Hi Mayank,
Can you try using latest CXF version? The problem looks more related to
piggybacking of the security headers which I fixed sometime back.
Take a look at the JIRA issue
http://issues.apache.org/jira/browse/CXF-790
Regards,
Ulhas Bhole
Mayank Mishra wrote:
Hi all,
I am using wss4j-1.5.3 and CXF 2.0.
I am trying to secure both incoming and outgoing message from web
service client to service. Hence, I configured both incoming and
outgoing interceptors on both client and server.
The incoming request gets secured by WSS4JOutInterceptor on client and
accordingly get verified by the WSS4JInInterceptor on server. But,
problem comes in response message from Server to Client. In creating
the response message on Server, after invoking the service and
creating right response element, the WSS4JOutInterceptor is putting
the same security header which was in incoming request (from Client to
Server) and then adding Security Elements (as configured in
WSS4JOutInterceptor configuration).
This happens even WSS4JOutInterceptor is configured for
Action="NoSecurity", the Outgoing return message contains
SecurityHeader and security element.
In Signature case:
If the incoming message has following, the return message from server
also shows the same (obviously no element is found with the URI number)
<ds:Reference URI="#id-24924329"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
For X509 token, the same X509SerialNumber is used in response message
(which is like signing/encrypting using the same key/cert which client
used in request message)
and for Timestamp same client side timestamp creation and expiry
values are used.
I am using org.apache.cxf.jaxws.EndpointImpl class to get endpoints of
service and to configure service Interceptors. On the client side, I
am using ClientProxy to get endpoint and configure properties on it.
Please let me know, why server interceptor is behaving in such a way.
With Regards,
Mayank
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
