So there are two problems:

1.       The SOAPMonitor has a bug. For some reason the response frame (outgoing messages) does not show the headers (the request frame does).

MG>i use SOAPUI

http://www.soapui.org/


2.       The SOAP message being generated by Rampart is not adding the ĎmustUnderstandí attribute to the addressing headers (though it IS being added to the security header)

MG>run this test from org.apache.axis2.handlers.addressing.AddressingOutHandlerTest

    @Test
    public void testMustUnderstandSupport() throws Exception
    {
        org.apache.axis2.context.ConfigurationContext cfgCtx=org.apache.axis2.context.ConfigurationContextFactory.createEmptyConfigurationContext();
        System.out.println("AddressingOutHandlerTest::testMustUnderstandSupport cfgCtx="+cfgCtx);
        msgCtxt = cfgCtx.createMessageContext();
        msgCtxt.setProperty(org.apache.axis2.addressing.AddressingConstants.ADD_MUST_UNDERSTAND_TO_ADDRESSING_HEADERS, //"addMustUnderstandToAddressingHeaders";
                           Boolean.TRUE);
        System.out.println("AddressingOutHanderTest::testMustUnderstandSupport msgCtx="+msgCtxt);
//msgContext applies to both <wsa:From and <wsa:To and <wsa:MessageID nodes so expect soapenv:mustUnderstand="1" in all these cases

        org.apache.axis2.addressing.EndpointReference epr = new org.apache.axis2.addressing.EndpointReference("http://www.from.org/service/");
        System.out.println("AddressingOutHandlerTest::testMustUnderstandSupport epr="+epr);

//notice the absence of URL in QName assigment which will cause no namespace qualification
        epr.addReferenceParameter(new javax.xml.namespace.QName("Reference2"),"Value 200");
        msgCtxt.setFrom(epr);
         //at this point <wsa:From node will have EPR address and Reference2

        epr = new org.apache.axis2.addressing.EndpointReference("http://www.to.org/service/");
        System.out.println("AddressingOutHandlerTest::testMustUnderstandSupport epr="+epr);
        epr.addReferenceParameter(
                new  javax.xml.namespace.QName("http://reference.org", "Reference4", "myRef"),
                "Value 400");
 //notice the inclusion of a new URL into the QName this will differentiate itself from being included in the <wsa:To and included as a 'separate'param
        epr.addReferenceParameter(
                new javax.xml.namespace.QName("http://reference.org", "Reference3", "myRef"),
                "Value 300");
        System.out.println("AddressingOutHandlerTest::testMustUnderstandSupport about to MsgCtxtx.setTo(epr) where epr="+epr);
        msgCtxt.setTo(epr);
        msgCtxt.setProperty(WS_ADDRESSING_VERSION,             //WSAddressingVersion
                            Submission.WSA_NAMESPACE);         //"http://www.w3.org/2005/08/addressing"

        epr = new org.apache.axis2.addressing.EndpointReference("http://www.replyTo.org/service/");
        System.out.println("AddressingOutHandlerTest::testMustUnderstandSupport epr="+epr);
        msgCtxt.setReplyTo(epr);

        msgCtxt.setMessageID("123456-7890");
        msgCtxt.setWSAAction("http://www.actions.org/action");

        org.apache.axis2.addressing.RelatesTo relatesTo = new org.apache.axis2.addressing.RelatesTo(
                "http://www.relatesTo.org/service/", "TestRelation");
        msgCtxt.addRelatesTo(relatesTo);

        msgCtxt.setEnvelope(OMAbstractFactory.getSOAP11Factory().getDefaultEnvelope());
        System.out.println("AddressingOutHandlerTest::testMustUnderstandSupport outHandler.invoke(msgCtxt) where outHandler="+outHandler);
        outHandler.invoke(msgCtxt);

        XMLUnit.setIgnoreWhitespace(true);
        System.out.println("AddressingOutHandlerTest::testMustUnderstandSupport msgCtxt.getEnvelope().toString()="+msgCtxt.getEnvelope().toString());
        assertXMLEqual(msgCtxt.getEnvelope().toString(),
                TestUtil.getOMBuilder("mustUnderstandTest.xml")
                        .getDocumentElement().toString());
    }

