Hi All, I have developed an Axis2-1.3 client (with Rampart 1.3, using an xmlbeans proxy) that calls methods on a secured .NET web service service. I can successfully communicate with the .NET service, however when the .NET server returns a valid fault message the xmlbeans proxy client never receives the returned fault string; instead all the client receives is the following message: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1. 0.xsd : Security
Note that in Axis2-1.2 this was not a problem; my xmlbeans proxy received the correct/expected error string. So, for example, if I call a method on the .NET web service with an invalid parameter in the request document, the .NET web service returns an informative message containing details of the problem. Below is an example of the xml response message received from the .NET server, and to me it appears to be a valid response: <?xml version='1.0' encoding='utf-8'?> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- utility-1.0.xsd"> <s:Header> <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- secext-1.0.xsd" s:mustUnderstand="1"> <u:Timestamp u:Id="_0"> <u:Created>2007-10-12T01:02:16.796Z</u:Created> <u:Expires>2007-10-12T01:07:16.796Z</u:Expires> </u:Timestamp> </o:Security> </s:Header> <s:Body> <s:Fault> <faultcode>s:UnexpectedFault</faultcode> <faultstring xml:lang="en-US">An unexpected error has occurred in the service. System.ServiceModel.FaultException`1[MyDials.Common.ServiceFaults.InvalidReq uestFault]: The dimension member 'Midlands' was included in a dimension reference for the 'Products' dimension, but is not valid. (Fault Detail is equal to MyDials.Common.ServiceFaults.InvalidRequestFault).</faultstring> </s:Fault> </s:Body> </s:Envelope> When I interact with this returned message (through the xmlbeans proxy), the error message I see is the "Must Understand check failed for header ..." rather than the value contained in the faultstring elemrnt of the returned document. The issue appears to be that the received message header contains a (valid) timestamp, as indicated above, however the Axis2 response handler never seems to to process this timestamp in the header, meaning that when the AxisEngine.checkMustUnderstand() performs the headerBlock.isProcessed() test, the result is false and so the "Must understand check failed ..." exception is thrown and my xmlbeans proxy never sees the real faultstring message. I am struggling to understand what is going wrong here ... any guidance on what to fault-find next would be greatly appreciated as after a few days looking at this I am unsure if it is a problem in returned document, or my policy.xml. Thanks, Tim Munro =================== Below is my policy.xml document: <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> </wsp:Policy> </sp:TransportBinding> <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ eToken/AlwaysToRecipient"> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:timestampTTL>300</ramp:timestampTTL> <ramp:timestampMaxSkew>300</ramp:timestampMaxSkew> <ramp:user>cc40b01503ff1f5ededf6d07c3a3c56c_81ea973b-e847-4bba-abc9-e6e69109 3f9d</ramp:user> <!-- passwordCallbackClass is set in mydials config --> <!-- <ramp:passwordCallbackClass>com.mydials.wshelper.PWCBHandler</ramp:passwordC allbackClass> --> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</ramp:prope rty> <ramp:property name="org.apache.ws.security.crypto.merlin.file">MyDialsCert.pfx</ramp:prope rty> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password"></ramp:propert y> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
