[prev in list] [next in list] [prev in thread] [next in thread]
List: axis-user
Subject: RE: Must Understand check failed for header
From: Martin Gainty <mgainty () hotmail ! com>
Date: 2011-06-27 22:24:31
Message-ID: BLU142-W2104C42489AC7298E6E24FAE570 () phx ! gbl
[Download RAW message or body]
mustUnderstand attribute is added to SOAPEnvelope (element) before transmission e.g.
env.addAttribute(Constants.URI_SOAP11_ENV, "mustUnderstand", "1");
here is the entire file:
/*
* The Apache Software License, Version 1.1
* Copyright (c) 2001-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Axis" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package samples.security;
import org.apache.axis.Constants;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.client.AxisClient;
import org.apache.axis.configuration.NullProvider;
import org.apache.axis.encoding.SerializationContext;
import org.apache.axis.encoding.SerializationContext;
import org.apache.axis.encoding.DeserializationContext;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.message.SOAPHeaderElement;
import org.apache.axis.utils.Mapping;
import org.apache.axis.utils.Messages;
import org.apache.axis.utils.XMLUtils;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
import java.io.FileInputStream;
import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
public class SignedSOAPEnvelope extends SOAPEnvelope {
static String SOAPSECNS = "http://schemas.xmlsoap.org/soap/security/2000-12";
static String SOAPSECprefix = "SOAP-SEC";
static String keystoreType = "JKS";
static String keystoreFile = "keystore.jks";
static String keystorePass = "xmlsecurity";
static String privateKeyAlias = "test";
static String privateKeyPass = "xmlsecurity";
static String certificateAlias = "test";
private MessageContext msgContext;
static {
org.apache.xml.security.Init.init();
}
public SignedSOAPEnvelope(MessageContext msgContext, SOAPEnvelope env, String \
baseURI, String keystoreFile) { this.msgContext = msgContext;
init(env, baseURI, keystoreFile);
}
public SignedSOAPEnvelope(SOAPEnvelope env, String baseURI) {
init(env, baseURI, keystoreFile);
}
private void init(SOAPEnvelope env, String baseURI, String keystoreFile) {
try {
System.out.println("Beginning Client signing...");
env.addMapping(new Mapping(SOAPSECNS, SOAPSECprefix));
env.addAttribute(Constants.URI_SOAP11_ENV, "actor", "some-uri");
env.addAttribute(Constants.URI_SOAP11_ENV, "mustUnderstand", "1");
//create a Signature element
SOAPHeaderElement header =
new SOAPHeaderElement(XMLUtils.StringToElement(SOAPSECNS,
"Signature",
""));
//add the SOAPHeaderElement to SOAPEnvelope
env.addHeader(header);
/get the Document
Document doc = getSOAPEnvelopeAsDocument(env, msgContext);
//keystoreType is invariably JKS
KeyStore ks = KeyStore.getInstance(keystoreType);
//get a handle on the keyStore file
FileInputStream fis = new FileInputStream(keystoreFile);
//makesure keyStore.pass corresponds to public key password
ks.load(fis, keystorePass.toCharArray());
//get the privateKey from keystore file
PrivateKey privateKey = (PrivateKey) ks.getKey(privateKeyAlias,
privateKeyPass.toCharArray());
//get the first Header element
Element soapHeaderElement = (Element) ((Element) \
doc.getFirstChild()).getElementsByTagNameNS("*", "Header").item(0); //get the \
SignatureElement
Element soapSignatureElement = (Element) \
soapHeaderElement.getElementsByTagNameNS("*", "Signature").item(0);
//Id attribute creation
Element body = \
(Element)doc.getElementsByTagNameNS("http://schemas.xmlsoap.org/soap/envelope/", \
"Body").item(0); //id will be 'Body'
body.setAttribute("Id", "Body");
//Signture will use DSA algorithm
XMLSignature sig = new XMLSignature(doc, baseURI,
XMLSignature.ALGO_ID_SIGNATURE_DSA);
