Hi,
I get following Exception: org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd: Security at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:102) at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:166) at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363) at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) at com.ercot.www.wsdl._2007_06.nodal.ewsconcrete.NodalServiceStub.marketTransactions(NodalServiceStub.java:495) at com.sncsw.ercot.ErcotAxisClient.invokeService(ErcotAxisClient.java:492) at com.sncsw.ercot.ErcotAxisClient.createOutage(ErcotAxisClient.java:388) at com.sncsw.ercot.test.ErcotTester.testCreate(ErcotTester.java:152) at com.sncsw.ercot.test.ErcotTester.main(ErcotTester.java:246) when I use Axis1.4.2 with Rampart 1.3 on my client to connect to the server. *I get this exception only when the response soap body has a fault message as shown below:* -------------------------------------------------------------------------------- <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header><wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:SOAP-ENV=" http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsse:BinarySecurityToken EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="SecurityToken-b1c9d234-8a30-949a-413e-9be802782301">MIIEcDCCA9mgAwIBAgIQcobDgaOyaMJvImcVkyxuFTANBgkqhkiG9w0BAQUFADCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0wOTEwMDIwMDAwMDBaFw0xMDEwMDIyMzU5NTlaMIGAMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVEVYQVMxDzANBgNVBAcUBlRheWxvcjEOMAwGA1UEChQFRVJDT1QxJTAjBgNVBAsUHFJldGFpbCBDb21tZXJjaWFsIE9wZXJhdGlvbnMxGTAXBgNVBAMUEG1pc2FwaS5lcmNvdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL3waM6lBRGz9vB5ng9NJbnXTlH2ZGisNctmh5LkOw6nM0z3RHK8aNrX72TANKRikc216RXmfHyqPE7PIGAsjAS9ud2O1oiQVFAD4HmYioLFkyEDhnlATmBKHV22uPVwijvCmK64JMtxwPHO9Pax+Twh4u4sK6LSQguVH07NVDzLAgMBAAGjggGtMIIBqTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vU1ZSSW50bC1jcmwudmVyaXNpZ24uY29tL1NWUkludGwuY3JsMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTAoBgNVHSUEITAfBglghkgBhvhCBAEGCCsGAQUFBwMBBggrBgEFBQcDAjBxBggrBgEFBQcBAQRlMGMwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL1NWUkludGwtYWlhLnZlcmlzaWduLmNvbS9TVlJJbnRsLWFpYS5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4GBAFCnR0Ku+uCWAgzrlLDtlCDYpb023k9ZogqvU1keojxBdT3Uv25SSqZHWq9z9Xwdq9QpwS7DicWHU+bRb9CEY2W/05XaryBEtvriW6MMD9RfhVlzCteEGCs1NCxaFSkdfbKjpNkqHSuleMm0UeTZoBv+oxXJGWG+FdT8Qlz2tJsw</wsse:BinarySecurityToken><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#Id-73bc2bf2-3d43-1d66-9f94-2e3855b4b680"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>C2y6aEKQ8cA869S1hGahBOPenAw=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>BU6BnZ9YLk3EVkVbm/pazFOaDZvH/ziGlGMgEM7f+elLoHnsM2Of3PCsQhbXRfODjXSThl9UBkmwG/27b7agk2wmZi2dTlDmpTRhSGTgF1dLAHrbaJMZedU2GhztX5B8shbDmnve/Gs+xJWdPxTvw4TyeGNSmF976oDv/gqRYgY=</dsig:SignatureValue><dsig:KeyInfo><SecurityTokenReference xmlns=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference URI="#SecurityToken-b1c9d234-8a30-949a-413e-9be802782301" ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></SecurityTokenReference></dsig:KeyInfo></dsig:Signature></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body wsu:Id="Id-73bc2bf2-3d43-1d66-9f94-2e3855b4b680" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><SOAP-ENV:Fault><faultcode xmlns="">SOAP-ENV:FAULT</faultcode><faultstring xmlns="">FAULT</faultstring><faultactor xmlns=""/><detail xmlns=""><ns:FaultMessage xmlns:ns=" http://www.ercot.com/schema/2007-06/nodal/ews/message"; xmlns:ns0=" http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xs=" http://www.w3.org/2001/XMLSchema"; xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance";><ns:Reply><ns:ReplyCode>ERROR</ns:ReplyCode><ns:Error>Error while interacting with the OS</ns:Error><ns:Timestamp>2010-07-22T17:48:16.56-05:00</ns:Timestamp></ns:Reply></ns:FaultMessage></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope> -------------------------------------------------------------------------------- *Whereas there is no error while processing the below SOAP message:* -------------------------------------------------------------------------------- <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header><wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:SOAP-ENV=" http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsse:BinarySecurityToken EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="SecurityToken-76a4a7f9-a40f-ee6f-6ed4-0718b369681a">MIIEcDCCA9mgAwIBAgIQcobDgaOyaMJvImcVkyxuFTANBgkqhkiG9w0BAQUFADCBujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0wOTEwMDIwMDAwMDBaFw0xMDEwMDIyMzU5NTlaMIGAMQswCQYDVQQGEwJVUzEOMAwGA1UECBMFVEVYQVMxDzANBgNVBAcUBlRheWxvcjEOMAwGA1UEChQFRVJDT1QxJTAjBgNVBAsUHFJldGFpbCBDb21tZXJjaWFsIE9wZXJhdGlvbnMxGTAXBgNVBAMUEG1pc2FwaS5lcmNvdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL3waM6lBRGz9vB5ng9NJbnXTlH2ZGisNctmh5LkOw6nM0z3RHK8aNrX72TANKRikc216RXmfHyqPE7PIGAsjAS9ud2O1oiQVFAD4HmYioLFkyEDhnlATmBKHV22uPVwijvCmK64JMtxwPHO9Pax+Twh4u4sK6LSQguVH07NVDzLAgMBAAGjggGtMIIBqTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vU1ZSSW50bC1jcmwudmVyaXNpZ24uY29tL1NWUkludGwuY3JsMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTAoBgNVHSUEITAfBglghkgBhvhCBAEGCCsGAQUFBwMBBggrBgEFBQcDAjBxBggrBgEFBQcBAQRlMGMwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL1NWUkludGwtYWlhLnZlcmlzaWduLmNvbS9TVlJJbnRsLWFpYS5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4GBAFCnR0Ku+uCWAgzrlLDtlCDYpb023k9ZogqvU1keojxBdT3Uv25SSqZHWq9z9Xwdq9QpwS7DicWHU+bRb9CEY2W/05XaryBEtvriW6MMD9RfhVlzCteEGCs1NCxaFSkdfbKjpNkqHSuleMm0UeTZoBv+oxXJGWG+FdT8Qlz2tJsw</wsse:BinarySecurityToken><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#Id-08b92221-45cd-8cab-abc7-7191e63739fe"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>9u0qedi0LqJLVk9nnhD1FBGn7bY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>EJkuMF+fMviavz6XJx9vx8+MglStVhtt3Uj3H9vViYHC5o3wGj9pMaEhg8hbohoR7f06Vqyna0VsgMfVBQsQDaW+A9ZCc87Yd2a6S6tkDA/LxY83zJaXWoLqJ3UwBgwseuWRONqfxbVp5GnsABzsfDM2/+97qHwWNHqwPLkDboo=</dsig:SignatureValue><dsig:KeyInfo><SecurityTokenReference xmlns=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference URI="#SecurityToken-76a4a7f9-a40f-ee6f-6ed4-0718b369681a" ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></SecurityTokenReference></dsig:KeyInfo></dsig:Signature></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body wsu:Id="Id-08b92221-45cd-8cab-abc7-7191e63739fe" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><ns0:ResponseMessage xmlns:ns0="http://www.ercot.com/schema/2007-06/nodal/ews/message "><ns0:Header><ns0:Verb>reply</ns0:Verb><ns0:Noun>OutageSet</ns0:Noun><ns0:ReplayDetection><ns0:Nonce>70796f9829150581a9e5cd467b6c8d86</ns0:Nonce><ns0:Created>2010-07-22T14:53:57.588-05:00</ns0:Created></ns0:ReplayDetection><ns0:Revision>1</ns0:Revision><ns0:Source>ERCOT</ns0:Source><ns0:UserID>API_ashih</ns0:UserID><ns0:Comment/></ns0:Header><ns0:Reply><ns0:ReplyCode>ERROR</ns0:ReplyCode><ns0:Timestamp>2010-07-22T14:53:57.48-05:00</ns0:Timestamp></ns0:Reply><ns0:Payload>ns0:Payload></ns0:ResponseMessage></SOAP-ENV:Body></SOAP-ENV:Envelope> -------------------------------------------------------------------------------- Please let me know what could be wrong. Attached is the policy file that I am using. Thanks, Myur
<?xml version="1.0" encoding="UTF-8"?> <!-- ! ! Copyright 2006 The Apache Software Foundation. ! ! Licensed under the Apache License, Version 2.0 (the "License"); ! you may not use this file except in compliance with the License. ! You may obtain a copy of the License at ! ! http://www.apache.org/licenses/LICENSE-2.0 ! ! Unless required by applicable law or agreed to in writing, software ! distributed under the License is distributed on an "AS IS" BASIS, ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ! See the License for the specific language governing permissions and ! limitations under the License. !--> <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <!-- --> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> <!-- --> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <!-- --> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> <!-- --> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <!-- --> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <!-- <sp:IncludeTimestamp/> --> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefEmbeddedToken/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:SignedParts> <!-- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>ercot_aep</ramp:user> <ramp:passwordCallbackClass>com.sncsw.ercot.PWCallback</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">C:\\Users\\mayur\\projects\\sncsw\\ERCOT\\ErcotAxisClient\\src\\config\\stores\\tcc1_keystore_cert.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">config/stores/tcc1_keystore_cert.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">welcome</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.alias.password">welcome</ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:sslConfig> <ramp:property name="javax.net.ssl.trustStore">C:\\mayur\\projects\\sncsw\\ERCOT\\ErcotAxisClient\\src\\config\\stores\\truststore.jks</ramp:property> <!- - Relative path does not work for truststores for sslConfig <ramp:property name="javax.net.ssl.trustStore">./config/stores/truststore.jks</ramp:property> - -> <ramp:property name="javax.net.ssl.trustStorePassword">welcome</ramp:property> <ramp:property name="javax.net.ssl.trustStoreType">JKS</ramp:property> </ramp:sslConfig> </ramp:RampartConfig> --> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
