Garry, I found this same post earlier and answered on that thread, please do refer to that...
Thanks, Ruwan On Sat, Aug 9, 2008 at 1:19 AM, Gary Snider <[EMAIL PROTECTED]> wrote: > Just curious but why does the > org.apache.synapse.core.axis2.Axis2FlexibleMEPClient remove addressing > headers? > > I've tried using synapse in proxy mode as well but here is the scenario and > why removing the headers is wrong for what we're doing: > > 1) A WS-Security message comes in to synapse (with wsa:MessageID signed & > referenced in the digital signature ) > 2) Synapse Axis2FlexibleMEPClient removes the wsa:MessageID in the original > message (Axis2FlexibleMEPClient.removeAddressingHeaders) > 3) The endpoint gets the 'forwarded' request and it fails ws-security > validation. Why? Because synapse removed the wsa:MessageID which is > referenced in the digital signature! > > Why even in 'transparent' proxy mode would synapse remove that? And what > are my options? > -- Ruwan Linton http://wso2.org - "Oxygenating the Web Services Platform" http://ruwansblog.blogspot.com/
