[GitHub] [camel-quarkus] ppalaga commented on a diff in pull request #4758: #4291 avoid In/Out Message soap headers conflict

Mon, 17 Apr 2023 02:43:48 -0700 


ppalaga commented on code in PR #4758:
URL: https://github.com/apache/camel-quarkus/pull/4758#discussion_r1168439507


##########
integration-test-groups/cxf-soap/cxf-soap-ws-security-server/src/main/java/org/apache/camel/quarkus/component/cxf/soap/securitypolicy/server/it/WsSecurityPolicyServerRoutes.java:
##########
@@ -19,20 +19,25 @@
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.enterprise.inject.Produces;
 import jakarta.inject.Named;
+import org.apache.camel.Exchange;
+import org.apache.camel.Processor;
 import org.apache.camel.builder.RouteBuilder;
 import org.apache.camel.component.cxf.jaxws.CxfEndpoint;
 import org.apache.cxf.ext.logging.LoggingFeature;
+import org.apache.cxf.headers.Header;
 
 @ApplicationScoped
 public class WsSecurityPolicyServerRoutes extends RouteBuilder {
 
     @Override
     public void configure() {
 
-        from("cxf:bean:wsSecurityPolicyHelloService?dataFormat=POJO")
-                .log("exchange: ${exchange}")
-                .setBody(exchange -> "Secure good morning " + 
exchange.getMessage().getBody(String.class));
-
+        
from("cxf:bean:wsSecurityPolicyHelloService?dataFormat=POJO").process(new 
Processor() {
+            public void process(final Exchange exchange) throws Exception {
+                exchange.getIn().removeHeader(Header.HEADER_LIST);

Review Comment:
   Great, thanks for the clarification @ffang! 
   
   So similarly written route would also fail on CSB and there is nothing Camel 
Quarkus specifix about the failure. Nice to know, thanks a lot!
   
   It sounds like this could happen to any user writing a new route using 
WS-Security/WS-SecurityPolicy. I wonder whether there is way to improve the 
default behavior? Shouldn't perhaps the security headers be filtered by 
default? Or wouldn't it be better not to propagate the headers by default 
unless the user sets the CxfHeaderFilterStrategy (thus giving a sign that he 
knows what he does)? If changing the code is not feasible, should we not warn 
about this in the documentation?
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to