You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Jeff Greif <jg...@alumni.princeton.edu> on 2005/04/23 03:43:34 UTC

ignoring client WS-Security headers on the server

I have a web service which (at the moment) does not care about 
security.  The client, however, insists on using WS-Security to sign its 
messages, which presumably puts mustUnderstand=1 somewhere in a SOAP 
header.  Is there some way for the server to process the message without 
producing a could-not-understand fault, by using either a WS-Security 
handler with a loose policy or even better, a trivial handler or no 
handler at all?  In what part of the processing is the decision about 
mustUnderstand made?

Jeff

AXIS 1.2 RC3 silent exceptions

Posted by Gerry Gao <gj...@hotmail.com>.

Hi guys,

When upgrading my AXIS libraries from 1.1 to 1.2 RC3 I got the some silent exceptions (axis didn't throw them out) in AXIS. Any ideas?

Here is a sample:

org.apache.axis.ConfigurationException: No service named XxxYyyyService is available
        at org.apache.axis.configuration.FileProvider.getService(FileProvider.java:233)
        at org.apache.axis.AxisEngine.getService(AxisEngine.java:311)
        at org.apache.axis.MessageContext.setTargetService(MessageContext.java:755)
        at org.apache.axis.client.Call.invoke(Call.java:2660)
        at org.apache.axis.client.Call.invoke(Call.java:2413)
        at org.apache.axis.client.Call.invoke(Call.java:2336)
        at org.apache.axis.client.Call.invoke(Call.java:1793)
        ...

regards
Gerry

Re: ignoring client WS-Security headers on the server

Posted by Anne Thomas Manes <at...@gmail.com>.

Axis is required to toss back a mustUnderstand fault when it receives
a header with mustUnderstand="1" if it doesn't have a handler. All you
have to do is configure a handler that removes the wsse:Security
header from the message.

Anne

On 4/22/05, Jeff Greif <jg...@alumni.princeton.edu> wrote:
> I have a web service which (at the moment) does not care about
> security.  The client, however, insists on using WS-Security to sign its
> messages, which presumably puts mustUnderstand=1 somewhere in a SOAP
> header.  Is there some way for the server to process the message without
> producing a could-not-understand fault, by using either a WS-Security
> handler with a loose policy or even better, a trivial handler or no
> handler at all?  In what part of the processing is the decision about
> mustUnderstand made?
> 
> Jeff
> 
>