This week's book giveaway is in the Programmer Certification forum.
We're giving away four copies of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 and have Jeanne Boyarsky & Scott Selikoff on-line!
See this thread for details.
Win a copy of OCP Oracle Certified Professional Java SE 11 Programmer I Study Guide: Exam 1Z0-815 this week in the Programmer Certification forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

MustUnderstand Headers Issue

Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am sure to this question is out there somewhere in the internet, but I could not find it, can the Gurus please help me out.


I wrote a SOAP WS endpoint, using Apache CXF. My intention is to sign and encrypt the Header and Body of incoming and outgoing messages. Initially I used CXF Interceptors to decrypt the incoming signed and encrypted message and everything was working fine.

Now, I have tried to secure it using WS - Security Policy.So, I have removed the CXF interceptors and used a Policy based configuration instead.

Now when my client sends the request , it gets a MustUnderstand headers: [{}Security] are not understood.
How to remove this error, either by somehow removing the MustUnderstand tag in the incoming request from client, or by making the server understand the header(preferable)
My client is not written in CXF, its using Apache Axis 1.4(Yeah ... the old and creaky one).

Now the Details-

My Security Policy File at server

Server Call back Handler Class-

Client Code----> client_deploy.wsdd file.. Client also has its call back handler,.. not shown here, but on similar lines as server,

Power corrupts. Absolute power xxxxxxxxxxxxxxxx is kinda neat.
Java file APIs (DOC, XLS, PDF, and many more)
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!