MG>

 this is the output you *should* get with the mustUnderstand attribute


AddressingOutHandlerTest::setUp outHandler=DefaultHandler
AddressingOutHandlerTest::testAddToSOAPHeader epr=Address: http://www.to.org/service/
AddressingOutHandlerTest::setUp outHandler=DefaultHandler
AddressingOutHandlerTest::testAddToSOAPHeader cfgCtx=org.apache.axis2.context.ConfigurationContext@1ee29820
AddressingOutHandlerTest::setUp outHandler=DefaultHandler
AddressingOutHandlerTest::testMustUnderstandSupport cfgCtx=org.apache.axis2.context.ConfigurationContext@70e35d5
AddressingOutHanderTest::testMustUnderstandSupport msgCtx=[MessageContext: logID=6a6951b0cd4e2d6123890cb57bb150383474dbf0511a4018]
AddressingOutHandlerTest::testMustUnderstandSupport epr=Address: http://www.from.org/service/
AddressingOutHandlerTest::testMustUnderstandSupport epr=Address: http://www.to.org/service/
AddressingOutHandlerTest::testMustUnderstandSupport about to MsgCtxtx.setTo(epr) where epr=Address: http://www.to.org/service/, Reference Parameters: {{http://reference.org}Reference3=<myRef:Reference3 xmlns:myRef="http://reference.org">Value 300</myRef:Reference3>, {http://reference.org}Reference4=<myRef:Reference4 xmlns:myRef="http://reference.org">Value 400</myRef:Reference4>}
AddressingOutHandlerTest::testMustUnderstandSupport epr=Address: http://www.replyTo.org/service/
AddressingOutHandlerTest::testMustUnderstandSupport outHandler.invoke(msgCtxt) where outHandler=DefaultHandler
AddressingOutHandlerTest::testMustUnderstandSupport msgCtxt.getEnvelope().toString()=
<?xml version='1.0' encoding='utf-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
        <myRef:Reference3 xmlns:myRef="http://reference.org">Value 300</myRef:Reference3>
        <myRef:Reference4 xmlns:myRef="http://reference.org">Value 400</myRef:Reference4>
        <wsa:To soapenv:mustUnderstand="1">http://www.to.org/service/</wsa:To>
        <wsa:ReplyTo soapenv:mustUnderstand="1">
            <wsa:Address>http://www.replyTo.org/service/</wsa:Address>
        </wsa:ReplyTo>
        <wsa:From soapenv:mustUnderstand="1">
            <wsa:Address>http://www.from.org/service/</wsa:Address>
            <wsa:ReferenceParameters>
                <Reference2>Value 200</Reference2>
            </wsa:ReferenceParameters>
        </wsa:From>
        <wsa:MessageID soapenv:mustUnderstand="1">123456-7890</wsa:MessageID>
        <wsa:Action soapenv:mustUnderstand="1">http://www.actions.org/action</wsa:Action>
        <wsa:RelatesTo RelationshipType="TestRelation" soapenv:mustUnderstand="1">http://www.relatesTo.org/service/</wsa:RelatesTo>
    </soapenv:Header><soapenv:Body />
</soapenv:Envelope>

 

MG>

 

From: Brian Reinhold [mailto:brianreinhold@lampreynetworks.com]
Sent: Saturday, September 29, 2012 2:21 PM
To: java-dev@axis.apache.org
Subject: RE: No headers in response

 

Believe it or not it may be fine. Itís the SOAP monitor not showing the headers on the response side. It shows them on the send side, but not the response. Since I am on a local host I canít use wireshark which would have solved the issue. This I need to do because my client in one case is giving an error about the header but in the other case it isnít (I see the headers returned). But the SOAP monitor shows no headers in either case on the response. ARRG!

 

From: Brian Reinhold [mailto:brianreinhold@lampreynetworks.com]
Sent: Saturday, September 29, 2012 10:26 AM
To: java-dev@axis.apache.org
Subject: RE: No headers in response

 

I added those lines of code to the xml and it had no effect. I think the only way I am going to be able to address this is to step through the axis routines and see where the header (both addressing and security) created by rampart is stripped. I am using Eclipse, and to do this requires the remote debugging option. I could parse through source if I had a jar with source (I could make one of those if I could get mvn eclipse:eclipse Ėfn to work).

In the meantime I do have a 1.5.1 based distribution that IS working; the headers ARE being received. Canít find the differences yet in the services and axis2 xml configuration files.

