WS-Security header applied when not set
Outgoing WSS is NOT set, but I noticed that the header (although empty) is still added - only on requests. How do I turn this off?
Forum Discussion
4 Replies
- Is it the following true and the details are still sent? Will you please post raw request message for sample?
a. There request step donot have any User/Password details?
b. Not selected to send these details in soapui's preferences - i found out that when WS-Security settings are set, and not used, the header was put on. When I removed all of them (keystone, in, out, …) it stopped. Seems like a bug?
- I believe that it is expected, not 100% sure. Any way, you could procced, right?
Rao,
I seemt to be having the same issue, where in, if I run a test using Ready API (through UI, version 1.9.0), then an empty header is sent. However, running the same test through the testrunner.sh script (Ready API 1.9.0) adds a security header with the mustUnderstand flag set to "1" and a faultcode is thrown in the response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soap:Body> <soap:Fault> <faultcode>soap:MustUnderstand</faultcode> <faultstring>Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.</faultstring> </soap:Fault> </soap:Body> </soap:Envelope>Thinking its the same issue, I tried looking at WSS settings, but they all seem blank/not set. Can you help?
