mustUnderstand security header throwing an exception

Sat, 06 Aug 2011 05:13:45 -0700 

The problem is:
I use jboss 6.0.0.Final with cxf 2.3.1
I have a wsdl with  a policy:
    <wsp:Policy wsu:Id="BasicSecurityPolicy">
        <wsp:ExactlyOne>
            <wsp:All>
                                <sp:TransportBinding>
                                        <wsp:Policy>
                                                <sp:TransportToken>
                                                        <wsp:Policy>
                                                                <sp:HttpsToken 
RequireClientCertificate="false" />
                                                        </wsp:Policy>
                                                </sp:TransportToken>
                                                <sp:Layout>
                                                        <wsp:Policy>
                                                                <sp:Lax />
                                                        </wsp:Policy>
                                                </sp:Layout>
                                                <sp:IncludeTimestamp />
                                                <sp:AlgorithmSuite>
                                                        <wsp:Policy>
                                                                <sp:Basic128 />
                                                        </wsp:Policy>
                                                </sp:AlgorithmSuite>
                                        </wsp:Policy>
                                </sp:TransportBinding>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
The <sp:IncludeTimestamp /> generates a security header like
                <wsse:Security
                
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
                        soap:mustUnderstand="1">
The problem is that the cxf server thows an exception in

org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor
The exception is:
        has thrown exception, unwinding now: 
org.apache.cxf.binding.soap.SoapFault:
MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-2
        00401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.
To correct this problem I read
http://cxf.apache.org/docs/23-migration-guide.html and I put this in my
endpoint
                <jaxws:properties>
                        <entry key="endpoint-processes-headers" 
                        
value="{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security"/>
                </jaxws:properties>
That tells the cxf that this header should be understood.
With this property put in place the 
        org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor is 
fine
but the 

org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor
still throws the exception.
Possible solutions that I think of:
put an actor in the wsse:Security header but I don't know how to do this.

But if you have any ideas how to deal with must understand headers let me
know because its urgent.

thanks in advance for the advice

--
View this message in context: 
http://cxf.547215.n5.nabble.com/mustUnderstand-security-header-throwing-an-exception-tp4672363p4672363.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to