[jira] [Updated] (RAMPART-436) Proper settings to use WS-Security(UsernameToken) with Rampart 1.7.0

Mon, 28 Oct 2024 08:57:24 -0700 


     [ 
https://issues.apache.org/jira/browse/RAMPART-436?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Lazarski updated RAMPART-436:
------------------------------------
    Fix Version/s: 1.8.0

> Proper settings to use WS-Security(UsernameToken) with Rampart 1.7.0
> --------------------------------------------------------------------
>
>                 Key: RAMPART-436
>                 URL: https://issues.apache.org/jira/browse/RAMPART-436
>             Project: Rampart
>          Issue Type: Question
>          Components: rampart-core
>    Affects Versions: 1.7.0
>            Reporter: Yoshimasa Tanabe
>            Assignee: Robert Lazarski
>            Priority: Major
>             Fix For: 1.8.0
>
>
> It seems Rampart 1.7.0 has some breaking changes with no backward 
> compatibility[1], so please tell me how to use WS-Security(UsernameToken) 
> with it.
> In Rampart 1.7.0, WSDoAllHandler was removed[2] which process WS-Security 
> header processes in 1.6.4. So, I got the error on the server side consumes 
> UsernameToken with Rampart 1.7.0 .
> {code}
> SEVERE [http-nio-8080-exec-8] org.apache.axis2.engine.AxisEngine.receive Must 
> Understand check failed for headers: 
> {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
>  org.apache.axis2.AxisFault: Must Understand check failed for headers: 
> {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
>     at 
> org.apache.axis2.jaxws.handler.HandlerUtils.checkMustUnderstand(HandlerUtils.java:160)
> [...]
> {code}
> I've created a simple reproducer[3] which has 2 projects.
> * Axis2 1.6.4 + Rampart 1.6.4: OK
> * Axis2 1.7.3 + Rampart 1.7.0: NG
> ** If you change Rampart 1.6.4, it should work fine.
> [1] http://axis.apache.org/axis2/java/rampart/release-notes/1.7.0.html
> [2] 
> https://github.com/apache/rampart/commit/1863364037019275f70e66cf77d1f092bf3bd984
> [3] https://github.com/emag-notes/axis2-ws-security



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to