Help! WSAS ignores "mustUnderstand" soap header parameter

Home » Forums » Project: WSO2 Application Server (WSO2 AS)
daggett's picture
Submitted by daggett on January 13, 2010 - 05:33
In my SOAP11 request I specify mustUnderstand="0" as a parameter of the sequrity header. 
<wsse:Security soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
...
In security header I have UserNameToken. Service that I want to call is not secured. As soon as mustUnderstand=0 (false) server should ignore security header. But all the time i got an error message: 
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Securi>
      at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:102)
      at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
      at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
      at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
      at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(ServletRegistration.java:90)
      at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:111)
      at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:67)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
      at org.wso2.carbon.bridge.BridgeServlet.service(BridgeServlet.java:132)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
      at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
      at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
      at java.lang.Thread.run(Unknown Source)
Then we create a simple handler that removes all mustUnderstand flags where they are set to true: 
package org.abi.axis.handler;

import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axiom.soap.SOAPBody;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import java.util.*;

public class RemoveMustUnderstandAll extends org.apache.axis2.handlers.AbstractHandler {

    public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
        //Setting mustUnderstand equal to true;
       	System.out.println("RemoveMustUnderstandAll: invoke "+msgContext);
        SOAPEnvelope env = msgContext.getEnvelope();
        SOAPHeader header = env.getHeader();
        if(header != null){
            for(Iterator itr = header.getChildElements(); itr.hasNext();){
                SOAPHeaderBlock headerBlock = (SOAPHeaderBlock) itr.next();
                if(headerBlock.getMustUnderstand()){
                	headerBlock.setMustUnderstand(false);
                	System.out.println("RemoveMustUnderstandAll ("+msgContext+"): setMustUnderstand(false) to "+headerBlock.getQName());
                }
            }
        }
        return InvocationResponse.CONTINUE;
    }
}
Registered it in the axis2.xml as a handler: 
    <phaseOrder type="InFlow">
        .......
        <phase name="OperationInPhase">
            <handler name="RemoveMustUnderstandAll"
                     class="org.abi.axis.handler.RemoveMustUnderstandAll"/>
        </phase>
    </phaseOrder>
And in the log we can see that all mustUnderstand for the Security header equals to true... I think it's a bug of WSAS. Or maybe there is a special parameter???
‹ Possible to set number of retries for client stub? Problem hot-deploying Axis2 WS with application scope ›
library project main code
Popular Content
Learn Cloud
Learn
Cloud

How to deploy a web application in StratosLive using Carbon Studio
The WSO2 Application Server is a reliable application server that can host your enterprise web applications. The WSO2 Application Server as a Service is offered in StratosLive, the WSO2 Platform as a Service. This article explains how a simple web application can be developed and deployed from Carbon Studio to the WSO2 Application Server...
more>

Latest Webinar
KPI definition with Business Activity Monitor 2.0
Different groups within an organization need to monitor different Key Performance Indicators (KPIs) - An operations team will be interested in the response times of business services and loads of each service,..
Thursday, February 9th 2012, 09.00 AM (PST)
Register Now!

Thursday, February 9th 2012, 10.00 AM (GMT)
Register Now!