Hi Taariq,
The reason for this is, empty security header (with must
understand header set 1) being not processed by any of the handlers.
Normally security header is processed by Rampart module but in this case
after reading the policy Rampart decides that there is nothing to be
processed in the response as response doesn't need to have a security
header. But before handing over the message to the service, Axis Engine
checks whether all must understand headers are processed and fault if not.
We have successfully tested this scenario with Axis2 <-> Axis2 and Axis2 <->
WCF but in both cases Aixs2/WCF doesn't generate empty security headers when
security header is not necessary. Are you using oracle server ?
I personally believe that we don't need to send empty security
headers when there is nothing to be send in the security header but we can
make Rampart to flag empty security header as processed when it expects
nothing in the security header for interoperability. Please create a issue
in the Rampart JIRA and it will be fixed. I don't recommend going back to
Axis2 1.3 / Rampart 1.3 just because of this issue as there has been lot of
improvements in both Axis2 and Rampart since 1.3.
thanks,
nandana
[1] - http://issues.apache.org/jira/browse/Rampart
On Tue, Sep 30, 2008 at 2:03 AM, Taariq Levack
<[EMAIL PROTECTED]>wrote:
> For the next one to fall into this trap, it's not worth it.
> Move swiftly along and download Axis 1.3 and Rampart 1.3.
>
> -----Original Message-----
> From: Taariq Levack [mailto:[EMAIL PROTECTED]
> Sent: 29 September 2008 17:26
> To: axis-user@ws.apache.org
> Subject: RE: I must understand the "must understand" fault
>
> If I set a breakpoint in AxisEngine and force the SOAPHeaderBlock's
> "mustUnderstand" to "0" it works.
> Obviously I don't want to change that code, I don't even understand why its
> checked on the response, is it a bug at all?
>
> The method isReceiverMustUnderstandProcessor checks if its server side and
> returns which it's not, or if the receiver's name ends in
> JAXWSMessageReceiver, if it's not null, which it is.
>
> I've attached the policy.xml file if that has anything to do with it.
>
>
>
> From: Taariq Levack [mailto:[EMAIL PROTECTED]
> Sent: 29 September 2008 13:13
> To: axis-user@ws.apache.org
> Subject: I must understand the "must understand" fault
>
> Hi
>
> The exception happens at the client side, after the request is sent,
> authenticated and response returned.
> Seems to me that the Axis engine doesn't expect the security header in the
> response.
> SoapUi client works, and the Oracle generated client works, surprisingly.
>
>
> This is the request header, simple username token....
> <soapenv:Header>
> <wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="UsernameToken-3201085">
> <wsse:Username>USERNAME</wsse:Username>
> <wsse:Password Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> ">PASSWORD</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
>
> And this is the response header
> <env:Header>
> <wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> xmlns="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";
> env:mustUnderstand="1"/>
> </env:Header>
>
> Configuration....
> Axis 1.4
> Rampart 1.4.
> The service is deployed in an oracle container, OC4J.
> The client was generated using Axis and the config is copied from the
> Rampart samples.
>
> Exception in thread "main" org.apache.axis2.AxisFault: Must Understand
> check failed for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:
> Security
> at
> org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:102)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:166)
> at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)
>
> Thanks in advance for looking at the one millionth "must understand" error.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org
