5 Replies Latest reply on Feb 7, 2014 7:00 PM by Chris Cab

    How can I change mustUnderstand attribute of wsse:security e

    Mario Van Vlasselaer Newbie


      I'm writing a client for a webservice that requires message signing. I've configured it in the jboss-wsse-client.xml. Hence the generated soap envelope header contains something like:

      <wsse:Security env:mustUnderstand='1' ...></wsse:Security>

      Question: how can I set mustUnderstand to 0 (as is required by the webservice I'm calling) or put differently: how can I change the security element generated by JBoss?

      I thought I could modify it in a soap handler (configured in the application-client.xml), but the soapHeader doesn't seem to have the wsse:Security childElements at that time. My soap handler extends


        • 1. Re: How can I change mustUnderstand attribute of wsse:securi
          Mario Van Vlasselaer Newbie

          Another question whose answer might solve my previously stated problem:
          How can I create a handler that gets invoked after the WSSecurityHandlerOutbound? Where would I define that handler?


          • 2. Re: How can I change mustUnderstand attribute of wsse:securi
            Alessio Soldano Master

            The WS-Security handler you're talking about is configured as a post-handler. To have your handler invoked after it you need to add your handler to the jbossws configuration you're using.

            • 3. Re: How can I change mustUnderstand attribute of wsse:securi
              Mario Van Vlasselaer Newbie

              Thanks for the info! I tried your suggestion but run into another problem:

              After I added in my own post handler, the outgoing soap message did not contain the wsse:Security element anymore! I basically got an empty header

              my debug log shows:
              INFO [STDOUT] org.jboss.ws.soap.SOAPHeaderImpl@1093b10[[env:Header: null]]
              INFO [STDOUT] org.jboss.ws.soap.SOAPBodyImpl@104a340[[env:Body: null]]
              INFO [STDOUT] org.jboss.ws.soap.SOAPHeaderElementImpl@c22b28[[wsse:Security: null]]

              In my post handler I did not do anything except print out the header child elements as shown below, so I don't understand how the security element got removed. Here's my code and configuration (I'm using jboss4.0.4.GA and jbossws1.0.3.GA):

              I added my post-handler to the standard-jbossws-client-config.xml as followed:

              <?xml version="1.0" encoding="UTF-8"?>
              <!-- $Id: standard-jbossws-client-config.xml 283 2006-05-05 23:08:11Z jason.greene@jboss.com $ -->
              <jbossws-config xmlns="urn:jboss:jbossws-config:5.0"
               xsi:schemaLocation="urn:jboss:jbossws-config:5.0 http://www.jboss.com/xml/jbossws-config_1_0.xsd">
               <config-name>Standard Secure Client</config-name>
               <handler> <j2ee:handler-name>WSSecurityHandlerOutbound</j2ee:handler-name>

              My handler looks like this:

              public class MyOutboundHandler extends GenericHandler {
              public MyOutboundHandler () {};
              public boolean handleRequest(MessageContext msgContext) {
              SOAPMessage soapMessage = ((SOAPMessageContext)msgContext).getMessage();
               SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope();
               SOAPHeader soapHeader = soapEnvelope.getHeader();
               Iterator it4 = soapHeader.getAllAttributes();
               while (it4.hasNext()) {
               Iterator it = soapHeader.getChildElements();
               while (it.hasNext()) {

              Any idea what I'm doing wrong?


              • 4. Re: How can I change mustUnderstand attribute of wsse:securi
                Mario Van Vlasselaer Newbie

                I was able to change the "mustUnderstand" attribute of the wsse:Security element by using the following code:

                public class SpimTestingOutboundSOAPHandler
                 extends WSSecurityHandlerOutbound {
                 public boolean handleRequest(MessageContext msgContext) {
                 if (debug) logger.debug("handleRequest() entered.");
                 SOAPMessage soapMessage = ((SOAPMessageContext)msgContext).getMessage();
                 Element sel = Util.findElement(soapMessage.getSOAPPart().getDocumentElement(), new QName(org.jboss.ws.wsse.Constants.WSSE_NS, "Security"));
                 sel.setAttributeNS(Constants.NS_SOAP11_ENV, Constants.PREFIX_ENV + ":" + Constants.SOAP11_ATTR_MUST_UNDERSTAND, "0");
                 if (debug) logger.debug("handleRequest() exited.");
                 return true;

                Problem solved!


                • 5. Re: How can I change mustUnderstand attribute of wsse:security e
                  Chris Cab Newbie

                  I know this is really old, but do you think you could show the imported classes for the class SpimTestingOutboundSOAPHandler?  I'm having trouble finding the correct findElement method.