Martin, Thank you for your reply. Before filing a issue, I have a question about missing WSDoAllHandler.
The following commit deleted WSDoAllHandler says: --- Removing the deprecated basic configuration (This was deprecated since version 1.1). https://github.com/apache/rampart/commit/1863364037019275f70e66cf77d1f092bf3bd984 --- And Rampart 1.7.0 release notes says: --- Please note that Apache Rampart uses a configuration model based on WS-Policy and WS-Security Policy and that the Apache Rampart 1.0 style configuration (already deprecated since Rampart 1.1) is no longer supported in 1.7.0. http://axis.apache.org/axis2/java/rampart/release-notes/1.7.0.html --- I guess Rampart already provides more suitable way to use WS-Security because WSDoAllHandler seems to be deprecated(so removed). What do you think? On Fri, Jul 15, 2016 at 12:28 AM Martin Gainty <mgai...@hotmail.com> wrote: > > > > > > ------------------------------ > From: lanabe.lan...@gmail.com > Date: Thu, 14 Jul 2016 08:16:46 +0000 > Subject: Re: Axis2 1.7.3 + Rampart 1.7.0 WS-Security not invoked > To: java-user@axis.apache.org > > Hi, apparently I found a workaround. > Axis2 1.7.3 + Rampart 1.6.4 works fine(ofc, I suspect there should be more > proper way with Rampart 1.7.0). > I noticed that Rampart 1.7.0 doesn't have WSDoAllHandler which processes > WS-Security Header. > > > MG>Ianabe please file Urgent priority JIRA bug on missing WSDoAllHandler > for Rampart 1.70 > > > https://issues.apache.org/jira/browse/RAMPART/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel > > > > > > So, I should change the question. Should I use Rampart 1.6.4? Or, is there > any proper way to use Rampart 1.7.0? > > On Wed, Jul 13, 2016 at 10:29 PM lanabe <lanabe.lan...@gmail.com> wrote: > > Hi, I'm working on using WS-Security with Axis2 1.7.3 . > > Axis2 1.6.4 + Rampart 1.6.4 works perfectly, but in Axis2 1.7.3 + Rampart > 1.7.0, I got the following error. > > --- > 13-Jul-2016 22:10:21.222 SEVERE [http-nio-8080-exec-4] > org.apache.axis2.engine.AxisEngine.receive Must Understand check failed for > headers: { > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security > org.apache.axis2.AxisFault: Must Understand check failed for headers: { > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security > at > org.apache.axis2.jaxws.handler.HandlerUtils.checkMustUnderstand(HandlerUtils.java:160) > at > org.apache.axis2.jaxws.server.EndpointController.inboundHeaderAndHandlerProcessing(EndpointController.java:336) > at > org.apache.axis2.jaxws.server.EndpointController.handleRequest(EndpointController.java:258) > at > org.apache.axis2.jaxws.server.EndpointController.invoke(EndpointController.java:101) > [...] > --- > > It seems not to be enable the settings for InflowSecurity. > > I've created a simple reproducer, which has 2 projects in each > version(1.6.4, 1.7.3). > https://github.com/emag-notes/axis2-ws-security > > Any Idea? > >