 

From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Saturday, September 29, 2012 8:13 AM
To: java-dev@axis.apache.org
Subject: RE: No headers in response

 

if header suppresssion is specific to addressing then this is what is gating you (excerpted from axis2.xml)
    <module ref="addressing"/>   

    <!--Configuring module , providing parameters for modules whether they refer or not-->
    <moduleConfig name="addressing">
        <parameter name="disableAddressingForInMessages">true</parameter>
        <parameter name="disableAddressingForOutMessages">true</parameter>
    </moduleConfig>

AddressingInHandler.java::shouldInvoke
 //Determine if we want to ignore addressing headers. This parameter must
        //be retrieved from the message context because it's value can vary
  //DISABLE_ADDRESSING_FOR_IN_MESSAGES="disableAddressingForInMessages";
        Parameter disableParam = msgContext.getParameter(DISABLE_ADDRESSING_FOR_IN_MESSAGES);  
        String value = Utils.getParameterValue(disableParam);
        if (JavaUtils.isTrueExplicitly(value)) {
            if (LoggingControl.debugLoggingAllowed && log.isDebugEnabled()) {
                log.debug(
                        "The AddressingInHandler has been disabled. No further processing will take place.");
            }
            return false;        
        }

        // if there are no headers put a flag to disable addressing temporary
        SOAPHeader header = msgContext.getEnvelope().getHeader();
        return header != null;

//BUT if the addressing parameters ARE coming into the service and not being send out in the response this is what you're up against

AddressingOutHandler::shouldInvoke
   public boolean shouldInvoke(MessageContext msgContext) throws AxisFault {
        Parameter param = null;
        boolean disableAddressing = false;
        //DISABLE_ADDRESSING_FOR_OUT_MESSAGES = "disableAddressingForOutMessages";
        Object o = msgContext.getProperty(DISABLE_ADDRESSING_FOR_OUT_MESSAGES);
        if (o == null || !(o instanceof Boolean)) {
            //determine whether outbound addressing has been disabled or not.
            // Get default value from module.xml or axis2.xml files
            param = msgContext.getModuleParameter(DISABLE_ADDRESSING_FOR_OUT_MESSAGES, MODULE_NAME, handlerDesc);
            disableAddressing =
                msgContext.isPropertyTrue(DISABLE_ADDRESSING_FOR_OUT_MESSAGES,
                    JavaUtils.isTrueExplicitly(Utils.getParameterValue(param)));
        } else {
            disableAddressing = (Boolean) o;
        }

        if (disableAddressing) {
            if (LoggingControl.debugLoggingAllowed && log.isTraceEnabled()) {
                log.trace(msgContext.getLogIDString() +
                        " Addressing is disabled. Not adding WS-Addressing headers.");
            }
            return false;
        }

make sure both parameters are set to false
  <!--Configuring module , providing parameters for modules whether they refer or not-->
    <moduleConfig name="addressing">
        <parameter name="disableAddressingForInMessages">false</parameter>
        <parameter name="disableAddressingForOutMessages">false</parameter>
    </moduleConfig>

Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de d?ni et de confidentialit?


Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut ?tre privil?gi?. Si vous n'?tes pas le destinataire pr?vu, nous te demandons avec bont? que pour satisfaire informez l'exp?diteur. N'importe quelle diffusion non autoris?e ou la copie de ceci est interdite. Ce message sert ? l'information seulement et n'aura pas n'importe quel effet l?galement obligatoire. ?tant donn? que les email peuvent facilement ?tre sujets ? la manipulation, nous ne pouvons accepter aucune responsabilit? pour le contenu fourni.

 


From: brianreinhold@lampreynetworks.com
To: java-dev@axis.apache.org
Subject: RE: No headers in response
Date: Sat, 29 Sep 2012 06:41:44 -0400

Oh, sorry!

 

The entire header. So in the SOAPMonitor and the clientís response all one receives is

 

<?xml version='1.0' encoding='utf-8'?>

<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">

    <soapenv:Body>

    <pcd:CommunicatePCDDataResponse xmlns:pcd="urn:ihe:pcd:dec:2010">MSH|^~\&amp;|LNI^0b0e0e0f0d0e0a0d^EUI-64||||20120928184929.279-0500||ACK^R01^ACK|00320120928184924226|P|2.6|||NE|AL|||||IHE PCD ORU-R012006^HL7^2.16.840.1.113883.9.n.m^HL7&#xd;MSA|AA|00320120928184924226&#xd;

    </pcd:CommunicatePCDDataResponse>

  </soapenv:Body>

</soapenv:Envelope>

 

But I am glad to know that it is there. There are so many possible settings in the xmls that I donít understand it could be something very innocent.

Having or removing this text from the axis2.xml makes no difference on the behavior (the addressing module IS present):

 

    <!--Configuring module , providing parameters for modules whether they refer or not-->

    <moduleConfig name="addressing">

        <parameter name="includeOptionalHeaders">true</parameter>

                                <parameter name="required">true</parameter>

    </moduleConfig>

 

In the service xml I donít understand the Ďscopeí parameter in the service declaration:

 

service name="DeviceObservationConsumerSecure" scope="application" class="com.lnihealth.wan.receiver.binding.axis2.Axis2WanReceiver"

 

The policy is in the service xml.

