Re: Axis2 1.7.3 + Rampart 1.7.0 WS-Security not invoked

Thu, 14 Jul 2016 01:17:37 -0700 

Hi, apparently I found a workaround.

Axis2 1.7.3 + Rampart 1.6.4 works fine(ofc, I suspect there should be more
proper way with Rampart 1.7.0).

I noticed that Rampart 1.7.0 doesn't have WSDoAllHandler which processes
WS-Security Header.

AxisEngine#receive() will call each Phases Handlers, and Security Phase has
two handlers with Rampart 1.6.4.

 * org.apache.rampart.handler.RampartReceiver
 * org.apache.rampart.handler.WSDoAllHandler

WSDoAllHandler  will call SOAPHeaderBlockImpl.setProcessed() so the
WS-Secrutiy QName is marked as processed as I said above.

While, Rampart 1.7.0 doesn't have it, so WS-Securtiy QName will not process
and then Axis2 will complain about it as the error.

---
EVERE [http-nio-8080-exec-4] org.apache.axis2.engine.AxisEngine.receive
Must Understand check failed for headers: {
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
 org.apache.axis2.AxisFault: Must Understand check failed for headers: {
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
    at
org.apache.axis2.jaxws.handler.HandlerUtils.checkMustUnderstand(HandlerUtils.java:160)
[...]
---

So, I should change the question. Should I use Rampart 1.6.4? Or, is there
any proper way to use Rampart 1.7.0?

On Wed, Jul 13, 2016 at 10:29 PM lanabe <lanabe.lan...@gmail.com> wrote:

> Hi, I'm working on using WS-Security with Axis2 1.7.3 .
>
> Axis2 1.6.4 + Rampart 1.6.4 works perfectly, but in Axis2 1.7.3 + Rampart
> 1.7.0, I got the following error.
>
> ---
> 13-Jul-2016 22:10:21.222 SEVERE [http-nio-8080-exec-4]
> org.apache.axis2.engine.AxisEngine.receive Must Understand check failed for
> headers: {
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
>  org.apache.axis2.AxisFault: Must Understand check failed for headers: {
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
>     at
> org.apache.axis2.jaxws.handler.HandlerUtils.checkMustUnderstand(HandlerUtils.java:160)
>     at
> org.apache.axis2.jaxws.server.EndpointController.inboundHeaderAndHandlerProcessing(EndpointController.java:336)
>     at
> org.apache.axis2.jaxws.server.EndpointController.handleRequest(EndpointController.java:258)
>     at
> org.apache.axis2.jaxws.server.EndpointController.invoke(EndpointController.java:101)
>  [...]
> ---
>
> It seems not to be enable the settings for InflowSecurity.
>
> I've created a simple reproducer, which has 2 projects in each
> version(1.6.4, 1.7.3).
> https://github.com/emag-notes/axis2-ws-security
>
> Any Idea?
>

Reply via email to