AW: Did not understand "MustUnderstand" header(s):

Fri, 28 Apr 2006 06:38:36 -0700

Julie,
 
according to your deployment parameters it seems to me that you do not
use the original WSS4J security handler. The WSS4J security handlers
have some specific code that deal with the "mustunderstand" flag in the
SOAP headers. Maybe you cna check if the derived handlers use or implement
the same or similar mechanisms?
 
Regards,
Werner

Von: Julie McCabe [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 28. April 2006 15:23
An: [email protected]
Betreff: Did not understand "MustUnderstand" header(s):

Hello,

I am using WS-Security Headers through a third-party handler which uses wss4j.  I am trying to make a first attempt to call a service, I get the following error:

Did not understand "MustUnderstand" header(s):
        at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
        at org.apache.axis.client.Call.invoke(Call.java:2710)
        at org.apache.axis.client.Call.invoke(Call.java:2386)
        at org.apache.axis.client.Call.invoke(Call.java:2309)
        at org.apache.axis.client.Call.invoke(Call.java:1766)
        at SecureOperation.Call(SecureOperation.java:182)
        at Client.main(Client.java:85)

I invoke the client with the following properties set:
 -Djava.endorsed.dirs=$CATALINA_HOME/common/endorsed  -Daxis.ClientConfigFile=$CATALINA_HOME/bin/client-config.wsdd

The client-config.wsdd is as follows:
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java=" http://xml.apache.org/axis/wsdd/providers/java ">
    <globalConfiguration>
        <parameter name="adminPassword" value="admin"/>
        <parameter name="sendXsiTypes" value="false"/>
        <parameter name="sendMultiRefs" value="false"/>
        <parameter name="sendXMLDeclaration" value="false"/>

        <parameter name="axis.sendMinimizedElements" value="true"/>
        <parameter name="defaultRequestMessageClassification" value="UNCLASSIFIED"/>

        <requestFlow>
            <handler type="java:mil.dia.nces.security.axis.handler.NCESClientHandler">
                <!-- Set the mustUnderstand attribute of the WSS Security element to true?  Default, if not present, is false. -->
                <parameter name="mustUnderstandWSSHeader" value="true"/>
                <!-- Set the mustUnderstand attribute of the WS-Addressing MessageID element to true?  Default, if not present, is false. -->
                <parameter name="mustUnderstandMessageID" value="false"/>
            </handler>
        </requestFlow>
        <responseFlow>
            <handler type="java:mil.dia.nces.security.axis.handler.NCESClientHandler">
                <parameter name="disableCertificateStatusChecking" value="true"/>
            </handler>
        </responseFlow>
    </globalConfiguration>

    <transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
    <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
    <transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
</deployment>


The service has the following in its server-config.wsdd
<service name="examples/core/factory/SimpleService" provider="Handler" use="literal" style="document">
        <parameter name="className" value="uk.ac.qub.prism.factory.impl.SimpleService"/>
        <wsdlFile>share/schema/uk/ac/qub/prism/factory/schema/Simple_service.wsdl</wsdlFile>
        <parameter name="allowedMethods" value="*"/>
        <parameter name="handlerClass" value="org.globus.axis.providers.RPCProvider"/>
        <parameter name="scope" value="Application"/>
        <parameter name="loadOnStartup" value="true"/>
        <parameter name="allowedRoles" value="INTEL ANALYST"/>
        <parameter name="defaultResponseMessageClassification" value="UNCLASSIFIED"/>
        <parameter name="serviceQName" value="http://localhost:8080/wsrf/services/examples/core/factory/SimpleService#SimpleService "/>
    </service>

I searched this mailing list and could not find anything conclusive, I read from an IBM websphere mailing list that:
"interface doesn't have an actor parameter available to define
the root
actor/role to associate with the header URL parameter. As a
result a
binding isn't being made which the semantic checking code,


activated by
the mustUnderstand flag, uses to determine if the soap header is
understood by the client. If using the deployment descriptor to
register
a handler statically, this actor/role is defined by the


<soap-role>
child element of the <handler> definition block. This limitation
in the
specifications for HandlerInfo causes the inability of
mustUnderstand to"
work when using dynamic handler registration.


which kind of makes sense but I dont know what the implication for the configuration are, I would really apprecipate some help on this matter as ive been stuck on this matter for some time now.

Environment: Java 1.4.2_04-b05, tomcat 4.1.30, fc 5.


Many thanks,
Julie.



Reply via email to