 

But according to the axis2 documentation nothing I do in the service.xml affects the addressing; this can only be controlled at the global level in the axis2.xml.

 

Brian

 

From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Saturday, September 29, 2012 6:22 AM
To: java-dev@axis.apache.org
Subject: RE: No headers in response

 

can you be specific on which specific header is being stripped

thanks,
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de d?ni et de confidentialit?


Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut ?tre privil?gi?. Si vous n'?tes pas le destinataire pr?vu, nous te demandons avec bont? que pour satisfaire informez l'exp?diteur. N'importe quelle diffusion non autoris?e ou la copie de ceci est interdite. Ce message sert ? l'information seulement et n'aura pas n'importe quel effet l?galement obligatoire. ?tant donn? que les email peuvent facilement ?tre sujets ? la manipulation, nous ne pouvons accepter aucune responsabilit? pour le contenu fourni.

 


From: brianreinhold@lampreynetworks.com
To: java-dev@axis.apache.org
Subject: RE: No headers in response
Date: Fri, 28 Sep 2012 19:32:22 -0400

Martin,

 

I was able to trace into the Rampart code during the building of the response and the response is built correctly.

In the build() method of the org.apache.rampart.MessageBuilder  it looks as follows:

 

<?xml version='1.0' encoding='utf-8'?>

<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">

  <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">

    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

                xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="true">

                  <wsu:Timestamp wsu:Id="TS-9">         

                    <wsu:Created>2012-09-28T23:00:17.294Z</wsu:Created>       

                    <wsu:Expires>2012-09-28T23:05:17.294Z</wsu:Expires>

                  </wsu:Timestamp>

    </wsse:Security>

    <wsa:To>http://www.w3.org/2005/08/addressing/anonymous</wsa:To>

    <wsa:ReplyTo>

      <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>

    </wsa:ReplyTo>

    <wsa:MessageID>urn:uuid:700b9fba-531a-4e21-a815-1449a5477239</wsa:MessageID>

    <wsa:Action>urn:ihe:pcd:2010:CommunicatePCDDataResponse</wsa:Action>

    <wsa:RelatesTo RelationshipType="http://www.w3.org/2005/08/addressing/reply">urn:uuid:5deab184-febf-42b0-9a14-b710318aea66</wsa:RelatesTo>

  </soapenv:Header>

  <soapenv:Body>

    <pcd:CommunicatePCDDataResponse xmlns:pcd="urn:ihe:pcd:dec:2010">MSH|^~\&amp;|LNI^0b0e0e0f0d0e0a0d^EUI-64||||20120928184929.279-0500||ACK^R01^ACK|00320120928184924226|P|2.6|||NE|AL|||||IHE PCD ORU-R012006^HL7^2.16.840.1.113883.9.n.m^HL7&#xd;MSA|AA|00320120928184924226&#xd;

    </pcd:CommunicatePCDDataResponse>

  </soapenv:Body>

</soapenv:Envelope>

 

The correct headers for BOTH addressing and security are present.

 

However, I have still been unable to get the Axis2 maven to work correctly and cannot step into the Axis2 routines which follow. So something happens in Axis2 that strips away that header. Any idea what might allow the header to be removed?

 

Brian

 

From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Friday, September 28, 2012 5:28 PM
To: java-dev@axis.apache.org; users@maven.apache.org
Subject: RE: No headers in response

 

Yes..I always hardcoded those values in the descriptor...but the maven-mar-plugin should reconfigure axis2.xml to include  <module ref="addressing"/>
and any associated module specific parameters

cross posting to maven-users

feel free to go ahead and post your question
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de d?ni et de confidentialit?


Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut ?tre privil?gi?. Si vous n'?tes pas le destinataire pr?vu, nous te demandons avec bont? que pour satisfaire informez l'exp?diteur. N'importe quelle diffusion non autoris?e ou la copie de ceci est interdite. Ce message sert ? l'information seulement et n'aura pas n'importe quel effet l?galement obligatoire. ?tant donn? que les email peuvent facilement ?tre sujets ? la manipulation, nous ne pouvons accepter aucune responsabilit? pour le contenu fourni.

 


From: brianreinhold@lampreynetworks.com
To: java-dev@axis.apache.org
Subject: RE: No headers in response
Date: Fri, 28 Sep 2012 14:40:14 -0400

Martin,

 

Iíll take a look at the Rampart checks but I am also having a problem with no ws-addressing in the response and thatís in Axis2 which I canít get loaded because of maven problems. I do see success in the older versions (1.5.1).