//append XMLSignature's element to soapSignatureElement
soapSignatureElement.appendChild(sig.getElement());
//add a Body to XMLSignature
sig.addDocument("#Body");
//with the supplied alias get the X.509 cert
X509Certificate cert =
(X509Certificate) ks.getCertificate(certificateAlias);
//add the cert to XMLSignature
sig.addKeyInfo(cert);
//add the cert publicKey to XMLSignature
sig.addKeyInfo(cert.getPublicKey());
//sign XMLSignature with privateKey
sig.sign(privateKey);
//Canonicalise but keep the comments
Canonicalizer c14n = \
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS); //canonicalize \
the document and deliver back canonicalMessage byte[] canonicalMessage = \
c14n.canonicalizeSubtree(doc); //ingest the message into is InputStream
InputSource is = new InputSource(new \
java.io.ByteArrayInputStream(canonicalMessage)); DeserializationContext dser = null;
if (msgContext == null)
{
//create new AxisClient
AxisClient tmpEngine = new AxisClient(new NullProvider());
//create a MessageContext for new AxisClient
msgContext = new MessageContext(tmpEngine);
}
//desrialize msgContext into object dser
dser = new DeserializationContext(is, msgContext,
Message.REQUEST, this);
//parse it
dser.parse();
System.out.println("Client signing complete.");
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e.toString());
}
}
private Document getSOAPEnvelopeAsDocument(SOAPEnvelope env, MessageContext \
msgContext) throws Exception {
StringWriter writer = new StringWriter();
SerializationContext serializeContext = new SerializationContext(writer, \
msgContext); env.output(serializeContext);
writer.close();
Reader reader = new StringReader(writer.getBuffer().toString());
Document doc = XMLUtils.newDocument(new InputSource(reader));
if (doc == null)
throw new Exception(
Messages.getMessage("noDoc00", writer.getBuffer().toString()));
return doc;
}
}
/*
when the response is received by the client the responseMessage is assigned to msg
and the env is acquired by getSOAPEnvelope
you can then env.getAttribute("mustUnderstand");
*/
Options opts = new Options(args);
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(new java.net.URL(opts.getURL()));
SOAPEnvelope env = new SOAPEnvelope();
SOAPBodyElement sbe = new \
SOAPBodyElement(XMLUtils.StringToElement("http://localhost:8080/TestService", \
"testMethod", ""));
env.addBodyElement(sbe);
Envelope env = new SignedSOAPEnvelope(env, "http://xml-security");
//send to server
call.invoke(env);
//get the MessageContext coming back
org.apache.axis.MessageContext mc = call.getMessageContext();
System.out.println("\n============= Response ==============");
//get the responseMessage
Message msg = mc.getResponseMessage();
if (msg == null)
{
System.out.println("the Response is null from TestService \
operation=testMethod"); return;
}
SOAPEnvelope env = msg.getSOAPEnvelope();
String mustUnderstand= env.getAttribute("mustUnderstand");
...........
mustUnderstand attribute indicates the element MUST be processed
http://www.w3schools.com/soap/soap_header.asp
HTH
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, \
so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder \
Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch \
von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der \
leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt \
uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas \
le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez \
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est \
interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel \
effet légalement obligatoire. Étant donné que les email peuvent facilement être \
sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le \
contenu fourni.
