Details
-
Question
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.7.0
-
None
-
None
Description
It seems Rampart 1.7.0 has some breaking changes with no backward compatibility[1], so please tell me how to use WS-Security(UsernameToken) with it.
In Rampart 1.7.0, WSDoAllHandler was removed[2] which process WS-Security header processes in 1.6.4. So, I got the error on the server side consumes UsernameToken with Rampart 1.7.0 .
SEVERE [http-nio-8080-exec-8] org.apache.axis2.engine.AxisEngine.receive Must Understand check failed for headers: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security org.apache.axis2.AxisFault: Must Understand check failed for headers: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security at org.apache.axis2.jaxws.handler.HandlerUtils.checkMustUnderstand(HandlerUtils.java:160) [...]
I've created a simple reproducer[3] which has 2 projects.
- Axis2 1.6.4 + Rampart 1.6.4: OK
- Axis2 1.7.3 + Rampart 1.7.0: NG
- If you change Rampart 1.6.4, it should work fine.
[1] http://axis.apache.org/axis2/java/rampart/release-notes/1.7.0.html
[2] https://github.com/apache/rampart/commit/1863364037019275f70e66cf77d1f092bf3bd984
[3] https://github.com/emag-notes/axis2-ws-security