 

Brian

 

From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Friday, September 28, 2012 10:30 AM
To: java-dev@axis.apache.org
Subject: RE: No headers in response

 

these are the (secure) headers that are supported by xmlsoap securitypolicy
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy

if you dont see the secure header defined in this xsd then Rampart (or any other securitypolicy implementor) does'nt implement it
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de d?ni et de confidentialit?


Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut ?tre privil?gi?. Si vous n'?tes pas le destinataire pr?vu, nous te demandons avec bont? que pour satisfaire informez l'exp?diteur. N'importe quelle diffusion non autoris?e ou la copie de ceci est interdite. Ce message sert ? l'information seulement et n'aura pas n'importe quel effet l?galement obligatoire. ?tant donn? que les email peuvent facilement ?tre sujets ? la manipulation, nous ne pouvons accepter aucune responsabilit? pour le contenu fourni.

 


From: brianreinhold@lampreynetworks.com
To: java-dev@axis.apache.org
Subject: RE: No headers in response
Date: Fri, 28 Sep 2012 04:42:48 -0400

Martin,

 

This looks like client side testing. I have no problem on the client. Itís my service whose response has no headers. The client is much easier to deal with as one tends to use code and for that there is great help from Eclipse and javadoc. The service, on the other hand, one usually has to use xml to control all behaviors and that is very difficult (difficult in the sense one has no idea what, for example, the possible parameters, elements, attributes, etc. are and what they doÖand no help from Eclipse like there is with code).

 

Brian

 

From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Thursday, September 27, 2012 10:59 PM
To: java-dev@axis.apache.org
Subject: RE: No headers in response

 

try it like this
         MessageContext ctx = getMsgCtx12();

//none of these tests contain mustUnderstand attribute so we will need to reconstruct our mustUnderstand later on
        String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
        Policy policy = loadPolicy(policyXml);

        ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);

        MessageBuilder builder = new MessageBuilder();
        builder.build(ctx);

        // Building the SOAP envelope from the OMElement
        buildSOAPEnvelope(ctx);

        RampartEngine engine = new RampartEngine();
        List<org.apache.ws.security.WSSecurityEngineResult> results = engine.process(ctx);

MG>notice that inside org.apache.rampart.MessageBuilder we have RampartMessageData build() method *which has access to the security Headers*

  public void build(MessageContext msgCtx) throws WSSPolicyException,
            RampartException, WSSecurityException, AxisFault {
        Axis2Util.useDOOM(true);
        RampartMessageData rmd = new RampartMessageData(msgCtx, true);
       
       
        RampartPolicyData rpd = rmd.getPolicyData();
        if(rpd == null || isSecurityValidationFault(msgCtx) ||
                !RampartUtil.isSecHeaderRequired(rpd, rmd.isInitiator(),false)) {
           
            Document doc = rmd.getDocument();
            WSSecHeader secHeader = rmd.getSecHeader();
MG>start mods...         check here to make sure mustUnderstand is turned  on
           if(secHeader!=null) && (secHeader.getMustUnderstand()==true)
           {
MG>normal
           }
           else
{
MG>remove the bad one ,reconstruct WSSecHeader and add to RampartMessageData
            if ( secHeader != null ) {
                secHeader.removeSecurityHeader(doc);
            }
           secHeader = new WSSecHeader("actor",true);
           rmd.setSecHeader(secHeader);   
      }
MG>end mods MG

            return;
        }
       
        //Copy the RECV_RESULTS if available
        if(!rmd.isInitiator()) {
            OperationContext opCtx = msgCtx.getOperationContext();
            MessageContext inMsgCtx;
            if(opCtx != null &&
                    (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
                msgCtx.setProperty(WSHandlerConstants.RECV_RESULTS,
                        inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
            }
        }
       
       
        String isCancelreq = (String)msgCtx.getProperty(RampartMessageData.CANCEL_REQUEST);
        if(isCancelreq != null && Constants.VALUE_TRUE.equals(isCancelreq)) {
            try {
               
                String cancelAction = TrustUtil.getWSTNamespace(rmd.getWstVersion()) + RahasConstants.RST_ACTION_CANCEL_SCT;
                //Set action
                msgCtx.getOptions().setAction(cancelAction);
               
                //Change the wsa:Action header
                String wsaNs = Final.WSA_NAMESPACE;
                Object addressingVersionFromCurrentMsgCtxt = msgCtx.getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
                if (Submission.WSA_NAMESPACE.equals(addressingVersionFromCurrentMsgCtxt)) {
                    wsaNs = Submission.WSA_NAMESPACE;
                }
                OMElement header = msgCtx.getEnvelope().getHeader();
                if(header != null) {
                    OMElement actionElem = header.getFirstChildWithName(new QName(wsaNs, AddressingConstants.WSA_ACTION));
                    if(actionElem != null) {
                        actionElem.setText(cancelAction);
                    }
                }
               