From: mpettigrew@ewise.com
To: axis-user@ws.apache.org
Subject: Must Understand check failed for header \
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : \
Security
Date: Mon, 27 Jun 2011 14:57:44 -0600
Hello; Does anyone have a solution for this problem? It seems to be a long-standing \
issue. Must Understand check failed for header http://.........secext-1.0.xsd : \
Security It occurs in the client when receiving a response from a service. The \
“mustUnderstand” flag is set in the response. The client sends a UsernameToken which \
appears to be accepted by the server. The server sends back a response which \
includes a Security header and Timestamp – and the “mustUnderstand” flag. I am \
unclear how the client is supposed to process the response with the security header. \
I have tried writing a client-side handler for the Security header, but it never \
seems to engage. The examples I have found seem to be incomplete in crucial details. \
-Mike Pettigrew
[Attachment #3 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'><div dir='ltr'>
mustUnderstand attribute is added to SOAPEnvelope (element) before transmission \
e.g.<br> \
env.addAttribute(Constants.URI_SOAP11_ENV, "mustUnderstand", "1");<br><br>here is the \
entire file:<br>/*<br> * The Apache Software License, Version 1.1<br> * \
Copyright (c) 2001-2003 The Apache Software Foundation. All rights<br> * \
reserved.<br> *<br> * Redistribution and use in source and binary forms, \
with or without<br> * modification, are permitted provided that the following \
conditions<br> * are met:<br> *<br> * 1. Redistributions of source \
code must retain the above copyright<br> * notice, this list \
of conditions and the following disclaimer.<br> *<br> * 2. Redistributions \
in binary form must reproduce the above copyright<br> * \
notice, this list of conditions and the following disclaimer \
in<br> * the documentation and/or other materials provided \
with the<br> * distribution.<br> *<br> * 3. The \
end-user documentation included with the redistribution,<br> * \
if any, must include the following \
acknowledgment:<br> * "This product includes \
software developed by the<br> * Apache \
Software Foundation (http://www.apache.org/)."<br> * \
Alternately, this acknowledgment may appear in the software \
itself,<br> * if and wherever such third-party acknowledgments \
normally appear.<br> *<br> * 4. The names "Axis" and "Apache Software \
Foundation" must<br> * not be used to endorse or promote \
products derived from this<br> * software without prior \
written permission. For written<br> * permission, please \
contact apache@apache.org.<br> *<br> * 5. Products derived from this \
software may not be called "Apache",<br> * nor may "Apache" \
appear in their name, without prior written<br> * permission \
of the Apache Software Foundation.<br> *<br> * THIS SOFTWARE IS PROVIDED \
``AS IS'' AND ANY EXPRESSED OR IMPLIED<br> * WARRANTIES, INCLUDING, BUT NOT \
LIMITED TO, THE IMPLIED WARRANTIES<br> * OF MERCHANTABILITY AND FITNESS FOR A \
PARTICULAR PURPOSE ARE<br> * DISCLAIMED. IN NO EVENT SHALL THE APACHE \
SOFTWARE FOUNDATION OR<br> * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, \
INDIRECT, INCIDENTAL,<br> * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES \
(INCLUDING, BUT NOT<br> * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR \
SERVICES; LOSS OF<br> * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER \
CAUSED AND<br> * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT \
LIABILITY,<br> * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY \
OUT<br> * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY \
OF<br> * SUCH DAMAGE.<br> * \
====================================================================<br> *<br> * \
This software consists of voluntary contributions made by many<br> * individuals \
on behalf of the Apache Software Foundation. For more<br> * information on \
the Apache Software Foundation, please see<br> * \
<http://www.apache.org/>.<br> */<br><br>package \
samples.security;<br><br>import org.apache.axis.Constants;<br>import \
org.apache.axis.Message;<br>import org.apache.axis.MessageContext;<br>import \
org.apache.axis.client.AxisClient;<br>import \
org.apache.axis.configuration.NullProvider;<br>import \
