Yoshimasa Tanabe created RAMPART-436:
----------------------------------------
Summary: Proper settings to use WS-Security(UsernameToken) with
Rampart 1.7.0
Key: RAMPART-436
URL: https://issues.apache.org/jira/browse/RAMPART-436
Project: Rampart
Issue Type: Question
Components: rampart-core
Affects Versions: 1.7.0
Reporter: Yoshimasa Tanabe
It seems Rampart 1.7.0 has some breaking changes with no backward
compatibility[1], so please tell me how to use WS-Security(UsernameToken) with
it.
In Rampart 1.7.0, WSDoAllHandler was removed[2] which process WS-Security
header processes in 1.6.4. So, I got the error on the server side consumes
UsernameToken with Rampart 1.7.0 .
{code}
SEVERE [http-nio-8080-exec-8] org.apache.axis2.engine.AxisEngine.receive Must
Understand check failed for headers:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
org.apache.axis2.AxisFault: Must Understand check failed for headers:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
at
org.apache.axis2.jaxws.handler.HandlerUtils.checkMustUnderstand(HandlerUtils.java:160)
[...]
{code}
I've created a simple reproducer[3] which has 2 projects.
* Axis2 1.6.4 + Rampart 1.6.4: OK
* Axis2 1.7.3 + Rampart 1.7.0: NG
* If you change Rampart 1.6.4, it should work fine.
[1] http://axis.apache.org/axis2/java/rampart/release-notes/1.7.0.html
[2]
https://github.com/apache/rampart/commit/1863364037019275f70e66cf77d1f092bf3bd984
[3] https://github.com/emag-notes/axis2-ws-security
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
