You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Bob Wall (JIRA)" <ji...@apache.org> on 2009/12/31 19:55:29 UTC
[jira] Commented: (RAMPART-197) Rampart handler not processing empty security header with mustUnderstand="1"

    [ https://issues.apache.org/jira/browse/RAMPART-197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12795640#action_12795640 ] 

Bob Wall commented on RAMPART-197:
----------------------------------

We are seeing this same problem with an Axis2/Java client.  Looks like it's been sitting around for a year or more - is there any plan to fix this?


> Rampart handler not processing empty security header with mustUnderstand="1"
> ----------------------------------------------------------------------------
>
>                 Key: RAMPART-197
>                 URL: https://issues.apache.org/jira/browse/RAMPART-197
>             Project: Rampart
>          Issue Type: Improvement
>    Affects Versions: 1.4
>         Environment: Oracle application server 10.1.3, embedded OC4J in JDeveloper & Eclipse used for testing.
>            Reporter: Taariq Levack
>            Assignee: Nandana Mihindukulasooriya
>             Fix For: 1.4
>
>
> The application server returns a response that contains an empty security header and this is not processed by the Rampart handler and a fault is generated.
> As per Nandana the solution is to flag the empty header as processed when it expects nothing in the security header, for interoperability.
> This is the request header, simple username token....
> <soapenv:Header>
>          <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
>             <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-3201085">
>                <wsse:Username>USERNAME</wsse:Username>
>                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
>             </wsse:UsernameToken>
>          </wsse:Security>
>       </soapenv:Header>
> And this is the response header
> <env:Header>
>       <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1"/>
>    </env:Header>
> Exception in thread "main" org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
>       at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:102)
>       at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:166)
>       at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363)
>       at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
>       at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
>       at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
>       at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548)
>       at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.