[
https://issues.apache.org/jira/browse/AXIS2-5347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398626#comment-13398626
]
Andreas Veithen commented on AXIS2-5347:
----------------------------------------
Note that your description of the issue doesn't match the SOAP response shown:
the HTTP status code is 202, not 200.
> Axis returns an HTTP OK when it should return an HTTP Error response
> --------------------------------------------------------------------
>
> Key: AXIS2-5347
> URL: https://issues.apache.org/jira/browse/AXIS2-5347
> Project: Axis2
> Issue Type: Bug
> Affects Versions: 1.6.0
> Environment: RHEL
> Reporter: Bill Resnicow
> Priority: Minor
>
> A SOAP message is sent from one server to another using Axis2 1.6.0.
> Rampart is engaged on the sender but not on the receiving server. The Soap
> message contains a security header with 'Must Understand' set to TRUE. The
> receiving server processes the Soap headers and because Rampart is not
> engaged, it rejects it. But the HTTP response sent back is an HTTP 200 OK,
> whereas it should be an HTTP Error response.
> Here is a snippet of the SOAP message:
> POST /messaging/services/Messaging HTTP/1.1
> Content-Type: application/soap+xml; charset=UTF-8;
> action="http://docs.oasis-open.org/wsn/bw-2/NotificationConsumer/Notify";
> User-Agent: Axis2
> Host: nob-00240-soem.wint.army.mil:8080
> Content-Length: 5110
> <?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope
> xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";>
> <soapenv:Header
> xmlns:wsa="http://www.w3.org/2005/08/addressing";><wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="true">
> <wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>
> wsu:Id="Timestamp-41"><wsu:Created>2012-04-11T16:54:03.738Z</wsu:Created><wsu:Expires>2012-04-11T16:59:03.738Z</wsu:Expires></wsu:Timestamp>
> ...
> Response:
> HTTP/1.1 202 Accepted
> Content-Length: 0
> Date: Wed, 11 Apr 2012 16:54:03 GMT
> Server: null
> and here is the Axis log:
> <WINT_Event logger="org.apache.axis2.engine.AxisEngine"
> timestamp="1334163243813" ddmsTimeFormat="2012-04-11T16:54:03.813Z"
> level="ERROR" thread="http-0.0.0.0-8080-1">
> <WINT_Message>Must Understand check failed for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> : Security</WINT_Message>
> <WINT_Throwable>org.apache.axis2.AxisFault: Must Understand check failed
> for header
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> : Security at
> org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97) at
> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142) at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