                //set payload to a cancel request
                String ctxIdKey = RampartUtil.getContextIdentifierKey(msgCtx);
                String tokenId = (String)RampartUtil.getContextMap(msgCtx).get(ctxIdKey);
               
                if(tokenId != null && RampartUtil.isTokenValid(rmd, tokenId)) {
                    OMElement bodyElem = msgCtx.getEnvelope().getBody();
                    OMElement child = bodyElem.getFirstElement();
                    SecurityContextToken sct = new SecurityContextToken(
                            (Element) rmd.getTokenStorage().getToken(tokenId)
                                    .getToken());
                    OMElement newChild = TrustUtil.createCancelRequest(sct
                            .getIdentifier(), rmd.getWstVersion());
                    Element newDomChild = XMLUtils.toDOM(newChild);
                    Node importedNode = rmd.getDocument().importNode((Element) newDomChild, true);
                    ((Element) bodyElem).replaceChild(importedNode, (Element) child);
                } else {
                    throw new RampartException("tokenToBeCancelledInvalid");
                }
               
            } catch (Exception e) {
                e.printStackTrace();
                throw new RampartException("errorInTokenCancellation");
            }
        }
       
       if(rpd.isTransportBinding()) {
           log.debug("Building transport binding");
           TransportBindingBuilder building = new TransportBindingBuilder();
           building.build(rmd);
        } else if(rpd.isSymmetricBinding()) {
           log.debug("Building SymmetricBinding");
           SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
           builder.build(rmd);
        } else {
            AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
            builder.build(rmd);
        }
      
       //TODO remove following check, we don't need this check here as we do a check to see whether
       // security header required
      
       Document doc = rmd.getDocument();
       WSSecHeader secHeader = rmd.getSecHeader();
      
       if ( secHeader != null && secHeader.isEmpty(doc) ) {
           secHeader.removeSecurityHeader(doc);
       }
        got

       /*
        * Checking whether MTOMSerializable is there. If so set optimizeElement.
        * */
        if(rpd.isMTOMSerialize()){
            msgCtx.setProperty(Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
            OptimizePartsConfig config= rpd.getOptimizePartsConfig();
            if(config != null){
                MessageOptimizer.optimize(msgCtx.getEnvelope(), config.getExpressions(), config.getNamespaces());
            }
        }
    }
//end RampartMessageData build method

// download wss4j and and make mod to low access to mustunderstand
// http://ws.apache.org/wss4j/source-repository.html
public class WSSecHeader {
    private String actor = null;

    private boolean mustunderstand = true;
//accessor that werner forgot
    public boolean getMustUnderstand() { return this.mustunderstand; }
...
}
compile and package with maven pom.xml

Martin Gainty
______________________________________________
Jogi ?s Bizalmass?gi kinyilatkoztat?s/Verzicht und Vertraulichkeitanmerkung/Note de d?ni et de confidentialit?

 

Ez az ?zenet bizalmas.  Ha nem ?n az akinek sz?nva volt, akkor k?rj?k, hogy jelentse azt nek?nk vissza. Semmif?le tov?bb?t?sa vagy m?solat?nak k?sz?t?se nem megengedett.  Ez az ?zenet csak ismeret cser?t szolg?l ?s semmif?le jogi alkalmazhat?s?ga sincs.  Mivel az electronikus ?zenetek k?nnyen megv?ltoztathat?ak, ez?rt minket semmi felel?s?g nem terhelhet ezen ?zenet tartalma miatt.

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut ?tre privil?gi?. Si vous n'?tes pas le destinataire pr?vu, nous te demandons avec bont? que pour satisfaire informez l'exp?diteur. N'importe quelle diffusion non autoris?e ou la copie de ceci est interdite. Ce message sert ? l'information seulement et n'aura pas n'importe quel effet l?galement obligatoire. ?tant donn? que les email peuvent facilement ?tre sujets ? la manipulation, nous ne pouvons accepter aucune responsabilit? pour le contenu fourni.

 


From: brianreinhold@lampreynetworks.com
To: java-dev@axis.apache.org
Subject: RE: No headers in response
Date: Thu, 27 Sep 2012 19:11:27 -0400

Martin,

 

I tried that as well and the response still came back with no headers. Somehow the STS service manages to get a header in the response (missing must understand in the addressing); but itís a start.

