Geek Answers Handbook

How do I resolve a JAX_WS web service call "MustUnderstand headers are not understood"?

I am using the SOAPUI tool to access the JAX-WS web services deployed in Weblogic 10.3.2

Request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.pc3.polk.com/"> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsu:Timestamp wsu:Id="Timestamp-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2010-12-03T21:10:43Z</wsu:Created> <wsu:Expires>2010-12-03T21:44:03Z</wsu:Expires> </wsu:Timestamp> <wsu:Timestamp wsu:Id="Timestamp-60" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Created>2010-12-03T20:10:39Z</wsu:Created> <wsu:Expires>2010-12-03T20:43:59Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken wsu:Id="UsernameToken-59" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>rwerqre</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ewrqwrwerqer</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Nmw0ksmiOX+hkiSoWb2Rjg==</wsse:Nonce> <wsu:Created>2010-12-03T20:10:39.649Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <ws:getMetadata/> </soapenv:Body> </soapenv:Envelope>

Answer:

 <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <S:Body> <SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <faultcode>SOAP-ENV:MustUnderstand</faultcode> <faultstring>MustUnderstand headers:[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood</faultstring> </SOAP-ENV:Fault> </S:Body> </S:Envelope>
+6
web-services jax-ws webservice-client
source share
5 answers

You can configure a dummy SOAPHandler for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security , which marks this header as "friendly".

Or you can change the SOAP request (from the subscriber) to set mustUnderstand="0" in the security header.

Security example SOAP header with mustUnderstand="0" :

 <S:Header xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <wsse:Security S:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>USERNAME</wsse:Username> <wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password> </wsse:UsernameToken> </wsse:Security> </S:Header>
+7
source share

After much research, this article solves this problem.

http://dwuysan.wordpress.com/2012/04/02/jax-ws-wsimport-and-the-error-mustunderstand-headers-not-understood/#comment-215

+6
source share

According to the WS Security Specification: The processor MUST after decrypting the encrypted header block process the decrypted header block in accordance with the SOAP processing guidelines. The receiver MUST raise an error if any content necessary for the header block to be properly processed remains encrypted or if the header of the decrypted SOAP is not understood and the value of the S12: mustUnderstand or S11: mustUnderstand attribute in the decrypted header block is true. Please note that in order to comply with SOAP processing rules in this case, the processor must roll back any permanent effects of processing the security header, for example, save the received token. Therefore, please check the configuration of CallbackHandlers.

+2
source share

The problem with handlers. You must add the following to your handler implementation.

 public Set<QName> getHeaders() { final QName securityHeader = new QName( "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security", "wsse"); final HashSet headers = new HashSet(); headers.add(securityHeader); return headers; }
0
source share

In SOAP UI Navigator,

right-click your project-> Show Project View-> WS-Security Configuration-> Outbound WS-Security Configurations Uncheck the box to understand, and then send the request.

-one
source share

More articles:


All Articles