org.apache.axis.encoding.SerializationContext;<br>import \
org.apache.axis.encoding.SerializationContext;<br>import \
org.apache.axis.encoding.DeserializationContext;<br>import \
org.apache.axis.message.SOAPEnvelope;<br>import \
org.apache.axis.message.SOAPHeaderElement;<br>import \
org.apache.axis.utils.Mapping;<br>import org.apache.axis.utils.Messages;<br>import \
org.apache.axis.utils.XMLUtils;<br>import \
org.apache.xml.security.c14n.Canonicalizer;<br>import \
org.apache.xml.security.signature.XMLSignature;<br>import \
org.w3c.dom.Document;<br>import org.w3c.dom.Element;<br>import \
org.xml.sax.InputSource;<br><br>import java.io.FileInputStream;<br>import \
java.io.Reader;<br>import java.io.StringReader;<br>import \
java.io.StringWriter;<br>import java.security.KeyStore;<br>import \
java.security.PrivateKey;<br>import \
java.security.cert.X509Certificate;<br><br><br>public class SignedSOAPEnvelope \
extends SOAPEnvelope {<br> static String SOAPSECNS = \
"http://schemas.xmlsoap.org/soap/security/2000-12";<br> static \
String SOAPSECprefix = "SOAP-SEC";<br><br> static String \
keystoreType = "JKS";<br> static String keystoreFile = \
"keystore.jks";<br> static String keystorePass = \
"xmlsecurity";<br> static String privateKeyAlias = \
"test";<br> static String privateKeyPass = \
"xmlsecurity";<br> static String certificateAlias = \
"test";<br> private MessageContext \
msgContext;<br><br> static \
{<br> \
org.apache.xml.security.Init.init();<br> \
}<br><br> public SignedSOAPEnvelope(MessageContext msgContext, \
SOAPEnvelope env, String baseURI, String keystoreFile) \
{<br> this.msgContext = \
msgContext;<br> init(env, baseURI, \
keystoreFile);<br> }<br><br> public \
SignedSOAPEnvelope(SOAPEnvelope env, String baseURI) \
{<br> init(env, baseURI, \
keystoreFile);<br> }<br><br> private void \
init(SOAPEnvelope env, String baseURI, String keystoreFile) \
{<br> try \
{<br> \
System.out.println("Beginning Client \
signing...");<br> \
env.addMapping(new Mapping(SOAPSECNS, \
SOAPSECprefix));<br> \
env.addAttribute(Constants.URI_SOAP11_ENV, "actor", \
"some-uri");<br> \
env.addAttribute(Constants.URI_SOAP11_ENV, "mustUnderstand", "1");<br><br>//create a \
Signature element<br> \
SOAPHeaderElement header = \
<br> \
new SOAPHeaderElement(XMLUtils.StringToElement(SOAPSECNS,<br> & \
nbsp; &nb \
sp;   \
; & \
nbsp; \
"Signature",<br> &nbs \
p; \
&n \
bsp; \
""));<br>//add the SOAPHeaderElement to \
SOAPEnvelope<br> \
env.addHeader(header);<br><br>/get the \
Document<br> \
Document doc = getSOAPEnvelopeAsDocument(env, msgContext);<br><br>//keystoreType is \
invariably JKS<br> \
KeyStore ks = KeyStore.getInstance(keystoreType);<br>//get a handle on the keyStore \
file<br> \
FileInputStream fis = new FileInputStream(keystoreFile);<br>//makesure keyStore.pass \
corresponds to public key \
password<br> \
ks.load(fis, keystorePass.toCharArray());<br>//get the privateKey from keystore \
file<br> PrivateKey \
privateKey = (PrivateKey) \
ks.getKey(privateKeyAlias,<br> \
privateKeyPass.toCharArray());<br>//get the first Header \
element<br> Element \
soapHeaderElement = (Element) ((Element) \
doc.getFirstChild()).getElementsByTagNameNS("*", "Header").item(0);<br>//get the \
SignatureElement <br> \
Element soapSignatureElement = (Element) \
soapHeaderElement.getElementsByTagNameNS("*", "Signature").item(0);<br><br>//Id \
attribute creation<br> \
Element body = (Element)doc.getElementsByTagNameNS("http://schemas.xmlsoap.org/soap/envelope/", \
"Body").item(0);<br>//id will be \
'Body'<br> \
body.setAttribute("Id", "Body");<br><br>//Signture will use DSA \
algorithm<br> \
XMLSignature sig = new XMLSignature(doc, \
baseURI,<br> \
XMLSignature.ALGO_ID_SIGNATURE_DSA);<br><br>//append XMLSignature's element to \
soapSignatureElement<br> \
soapSignatureElement.appendChild(sig.getElement());<br>//add a Body to \
XMLSignature<br> \
sig.addDocument("#Body");<br><br>//with the supplied alias get the X.509 \
cert<br> \
X509Certificate cert \
=<br> \
(X509Certificate) ks.getCertificate(certificateAlias);<br><br>//add the cert to \
XMLSignature<br> \
sig.addKeyInfo(cert);<br>//add the cert publicKey to \
XMLSignature<br> \
sig.addKeyInfo(cert.getPublicKey());<br>//sign XMLSignature with \
privateKey<br> \
sig.sign(privateKey);<br><br>//Canonicalise but keep the \
