions and
 ! limitations under the License.
 !-->
<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
	<wsp:ExactlyOne>
	  <wsp:All>
		<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
		  <wsp:Policy>
			<sp:TransportToken>
			  <wsp:Policy>
				<sp:HttpsToken RequireClientCertificate="false"/>
			  </wsp:Policy>
			</sp:TransportToken>
			<sp:AlgorithmSuite>
			  <wsp:Policy>
				<sp:Basic256/>
			  </wsp:Policy>
			</sp:AlgorithmSuite>
			<sp:Layout>
			  <wsp:Policy>
				<sp:Lax/>
			  </wsp:Policy>
			</sp:Layout>
		  </wsp:Policy>
		</sp:TransportBinding>
		<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
			<wsp:Policy>
				<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; />
		  </wsp:Policy>
		</sp:SignedSupportingTokens>
		
		<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> 
			<ramp:user>SOMEUSERNAME</ramp:user>
			<ramp:passwordCallbackClass>ws.client.PwdCallbackHandler</ramp:passwordCallbackClass>
		</ramp:RampartConfig>
		
	  </wsp:All>
	</wsp:ExactlyOne>
</wsp:Policy>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to