You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Jeff Greif <jg...@alumni.princeton.edu> on 2005/04/23 03:43:34 UTC
ignoring client WS-Security headers on the server
I have a web service which (at the moment) does not care about
security. The client, however, insists on using WS-Security to sign its
messages, which presumably puts mustUnderstand=1 somewhere in a SOAP
header. Is there some way for the server to process the message without
producing a could-not-understand fault, by using either a WS-Security
handler with a loose policy or even better, a trivial handler or no
handler at all? In what part of the processing is the decision about
mustUnderstand made?
Jeff
AXIS 1.2 RC3 silent exceptions
Posted by Gerry Gao <gj...@hotmail.com>.
Hi guys,
When upgrading my AXIS libraries from 1.1 to 1.2 RC3 I got the some silent exceptions (axis didn't throw them out) in AXIS. Any ideas?
Here is a sample:
org.apache.axis.ConfigurationException: No service named XxxYyyyService is available
at org.apache.axis.configuration.FileProvider.getService(FileProvider.java:233)
at org.apache.axis.AxisEngine.getService(AxisEngine.java:311)
at org.apache.axis.MessageContext.setTargetService(MessageContext.java:755)
at org.apache.axis.client.Call.invoke(Call.java:2660)
at org.apache.axis.client.Call.invoke(Call.java:2413)
at org.apache.axis.client.Call.invoke(Call.java:2336)
at org.apache.axis.client.Call.invoke(Call.java:1793)
...
regards
Gerry
Re: ignoring client WS-Security headers on the server
Posted by Anne Thomas Manes <at...@gmail.com>.
Axis is required to toss back a mustUnderstand fault when it receives
a header with mustUnderstand="1" if it doesn't have a handler. All you
have to do is configure a handler that removes the wsse:Security
header from the message.
Anne
On 4/22/05, Jeff Greif <jg...@alumni.princeton.edu> wrote:
> I have a web service which (at the moment) does not care about
> security. The client, however, insists on using WS-Security to sign its
> messages, which presumably puts mustUnderstand=1 somewhere in a SOAP
> header. Is there some way for the server to process the message without
> producing a could-not-understand fault, by using either a WS-Security
> handler with a loose policy or even better, a trivial handler or no
> handler at all? In what part of the processing is the decision about
> mustUnderstand made?
>
> Jeff
>
>