comments<br> \
Canonicalizer c14n = \
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);<br>//canonicalize \
the document and deliver back \
canonicalMessage<br> \
byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);<br>//ingest the message into \
is InputStream<br> \
InputSource is = new InputSource(new \
java.io.ByteArrayInputStream(canonicalMessage));<br> \
DeserializationContext dser = \
null;<br> if \
(msgContext == null) \
<br> {<br>//create \
new AxisClient<br> \
AxisClient tmpEngine = new AxisClient(new NullProvider());<br>//create a \
MessageContext for new \
AxisClient<br> \
msgContext = new MessageContext(tmpEngine);<br> \
}<br>//desrialize msgContext into object \
dser<br> dser = new \
DeserializationContext(is, \
msgContext,<br> \
Message.REQUEST, this);<br>//parse \
it<br> \
dser.parse();<br> \
System.out.println("Client signing \
complete.");<br> } catch (Exception e) \
{<br> \
e.printStackTrace();<br> \
throw new RuntimeException(e.toString());<br> \
}<br> }<br><br> private Document \
getSOAPEnvelopeAsDocument(SOAPEnvelope env, MessageContext \
msgContext)<br> \
throws Exception {<br> StringWriter writer \
= new StringWriter();<br> \
SerializationContext serializeContext = new SerializationContext(writer, \
msgContext);<br> \
env.output(serializeContext);<br> \
writer.close();<br><br> Reader reader = new \
StringReader(writer.getBuffer().toString());<br> \
Document doc = XMLUtils.newDocument(new \
InputSource(reader));<br> if (doc == \
null)<br> throw new \
Exception(<br> \
Messages.getMessage("noDoc00", \
writer.getBuffer().toString()));<br> return \
doc;<br> }<br>}<br>/*<br>when the response is received by the \
client the responseMessage is assigned to msg<br>and the env is acquired by \
getSOAPEnvelope<br>you can then \
env.getAttribute("mustUnderstand");<br>*/<br> <br> \
Options opts = new Options(args);<br> \
<meta http-equiv="Content-Type" content="text/html; charset=unicode">
<meta name="Generator" content="Microsoft SafeHTML"><style>
.ExternalClass p.ecxMsoNormal, .ExternalClass li.ecxMsoNormal, .ExternalClass \
div.ecxMsoNormal {margin-bottom:.0001pt;font-size:11.0pt;font-family:'Calibri','sans-serif';}
.ExternalClass a:link, .ExternalClass span.ecxMsoHyperlink
{color:blue;text-decoration:underline;}
.ExternalClass a:visited, .ExternalClass span.ecxMsoHyperlinkFollowed
{color:purple;text-decoration:underline;}
.ExternalClass span.ecxEmailStyle17
{font-family:'Calibri','sans-serif';color:windowtext;}
.ExternalClass .ecxMsoChpDefault
{font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;}
.ExternalClass div.ecxWordSection1
{page:WordSection1;}
</style><div class="ecxWordSection1"><p class="ecxMsoNormal">Hello;</p><p \
class="ecxMsoNormal"> </p><p class="ecxMsoNormal">Does anyone have a solution \
for this problem? It seems to be a long-standing issue.</p><p \
class="ecxMsoNormal"> </p><p class="ecxMsoNormal"><span style="font-size: 10pt; \
font-family: 'Courier New'; color: red;">Must Understand check failed for header <a \
href="http://.........secext-1.0.xsd" \
target="_blank">http://.........secext-1.0.xsd</a> : Security</span></p><p \
class="ecxMsoNormal"> </p><p class="ecxMsoNormal">It occurs in the client when \
receiving a response from a service. The “mustUnderstand” flag is set <b><u>in \
the response</u></b>.</p><p class="ecxMsoNormal"> </p><p \
class="ecxMsoNormal">The client sends a UsernameToken which appears to be accepted by \
the server. The server sends back a response which includes a Security header \
and Timestamp – and the “mustUnderstand” flag.</p><p \
class="ecxMsoNormal"> </p><p class="ecxMsoNormal">I am unclear how the client is \
supposed to process the response with the security header. I have tried writing \
a client-side handler for the Security header, but it never seems to engage. \
The examples I have found seem to be incomplete in crucial details.</p><p \
class="ecxMsoNormal"> </p><p class="ecxMsoNormal"><span style="font-size: \
10pt;"> </span></p><p class="ecxMsoNormal"><span style="font-size: 10pt; \
font-family: 'Arial','sans-serif';" lang="EN-GB">-Mike Pettigrew</span></p><p \
class="ecxMsoNormal"><span style="font-size: 12pt;"> </span></p></div></div> \
</div></body> </html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic