Grzegorz, well, depending on the security set-up at the server it may not even possible to process security headers.
Just a question Grzegorz: does your server throws an exception to generate the fault? I ask this because I would like to know why there is a security header on a SOAP Fault message - this usually shouldn't be the case. It could be that we need to check this with a specific test case. Also we probably need do disable security processing at the Response handler if we detect a SOAP fault message from some "upper" layer, similar to the receiver. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 15. Dezember 2005 12:31 > An: Dittmann, Werner > Cc: [email protected] > Betreff: Odp: AW: wsse:Security header and soap:Fault > > Thanks for response! > > > > > IMHO even if a fault contains a security header then these > > headers shouldn't processed. Usually a fault is generated > > by the SOAP engine even due to some wrong info (e.g. the > > security handler do this) or on behalf of the application > > (service) that throws an exception. Thus it is not guaranteed > > that the security data is correct or valid. > > I agree, but in my case, the fault contained business > exception details, > which are to be processed by application and not axis/handlers. > Not processing such message caused the > org.apache.axis.handlers.soap.MustUnderstandChecker to throw > an AxisFault, > because of not processed wsse:Security soap header. > > Maybe ther should be a conf-parameter to turn on/off processing > soap messages with soap:Faults? > > > With regards > Grzegorz Grzybek > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
