0 Replies Latest reply on Jan 3, 2013 1:33 PM by John Ament

    MustUnderstand error with security

    John Ament Master

      Hi All

       

      I am trying to build out a Security based web service, based on this example:

      https://docs.jboss.org/author/display/JBWS/WS-Security#WS-Security-Authenticationandauthorization

       

      When I follow this example, I try to post a document to the deployed service.  Here is that document:

       

      Headers: {accept-encoding=[gzip,deflate], Authorization=[Basic am9obi5kLmFtZW50QGdtYWlsLmNvbTphYmMxMjM=], connection=[Keep-Alive], Content-Length=[1059], content-type=[text/xm

      l;charset=UTF-8], host=[SSI11021:8082], SOAPAction=[""], user-agent=[Apache-HttpClient/4.1.1 (java 1.5)]}

      Payload: <soapenv:Envelope xmlns:sec="http://secure.mycompany.com/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

         <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

         <wsse:UsernameToken wsu:Id="UsernameToken-6">

                <wsse:Username>myusername</wsse:Username>

                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">aCuq2iVcyJ5AvUBw/FLrBkjNpgM=</wsse:Password>

                <wsse:NonceEncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">rm4xHQrLQiO+9Zdf2nIA2Q==</wsse:Nonce>

                <wsu:Created>2013-01-03T17:40:43.245Z</wsu:Created>

         </wsse:UsernameToken>

         </wsse:Security>

         </soapenv:Header>

         <soapenv:Body>

            <sec:sayHello>

               <!--Optional:-->

               <arg0>Bob</arg0>

            </sec:sayHello>

         </soapenv:Body>

      </soapenv:Envelope>

       

      12:40:43,493 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http--0.0.0.0-8082-2) Interceptor for {http://secure.mycompany.com/}ServiceImplService#{http://secure.mycompany.com/}sayHello has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.

       

      This results in no credentials being passed to the webservice.