SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-20
Hi,
I am using UserToken-Plain text Password validation using JAX-RPC Handler. My validation happens in handleRequest().
Before that, I am getting "SOAP must understand error:{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security" as my SOAP:Header is
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soap:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
wsu:Id="UsernameToken-am7lyk2NVlJ15hAD6Za8lg22"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Username>DM</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">DM</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
Is the solution related to configuring security policy in OAS?If I set User Authentication, 'Expect User name to Authenticate' & Password as Plain type, is it a must to specify Keystore?Or, am I missing some extra processing in header level? How can I validate the client sent user name & password with a custom logic (with database)? Can anybody educate how to handle mustUnderstand="1" headers?
Thanks in advance