Axis is required to toss back a mustUnderstand fault when it receives a header with mustUnderstand="1" if it doesn't have a handler. All you have to do is configure a handler that removes the wsse:Security header from the message.
Anne On 4/22/05, Jeff Greif <[EMAIL PROTECTED]> wrote: > I have a web service which (at the moment) does not care about > security. The client, however, insists on using WS-Security to sign its > messages, which presumably puts mustUnderstand=1 somewhere in a SOAP > header. Is there some way for the server to process the message without > producing a could-not-understand fault, by using either a WS-Security > handler with a loose policy or even better, a trivial handler or no > handler at all? In what part of the processing is the decision about > mustUnderstand made? > > Jeff > >