Hello all
I’m securing a web service using WSE 2.0. One of the potential client’s of
the web service is a Java client using Sun JWSDP 1.5. The problem is that
the java client gets the error “Server did not recognize the value of HTTP
Header SOAPAction:”, and when I look at the trace the error is:
WSE841: An error occured processing an outgoing fault response. --->
System.Web.Services.Protocols.SoapHeaderException: Header
http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate
recipient is required but not present in the message.
The soap the java client is sending has no Action header and I’m told it can
not be changed. Therefore I have been trying to tell my service that
actionheader is not required but without success.
This is a actionheader the webservice accepts:
<wsa:Action
wsu:Id="Id-29db7046-313a-4675-9bf8-6446b9463aeb">http://tempuri.org/send</wsa:Action>
What I have tried is to change the policy file
This is the default:
<!--MessagePredicate is used to require headers. This assertion should
be used along with the Integrity assertion when the presence of the signed
element is required. NOTE: this assertion does not do anything for
enforcement (send-side) policy.-->
<wsp:MessagePredicate wsp:Usage="wsp:Required"
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID)
wse:Timestamp()</wsp:MessagePredicate>
Here I tried to tell the service that only body and timestamp was required
<wsp:MessagePredicate wsp:Usage="wsp:Required"
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
wse:Timestamp()</wsp:MessagePredicate>
I have also tried to tell the web service everything was optional:
<wsp:MessagePredicate wsp:Usage="wsp:Optional"
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID)
wse:Timestamp()</wsp:MessagePredicate>
I have also tried to skip the policy file and check on the the bodyparts in
code but the error occurs before the webmethod is even invoked.
It is my understanding that WS-specifications are optional and that the way
to define which ones I want to use is via a policy file. Is that the correct
understanding? I find it difficult to find good documentation on how to use
different WS-specifications with WSE 2.0 enabled web service. Does anyone
know of good documentation on WS-security using X509 certificates for signing?
Does anyone have solution to this problem or ideas that might lead to
solution?
Regards,
- Bjarki B.