Hello,
Sorry my mail client sent the previous message before I got it finished ....
I did a quick search through the code and there is manipulation of the mustUnderstand flag - although Im not sure if it is similar to the wss4j handler - would the source code of the handler be a good place to look?
Sorry I just realised my original client-config.wsdd was incorrect - this is what it should be: (snippet which was incorrect)
<requestFlow>
<handler type="java:mil.dia.nces.security.axis.handler.NCESClientHandler">
<!-- Set the mustUnderstand attribute of the WSS Security element to true? Default, if not present, is false. --><parameter name="mustUnderstandWSSHeader" value="false"/>
<!-- Set the mustUnderstand attribute of the WS-Addressing MessageID element to true? Default, if not present, is false. -->
<parameter name="mustUnderstandMessageID" value="false"/>
</handler>
Notice that the mustUnderstandWSSHeader is set to false. The error message I reported is what happens when this parameter is set to false. When I put the mustUnderstandWSSHeader to true I get an error message which says this is an invalid value for the attribute ... which doesnt seem right?
I dont think the NCESClientHandler includes the WSDoAllSender handler but it uses the wss4j API extensively - I think it was developed with an earlier version of wss4j - perhaps the WSDoAllSender handler was not available? Im trying to get this handler working with wss4j 1.0.
Regards,
Julie.
On 4/28/06, Dittmann, Werner <[EMAIL PROTECTED] > wrote:Julie,according to your deployment parameters it seems to me that you do notuse the original WSS4J security handler. The WSS4J security handlershave some specific code that deal with the "mustunderstand" flag in theSOAP headers. Maybe you cna check if the derived handlers use or implementthe same or similar mechanisms?Regards,Werner
Von: Julie McCabe [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 28. April 2006 15:23
An: [email protected]
Betreff: Did not understand "MustUnderstand" header(s):Hello,
I am using WS-Security Headers through a third-party handler which uses wss4j. I am trying to make a first attempt to call a service, I get the following error:
Did not understand "MustUnderstand" header(s):
at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:96)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2727)
at org.apache.axis.client.Call.invoke(Call.java:2710)
at org.apache.axis.client.Call.invoke(Call.java:2386)
at org.apache.axis.client.Call.invoke(Call.java:2309)
at org.apache.axis.client.Call.invoke(Call.java:1766)
at SecureOperation.Call(SecureOperation.java:182)
at Client.main(Client.java:85)
I invoke the client with the following properties set:
-Djava.endorsed.dirs=$CATALINA_HOME/common/endorsed -Daxis.ClientConfigFile=$CATALINA_HOME/bin/client-config.wsdd
The client-config.wsdd is as follows:
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java=" http://xml.apache.org/axis/wsdd/providers/java ">
<globalConfiguration>
<parameter name="adminPassword" value="admin"/>
<parameter name="sendXsiTypes" value="false"/>
<parameter name="sendMultiRefs" value="false"/>
<parameter name="sendXMLDeclaration" value="false"/>
<parameter name="axis.sendMinimizedElements" value="true"/>
<parameter name="defaultRequestMessageClassification" value="UNCLASSIFIED"/>
<requestFlow>
<handler type="java:mil.dia.nces.security.axis.handler.NCESClientHandler">
<!-- Set the mustUnderstand attribute of the WSS Security element to true? Default, if not present, is false. -->
<parameter name="mustUnderstandWSSHeader" value="true"/>
<!-- Set the mustUnderstand attribute of the WS-Addressing MessageID element to true? Default, if not present, is false. -->
<parameter name="mustUnderstandMessageID" value="false"/>
</handler>
</requestFlow>
<responseFlow>
<handler type="java:mil.dia.nces.security.axis.handler.NCESClientHandler">
<parameter name="disableCertificateStatusChecking" value="true"/>
</handler>
</responseFlow>
</globalConfiguration>
<transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
</deployment>
The service has the following in its server-config.wsdd
<service name="examples/core/factory/SimpleService" provider="Handler" use="literal" style="document">
<parameter name="className" value="uk.ac.qub.prism.factory.impl.SimpleService"/>
<wsdlFile>share/schema/uk/ac/qub/prism/factory/schema/Simple_service.wsdl</wsdlFile>
<parameter name="allowedMethods" value="*"/>
<parameter name="handlerClass" value="org.globus.axis.providers.RPCProvider"/>
<parameter name="scope" value="Application"/>
<parameter name="loadOnStartup" value="true"/>
<parameter name="allowedRoles" value="INTEL ANALYST"/>
<parameter name="defaultResponseMessageClassification" value="UNCLASSIFIED"/>
<parameter name="serviceQName" value=" http://localhost:8080/wsrf/services/examples/core/factory/SimpleService#SimpleService "/>
</service>
I searched this mailing list and could not find anything conclusive, I read from an IBM websphere mailing list that:"interface doesn't have an actor parameter available to define
the root
actor/role to associate with the header URL parameter. As a
result a
binding isn't being made which the semantic checking code,
activated by
the mustUnderstand flag, uses to determine if the soap header is
understood by the client. If using the deployment descriptor to
register
a handler statically, this actor/role is defined by the
<soap-role>
child element of the <handler> definition block. This limitation
in the
specifications for HandlerInfo causes the inability of
mustUnderstand to"
work when using dynamic handler registration.
which kind of makes sense but I dont know what the implication for the configuration are, I would really apprecipate some help on this matter as ive been stuck on this matter for some time now.
Environment: Java 1.4.2_04-b05, tomcat 4.1.30, fc 5.
Many thanks,
Julie.
