The Oasis 1.0 specification states: All compliant implementations MUST declare which profiles they support and MUST be able to process a <wsse:Security> element including any sub-elements which may be defined by that profile.
but it then says: When a <wsse:Security> header includes a mustUnderstand="true" attribute:... The first would make me think that you HAD to have mustUnderstand="true" in the Security header. The latter would make me think that it's optional... RonnieMJ wrote: > > Does rampart version 1.4 default mustUnderstand to 1? I'm getting the > famous error, and am using a policy to set my configurations in code > (client side ONLY). > > My wsse:security tag ends up as mustunderstand="1". > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > soapenv:mustUnderstand="1"> > > The security isn't set in the WSDL. I am using axis2 1.4.1. > > I've seen the WSDL2Constants flag, but I'm not using WSDL2Constants. > > Just the plain old: > > options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, > loadPolicy(confDir + "/clientSecurityPolicy.xml")); > stub._getServiceClient().setOptions(options); > > > stub._getServiceClient().engageModule("rampart"); > > > I also don't have access to or control over what is used on the service > side (external). > > -- View this message in context: http://www.nabble.com/Rampart-1.4-mustUnderstand-tp19926442p20014731.html Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]