CXF needs to know that SOMEONE handled the header someplace. In your case, you need to have the WebserviceContext injected in and do:
((List<?>)ctx.get(Header.HEADER_LIST)).clear(); should do it. Basically, NORMALLY for ws-security, there is a SoapInterceptor that returns the security header qname in it's getUnderstoodHeaders() call which tells CXF that something understood that header. In your case, there isn't anything there to tell CXF that. Thus, you need to grab the header list that CXF tracks and remove the header from there. Dan On Thu June 25 2009 1:26:42 pm bharath thippireddy wrote: > We are using the user name token headers for authentication .As we use the > provider based implementation we are not using any server side password > callbacks and we are reading the soap headers directly .I have not > configured the WSS4J interceptors in the cxf-servlet.xml as we handle > everything in the code.But I see the exception below at the response > time.Are the security headers automatically retrieved and included back in > the response? > > > > I see a discussion and a solution which makes use of an interceptor as a > work around.Is this fixed in cxf? > > > > http://mail-archives.apache.org/mod_mbox/cxf-users/200902.mbox/%3C21905155. >[email protected]%3e > > > > org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: > [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss > > -wssecurity-secext-1.0.xsd}Security] are not understood. > > at > org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateR >eceiverMustUnderstandInterceptor.h > > andleMessage(MustUnderstandInterceptor.java:177) > > at > org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateR >eceiverMustUnderstandInterceptor.h > > andleMessage(MustUnderstandInterceptor.java:151) > > > > thanks and regards, > > Bharath -- Daniel Kulp [email protected] http://www.dankulp.com/blog
