[jira] Created: (RAMPART-197) Rampart handler not processing empty security header with mustUnderstand="1"

Tue, 30 Sep 2008 01:08:49 -0700 

Rampart handler not processing empty security header with mustUnderstand="1"
----------------------------------------------------------------------------

                 Key: RAMPART-197
                 URL: https://issues.apache.org/jira/browse/RAMPART-197
             Project: Rampart
          Issue Type: Improvement
    Affects Versions: 1.4
         Environment: Oracle application server 10.1.3, embedded OC4J in 
JDeveloper & Eclipse used for testing.
            Reporter: Taariq Levack
            Assignee: Ruchith Udayanga Fernando
             Fix For: 1.4


The application server returns a response that contains an empty security 
header and this is not processed by the Rampart handler and a fault is 
generated.
As per Nandana the solution is to flag the empty header as processed when it 
expects nothing in the security header, for interoperability.

This is the request header, simple username token....
<soapenv:Header>
         <wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 soapenv:mustUnderstand="1">
            <wsse:UsernameToken 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 wsu:Id="UsernameToken-3201085">
               <wsse:Username>USERNAME</wsse:Username>
               <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>PASSWORD</wsse:Password>
            </wsse:UsernameToken>
         </wsse:Security>
      </soapenv:Header>

And this is the response header
<env:Header>
      <wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"; env:mustUnderstand="1"/>
   </env:Header>

Exception in thread "main" org.apache.axis2.AxisFault: Must Understand check 
failed for header 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
 : Security
      at 
org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:102)
      at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:166)
      at 
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363)
      at 
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
      at 
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
      at 
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
      at 
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548)
      at 
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:528)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to