Hi Taariq, The reason for this is, empty security header (with must understand header set 1) being not processed by any of the handlers. Normally security header is processed by Rampart module but in this case after reading the policy Rampart decides that there is nothing to be processed in the response as response doesn't need to have a security header. But before handing over the message to the service, Axis Engine checks whether all must understand headers are processed and fault if not. We have successfully tested this scenario with Axis2 <-> Axis2 and Axis2 <-> WCF but in both cases Aixs2/WCF doesn't generate empty security headers when security header is not necessary. Are you using oracle server ? I personally believe that we don't need to send empty security headers when there is nothing to be send in the security header but we can make Rampart to flag empty security header as processed when it expects nothing in the security header for interoperability. Please create a issue in the Rampart JIRA and it will be fixed. I don't recommend going back to Axis2 1.3 / Rampart 1.3 just because of this issue as there has been lot of improvements in both Axis2 and Rampart since 1.3.
thanks, nandana [1] - http://issues.apache.org/jira/browse/Rampart On Tue, Sep 30, 2008 at 2:03 AM, Taariq Levack <[EMAIL PROTECTED]>wrote: > For the next one to fall into this trap, it's not worth it. > Move swiftly along and download Axis 1.3 and Rampart 1.3. > > -----Original Message----- > From: Taariq Levack [mailto:[EMAIL PROTECTED] > Sent: 29 September 2008 17:26 > To: axis-user@ws.apache.org > Subject: RE: I must understand the "must understand" fault > > If I set a breakpoint in AxisEngine and force the SOAPHeaderBlock's > "mustUnderstand" to "0" it works. > Obviously I don't want to change that code, I don't even understand why its > checked on the response, is it a bug at all? > > The method isReceiverMustUnderstandProcessor checks if its server side and > returns which it's not, or if the receiver's name ends in > JAXWSMessageReceiver, if it's not null, which it is. > > I've attached the policy.xml file if that has anything to do with it. > > > > From: Taariq Levack [mailto:[EMAIL PROTECTED] > Sent: 29 September 2008 13:13 > To: axis-user@ws.apache.org > Subject: I must understand the "must understand" fault > > Hi > > The exception happens at the client side, after the request is sent, > authenticated and response returned. > Seems to me that the Axis engine doesn't expect the security header in the > response. > SoapUi client works, and the Oracle generated client works, surprisingly. > > > This is the request header, simple username token.... > <soapenv:Header> > <wsse:Security xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > soapenv:mustUnderstand="1"> > <wsse:UsernameToken xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > wsu:Id="UsernameToken-3201085"> > <wsse:Username>USERNAME</wsse:Username> > <wsse:Password Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">PASSWORD</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > </soapenv:Header> > > And this is the response header > <env:Header> > <wsse:Security xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > xmlns=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" > env:mustUnderstand="1"/> > </env:Header> > > Configuration.... > Axis 1.4 > Rampart 1.4. > The service is deployed in an oracle container, OC4J. > The client was generated using Axis and the config is copied from the > Rampart samples. > > Exception in thread "main" org.apache.axis2.AxisFault: Must Understand > check failed for header > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd: > Security > at > org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:102) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:166) > at > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363) > at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) > at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > at > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548) > at > org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528) > > Thanks in advance for looking at the one millionth "must understand" error. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/ http://www.wso2.org