 

Brian

 

From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Thursday, September 27, 2012 9:30 AM
To: java-dev@axis.apache.org
Subject: RE: No headers in response

 

Hi Brian
i'll take the last question.. from axis2.xml i assume you have included optional Headers
axis2.xml contains:
 <moduleConfig name="addressing">
        <parameter name="includeOptionalHeaders">true</parameter>
    </moduleConfig>

run this test where
axis2-IncludeOptionalHeadersTrue.xml contains

<axisconfig name="AxisJava2.0">
    <!-- Comment this to disable Addressing -->
    <module ref="addressing"/>

    <!--Configuring module , providing parameters for modules whether they refer or not-->
    <moduleConfig name="addressing">
        <parameter name="includeOptionalHeaders">true</parameter>
    </moduleConfig>
   
    <!-- ================================================= -->
    <!-- Phases  -->
    <!-- ================================================= -->
    <phaseOrder type="InFlow">
        <!--  System predefined phases       -->
        <phase name="Transport">
            <handler name="RequestURIBasedDispatcher"
                     class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
                <order phase="Transport"/>
            </handler>
            <handler name="SOAPActionBasedDispatcher"
                     class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
                <order phase="Transport"/>
            </handler>
        </phase>
        <phase name="Addressing">
            <handler name="AddressingBasedDispatcher"
                     class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
                <order phase="Addressing"/>
            </handler>
        </phase>
        <phase name="Security"/>
        <phase name="PreDispatch"/>
        <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
            <handler name="RequestURIBasedDispatcher"
                     class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
            <handler name="SOAPActionBasedDispatcher"
                     class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
            <handler name="RequestURIOperationDispatcher"
                     class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
            <handler name="SOAPMessageBodyBasedDispatcher"
                     class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
            <handler name="HTTPLocationBasedDispatcher"
                     class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
            <handler name="GenericProviderDispatcher"
                     class="org.apache.axis2.jaxws.dispatchers.GenericProviderDispatcher"/>
            <handler name="MustUnderstandValidationDispatcher"
                     class="org.apache.axis2.jaxws.dispatchers.MustUnderstandValidationDispatcher"/>
        </phase>
        <phase name="RMPhase"/>
        <!--  System predefined phases       -->
        <!--   After Postdispatch phase module author or service author can add any phase he want      -->
        <phase name="OperationInPhase">
            <handler name="MustUnderstandChecker"
                     class="org.apache.axis2.jaxws.dispatchers.MustUnderstandChecker">
                <order phase="OperationInPhase"/>
            </handler>
        </phase>
        <phase name="soapmonitorPhase"/>
    </phaseOrder>
    <phaseOrder type="OutFlow">
        <!--      user can add his own phases to this area  -->
        <phase name="soapmonitorPhase"/>
        <phase name="OperationOutPhase"/>
        <!--system predefined phase-->
        <!--these phase will run irrespective of the service-->
        <phase name="RMPhase"/>
        <phase name="PolicyDetermination"/>
        <phase name="MessageOut"/>
        <phase name="Security"/>
    </phaseOrder>
    <phaseOrder type="InFaultFlow">
        <phase name="Addressing">
            <handler name="AddressingBasedDispatcher"
                     class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
                <order phase="Addressing"/>
            </handler>
        </phase>
        <phase name="Security"/>
        <phase name="PreDispatch"/>
        <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
            <handler name="RequestURIBasedDispatcher"
                     class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
            <handler name="SOAPActionBasedDispatcher"
                     class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
            <handler name="RequestURIOperationDispatcher"
                     class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
            <handler name="SOAPMessageBodyBasedDispatcher"
                     class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
            <handler name="HTTPLocationBasedDispatcher"
                     class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
            <handler name="GenericProviderDispatcher"
                     class="org.apache.axis2.jaxws.dispatchers.GenericProviderDispatcher"/>
            <handler name="MustUnderstandValidationDispatcher"
                     class="org.apache.axis2.jaxws.dispatchers.MustUnderstandValidationDispatcher"/>
        </phase>
        <phase name="RMPhase"/>
        <!--      user can add his own phases to this area  -->
        <phase name="OperationInFaultPhase"/>
        <phase name="soapmonitorPhase"/>
    </phaseOrder>
    <phaseOrder type="OutFaultFlow">
        <!--      user can add his own phases to this area  -->
        <phase name="soapmonitorPhase"/>
        <phase name="OperationOutFaultPhase"/>
        <phase name="RMPhase"/>
        <phase name="PolicyDetermination"/>
        <phase name="MessageOut"/>
        <phase name="Security"/>
    </phaseOrder>
</axisconfig>

