Hello. > strange behaviour at all. I'll try to get some info from the > Oasis guys if in case of a SOAP fault the security headers > should be processed.
I would be very nice :) > > In you specific case I would suspect that the processing of > that incoming security headers fail because you probably > don't have the certificates or root certificates to verify > the received Signature or to validate the certificate path. > Let me summarize: 1. In my test case, I've deployed a server with the <responseFlow>'s <parameter name="action" value="Timestamp Signature"/> (WSDoAllSender) - Client's <responseFlow> (WSDoAllREceiver) has the same action parameter set. - When everything's OK, client's response handler properly handles all security headers (signature verification). SOAP response contains wsse:Security header (mustUnderstand=1) - When my WS method throws general AxisFault, everything's still fine - the SOAP response doesn't contains ANY soap headers, but WSS4J 1.1.0's WSDoAllReceiver skips processing it's configured actions (Timestamp and Signature) because of soap:Body/soap:Fault. 2. But in the case of .NET (1.1) + WSE (I think 2.0) it's different: - Client's <responseFlow> is the same (Timestamp Signature) - I have not been able NOT to receive soap:Faults, but it doesn't matter :) - The .NET WSE rejects my certificate ad signals it in soap:Faults (according to WSE 1.0/1.1 spec) - But it also applies all wsse:Security elements in soap:Header... - standard WSS4J 1.1.0's WSDoAllReceiver detects soap:Faults and returns from invoke() - eventually MustUnderstandChecker throws AxisFault with message "Did not understand "MustUnderstand" header(s)" I think, that in case of server it should be almost obvious that when message contains soap:Faults, there should be no security processing (it's even stated in WSE 1.0 spec - "because of DoS and cryptographic attacks") and generating reposne security headers. But the client's WSDoAllReceiver SHOULD process all its headers simply to get rid of the "Did not understand "MustUnderstand" header(s)" AxisFault. In my application (I must finish it today :) I simply put an AND clause: && WSSecurityUtil.findElement(root, "Security", WSSE_NS_OASIS_1_0) == null while deciduig wether to quit WSDoAllReceiver's invoke()... Thanks for all the answers! I'm looking forward to see how this would end (what would say the Oasis guys :). Best regards Grzegorz Grzybek --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
