Just curious but why does the org.apache.synapse.core.axis2.Axis2FlexibleMEPClient remove addressing headers?
I've tried using synapse in proxy mode as well but here is the scenario and why removing the headers is wrong for what we're doing: 1) A WS-Security message comes in to synapse (with wsa:MessageID signed & referenced in the digital signature ) 2) Synapse Axis2FlexibleMEPClient removes the wsa:MessageID in the original message (Axis2FlexibleMEPClient.removeAddressingHeaders) 3) The endpoint gets the 'forwarded' request and it fails ws-security validation. Why? Because synapse removed the wsa:MessageID which is referenced in the digital signature! Why even in 'transparent' proxy mode would synapse remove that? And what are my options?
