How can I change mustUnderstand attribute of wsse:Security soapenv:mustUnderstand

Solution Verified - Updated -

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 4.3
    • 5.x
  • JBossWS Native

Issue

We have a web services client running within jboss 4.3.0_cp07 which we've set up along the lines of the following:

http://community.jboss.org/message/552851

(See Steps - Client Side, 1 and 2)

This is working fine, and produces:

<wsse:Security soapenv:mustUnderstand="1" …>

But there is another case where we might need to send:

<wsse:Security soapenv:mustUnderstand="0" …>

What is the best way to do this?

Resolution

Unfortunately it is not possible to change the value of the mustUnderstand attribute via configuration of the JBossWS Native WS-Security handler. The value of the mustUnderstand attribute is hard-coded to "1" (see [1], line 58):

wsse.setAttributeNS(soapHeader.getNamespaceURI(), soapHeader.getPrefix() + ":mustUnderstand", "1");

You can add a JAX-WS handler that will modify the SOAP message to change the mustUnderstand attribute to 0:

package com.jboss.examples.ws.usernametoken;

import javax.xml.ws.handler.soap.SOAPMessageContext;
import javax.xml.ws.handler.MessageContext;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPMessage;
import java.util.Iterator;

import org.w3c.dom.Element;

import org.jboss.ws.Constants;
import org.jboss.wsf.common.DOMUtils;
import org.jboss.wsf.test.GenericHandler;

//This is the package name for EAP5
//import org.jboss.wsf.common.handler.GenericHandler;

//This is the package name for AS7 (not supported in EAP6)
//import org.jboss.ws.api.handler.GenericHandler;

public class MustUnderstandHandler extends GenericHandler
{
  public boolean handleOutbound(MessageContext msgContext)
  {
    SOAPMessage soapMessage = ((SOAPMessageContext)msgContext).getMessage();

    Iterator i = DOMUtils.getChildElements(
      soapMessage.getSOAPPart().getDocumentElement(), 
      new QName(org.jboss.ws.extensions.security.Constants.WSSE_NS, "Security"),
      true
    );

    Element sel = (Element)i.next();

    sel.setAttributeNS(
      Constants.NS_SOAP11_ENV, 
      Constants.PREFIX_ENV + ":" + Constants.SOAP11_ATTR_MUST_UNDERSTAND, 
      "0"
    );

    return true;
  }
}

To install it, you can configure a custom handler chain in a file (e.g. META-INF/my-handler-chain.xml):

<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jaxws-config:2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="urn:jboss:jaxws-config:2.0 schema/jaxws-config_2_0.xsd">
  <endpoint-config>
    <config-name>Custom WSSecurity Endpoint</config-name>
    <post-handler-chains>
      <javaee:handler-chain>
        <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
        <javaee:handler>
          <javaee:handler-name>WSSecurity Handler</javaee:handler-name>
          <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class>
        </javaee:handler>
        <javaee:handler>
          <javaee:handler-name>MustUnderstandHandler</javaee:handler-name>
          <javaee:handler-class>com.jboss.examples.ws.usernametoken.MustUnderstandHandler</javaee:handler-class>
        </javaee:handler>
      </javaee:handler-chain>
    </post-handler-chains>
  </endpoint-config>
</jaxws-config>

And then point to that file in your endpoint via @EndpointConfig:

@Stateless
@EndpointConfig(configName="Custom WSSecurity Endpoint", configFile="META-INF/my-handler-chain.xml")
@WebService
public class myEndpointImpl
{
  ...
}

[1] https://anonsvn.jboss.org/repos/jbossws/stack/native/tags/jbossws-native-2.0.1.SP2_CP06/src/main/java/org/jboss/ws/extensions/security/SecurityEncoder.java

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.