How to resolve failure of JAX_WS web service invocation "MustUnderstand headers are not understood"?

Asked 6/12, 2010 at 16:3 Answered 20/12, 2017 at 13:46

Solved web-services jax-ws webservice-client

I'm using SOAPUI tool to access JAX-WS web services deployed in Weblogic 10.3.2

Request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.pc3.polk.com/">
    <soapenv:Header>
        <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsu:Timestamp wsu:Id="Timestamp-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2010-12-03T21:10:43Z</wsu:Created>
            <wsu:Expires>2010-12-03T21:44:03Z</wsu:Expires>
        </wsu:Timestamp>
        <wsu:Timestamp wsu:Id="Timestamp-60" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2010-12-03T20:10:39Z</wsu:Created>
            <wsu:Expires>2010-12-03T20:43:59Z</wsu:Expires>
        </wsu:Timestamp>
        <wsse:UsernameToken wsu:Id="UsernameToken-59" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>rwerqre</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ewrqwrwerqer</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Nmw0ksmiOX+hkiSoWb2Rjg==</wsse:Nonce>
            <wsu:Created>2010-12-03T20:10:39.649Z</wsu:Created>
        </wsse:UsernameToken>
    </wsse:Security>
    </soapenv:Header>
   <soapenv:Body>
      <ws:getMetadata/>
   </soapenv:Body>
</soapenv:Envelope>

Response:

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
   <S:Body>
      <SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
         <faultcode>SOAP-ENV:MustUnderstand</faultcode>
         <faultstring>MustUnderstand headers:[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood</faultstring>
      </SOAP-ENV:Fault>
   </S:Body>
</S:Envelope>

Wisecrack answered 6/12, 2010 at 16:3 Comment(0)

You can configure a dummy SOAPHandler for {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security that would mark this header as 'understood'.

Or you could change the SOAP request (on the caller side) to set mustUnderstand="0" in the security header.

Example security SOAP header with mustUnderstand="0":

<S:Header xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
   <wsse:Security S:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <wsse:UsernameToken>
         <wsse:Username>USERNAME</wsse:Username>
         <wsse:Password wsse:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
      </wsse:UsernameToken>
   </wsse:Security>
</S:Header>

Profundity answered 7/12, 2010 at 15:51 Comment(4)

I would love to see more details on "configure a dummy SOAPHandler for {docs.oasis-open.org/wss/2004/01/…}Security that would mark this header as 'understood'." – Jayson 10/2, 2014 at 21:15

I'd also like to see such a dummy SOAP Handler – Billups 26/6, 2014 at 7:28

Just implement a SOAPHandler that returns {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security from getHeaders() but whose handle.. methods do nothing (return true). That's it. – Profundity 27/6, 2014 at 12:36

In my case even call is not coming SOAPHandler<SOAPMessageContext>, its going away from SoapMessageDispatcher of handleHeaders(). Could you please guide #60260777 – Catalog 19/2, 2020 at 11:23

After much research, this article solves this issue.

http://dwuysan.wordpress.com/2012/04/02/jax-ws-wsimport-and-the-error-mustunderstand-headers-not-understood/#comment-215

Limiting answered 14/2, 2014 at 22:46 Comment(0)

As per WS security specification: The processor MUST, after decrypting the encrypted header block, process the decrypted header block according to the SOAP processing guidelines. The receiver MUST raise a fault if any content required to adequately process the header block remains encrypted or if the decrypted SOAP header is not understood and the value of the S12:mustUnderstand or S11:mustUnderstand attribute on the decrypted header block is true. Note that in order to comply with SOAP processing rules in this case, the processor must roll back any persistent effects of processing the security header, such as storing a received token. So please check Configuration of CallbackHandlers.

Mouthful answered 30/6, 2011 at 14:12 Comment(1)

Ah, overarchitected specifications standing in the way of getting things done, once again. – Bobbette 12/4, 2016 at 7:23

Issue is with the Handlers. You need to add following in handler implementation

public Set<QName> getHeaders() {
    final QName securityHeader = new QName(
        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
        "Security",
        "wsse");

    final HashSet headers = new HashSet();
    headers.add(securityHeader);
    return headers;
}

Cameron answered 20/12, 2017 at 13:46 Comment(1)

Could you please guide here: #60260777 ? – Catalog 19/2, 2020 at 12:5

-2

In SOAP UI Navigator,

right-click your project->Show Project View->WS-Security Configurations->Outgoing WS-Security Configurations Uncheck Must Understand, and then send request.

Servomechanical answered 16/11, 2016 at 8:2 Comment(0)

Recommended topics

Hot tags