Classification: UNCLASSIFIED Caveats: NONE
Hi, I'm continuing the effort to provide a WS-Security using the PolicyHandler extension framework in 1.6.1. I've successfully added the capabilities to attach security tokens and to sign message body/headers after I've modified the PolicyHandler framework code to allow afterInvoke() to be called with the outbound MessageContext (please see http://www.mail-archive.com/dev@tuscany.apache.org/msg15425.html for details, which contains my latest post asking for the next release information and help to include my changes. I would really appreciate it if someone respond to it). Now I've encountered another problem trying to encrypt the SOAP message body. The problem has to do with the dispatching mechanism used by Axis2 WS binding implementation and the order the PolicyHandler.beforeInvoke() is called relative to the dispatcher.invoke. That dispatching implementation relies on the SOAP message body content (the 1st element as the method in the wrapped mode) to determine the endpoint method to invoke. At the same time, PolicyHandler.beforeInvoke() is call after the dispatcher.invoke(). So if the message body is encrypted by the client and would be decrypted only by PolicyHandler.beforeInvoke() (the extension), then dispatcher.invoke would not be able to determine the endpoint method to invoke. Is there a way I can work around the current design? Why wasn't SOAPAction populated so that it can be used to dispatch the message? Thanks in advance. Gang Classification: UNCLASSIFIED Caveats: NONE
