You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Tim Munro (myDIALS)" <ti...@mydials.com> on 2007/08/26 12:24:16 UTC
"Must Understand check failed" (Rampart-1.3 Release Take 2)
Hi Guys,
I am upgrading/testing with an Axis2-1.3/Rampart-1.3 client connecting to a
.NET web service. I am using a policy file to define the security
requirements. When I attempt to call some of the .NET web services I get the
error shown below. Can anyone:
1. Direct me towards this error may mean?
2. Let me know if I can disable this "Must Understand" check through the
policy.xml?
3. Let me know what diagnoistics I should gather to further fault-find the
issue
Note that some (secured) web service calls work.
Thanks and regards,
Tim Munro
ERROR BELOW:
============
Must Understand check failed for header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.xsd : Security
at com.mydials.wshelper.MyDialsWSHelper.submitData(MyDialsWSHelper.java:250)
at com.mydials.test.TestMain.main(TestMain.java:40)
Caused by: org.apache.axis2.AxisFault: Must Understand check failed for
header
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.
0.xsd : Security
at
org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:86)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:135)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAx
isOperation.java:336)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperatio
n.java:389)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisO
peration.java:211)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at
com.mydials.DataSubmissionApiStub.SubmitData(DataSubmissionApiStub.java:298)
at com.mydials.wshelper.MyDialsWSHelper.submitData(MyDialsWSHelper.java:245)
POLICY.XML BELOW
================
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
eToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:timestampTTL>300</ramp:timestampTTL>
<ramp:timestampMaxSkew>300</ramp:timestampMaxSkew>
<ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6e69109
3f9d</ramp:user>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp:prope
rty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp:prope
rty>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:propert
y>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>