IBM Support

PM32691: JAX-WS may emit mustUnderstand="0" in Security header when it shouldn't

Fixes are available

7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When the WS-Security custom property
    com.ibm.wsspi.wssecurity.config.request.setMustUnderstand is
    set to false in the WS-Security bindings, a mustUnderstand
    attribute should not be present in the outbound SOAP Security
    header.  However, a mustUnderstand="0" attribute is emitted.
    

Local fix

  • NA
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server V7.0 users *
    *                  of WS-Security enabled JAX-WS applications  *
    ****************************************************************
    * PROBLEM DESCRIPTION: JAX-WS WS-Security runtime may emit a   *
    *                      mustUnderstand="0" attribute in the     *
    *                      Security header when it shouldn't       *
    ****************************************************************
    * RECOMMENDATION:  Install a fix pack that includes this APAR. *
    ****************************************************************
    When the
    com.ibm.wsspi.wssecurity.config.request.setMustUnderstand
    custom property is set to false in the WS-Security application
    bindings, the outbound Security header in the SOAP message is
    emitted with a mustUnderstand="0" attribute.  When this
    property is set, the mustUnderstand attribute should not
    appear in the Security header.
    

Problem conclusion

  • The WS-Security runtime is updated to not emit the
    mustUnderstand attribute in the SOAP Security header when the
    following custom property is set to false in the WS-Security
    bindings:
    
    com.ibm.wsspi.wssecurity.config.request.setMustUnderstand
    
    The fix for this APAR is currently targeted for inclusion in
    fix pack 7.0.0.19.  Please refer to the Recommended Updates
    page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM32691

  • Reported component name

    WEBSPHERE APP S

  • Reported component ID

    5724J0800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-02-14

  • Closed date

    2011-03-29

  • Last modified date

    2011-03-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBSPHERE APP S

  • Fixed component ID

    5724J0800

Applicable component levels

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
27 October 2021