//now run the TestCase org.apache.axis2.handlers.addressing.AddressingOutHandlerTest.java:
        java.io.File configFile = new java.io.File(System.getProperty("basedir",".") + "/test-resources/axis2-IncludeOptionalHeadersTrue.xml");
        org.apache.axis2.context.ConfigurationContext cfgCtx =org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContextFromFileSystem("target/test-classes",configFile.getAbsolutePath());
//<parameter name="includeOptionalHeaders">true</parameter> in addressing module should now be true

        msgCtxt = cfgCtx.createMessageContext();
        msgCtxt.setEnvelope(OMAbstractFactory.getSOAP11Factory().getDefaultEnvelope());
        msgCtxt.setTo(new EndpointReference("http://www.to.org/service/"));
        msgCtxt.setFrom(new EndpointReference("http://www.from.org/service/"));
        msgCtxt.setReplyTo(new EndpointReference("http://www.replyTo.org/service/"));
        msgCtxt.setFaultTo(new EndpointReference("http://www.faultTo.org/service/"));
        msgCtxt.setWSAAction("http://www.actions.org/action");
        msgCtxt.setMessageID("123456-7890");
        msgCtxt.addRelatesTo(new RelatesTo("http://www.relatesTo.org/service/"));
        msgCtxt.setProperty(WS_ADDRESSING_VERSION, Final.WSA_NAMESPACE);       
        outHandler.invoke(msgCtxt);
        org.custommonkey.xmlunit.XMLUnit.setIgnoreWhitespace(true);
        assertXMLEqual(msgCtxt.getEnvelope().toString(), org.apache.axis2.handlers.util.TestUtil.getOMBuilder("withOptionalHeadersTest.xml").getDocumentElement().toString());  

//msgCtxt.getEnvelope().toString() should be IDENTICAL to contents of withOptionalHeadersTest.xml shown here
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
        <wsa:To>http://www.to.org/service/</wsa:To>
        <wsa:From><wsa:Address>http://www.from.org/service/</wsa:Address></wsa:From>
        <wsa:ReplyTo><wsa:Address>http://www.replyTo.org/service/</wsa:Address></wsa:ReplyTo>
        <wsa:FaultTo><wsa:Address>http://www.faultTo.org/service/</wsa:Address></wsa:FaultTo>
        <wsa:Action>http://www.actions.org/action</wsa:Action>
        <wsa:MessageID>123456-7890</wsa:MessageID>
        <wsa:RelatesTo RelationshipType="http://www.w3.org/2005/08/addressing/reply">http://www.relatesTo.org/service/</wsa:RelatesTo>
    </soapenv:Header>
    <soapenv:Body />
</soapenv:Envelope>

is this not the case?
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de d?ni et de confidentialit?


Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut ?tre privil?gi?. Si vous n'?tes pas le destinataire pr?vu, nous te demandons avec bont? que pour satisfaire informez l'exp?diteur. N'importe quelle diffusion non autoris?e ou la copie de ceci est interdite. Ce message sert ? l'information seulement et n'aura pas n'importe quel effet l?galement obligatoire. ?tant donn? que les email peuvent facilement ?tre sujets ? la manipulation, nous ne pouvons accepter aucune responsabilit? pour le contenu fourni.

 


From: brianreinhold@lampreynetworks.com
To: java-dev@axis.apache.org
Subject: No headers in response
Date: Thu, 27 Sep 2012 07:35:07 -0400

 I am re-opening a question I saw no answer to asked in this forum quite a while  ago.

In the STS service requesting a SMAL20 token the response is okay.

But in the service that needs to have the SAML20 token, the response has no headers at all. This is in spite of the must understand setting in the client headers in both the addressing and security part.

 

Everything is 1.6.2; rampart, axis2, and axiom is 1.2.14.  Adding the <parameter name="includeOptionalHeaders">true</parameter> in the service.xml does not help (though that is what I used programmatically on the client side to generate the correct addressing headers).

Is this a bug or what am I doing wrong in the configuration?

 

Thanks,

 

Brian Reinhold


No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5294 - Release Date: 09/27/12

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5294 - Release Date: 09/27/12


No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5294 - Release Date: 09/27/12


No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5295 - Release Date: 09/27/12


No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5296 - Release Date: 09/28/12

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5296 - Release Date: 09/28/12


No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5296 - Release Date: 09/28/12


No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5296 - Release Date: 09/28/12

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5296 - Release Date: 09/28/12


No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5298 - Release Date: 09/29/12

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5298 - Release Date: 09/29/12


No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5299 - Release Date: 09/29/12

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2221 / Virus Database: 2441/5299 - Release Date: 09/29/12