My impression was that cxf was supported to remove the headers automatically when it processed them. Switching everything to POJO doesnt solve the problem. The proxied service still recieves the WS-Security headers (even though they were already taken care of my the proxy). This is the output using both POJO and PAYLOAD message format:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> <SOAP-ENV:Header xmlns:SOAP-ENV=" http://schemas.xmlsoap.org/soap/envelope/";> <wsse:Security soap:mustUnderstand="1" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd "> <ds:Signature Id="SIG-4ECAE8C04FE89757DB140469579156210" xmlns:ds=" http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="soap" xmlns:ec=" http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_4ECAE8C04FE89757DB14046957915616"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces PrefixList="" xmlns:ec=" http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>slCgWGWL5r06owC1MyAwfi7fx6k=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>d1iPIDa7V7gnwaS2UkKG35bVD4iG+LQ1o++wZZYLcWWumQKP6z40CTcp3EVoo3Pm1kW5Jh7dairz/ByIx/Z86RQ2ByE95VNJZMUH4rn+rcByZYbitzzSh7OidOn2mmh7rWvIIr1n1QD4vaXvbsc9JpqlMHUNl5mhrB9RH7AW8acx7dXjMZrC/xQc+Svl/4MCMKOI3q6I8hkWXIe1L25qQSBbqQwwrxH6qypZT/pb8qtg/XmWVW6lTtCvmEeLjb5bz0eD9XbAb44Q6oKt7JmlSxK2u23bGN1202QWncufKU19TYJAgWC21Bi2s77Bdi7v5u8Rkv78B+/I7vEs3HquoQ==</ds:SignatureValue> <ds:KeyInfo Id="KI-4ECAE8C04FE89757DB14046957915628"> <wsse:SecurityTokenReference wsu:Id="STR-4ECAE8C04FE89757DB14046957915629"> <wsse:KeyIdentifier EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier ">pdzYKHxRfn9/nOyVt+1iNLuQNwA=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </SOAP-ENV:Header> <soap:Body wsu:Id="_4ECAE8C04FE89757DB14046957915616" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd "> <soap:Fault> <faultcode>soap:MustUnderstand</faultcode> <faultstring>MustUnderstand headers: [{ http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood.</faultstring> </soap:Fault> </soap:Body> </soap:Envelope> --- I have to manually remove the headers using a java processor to get it to work: public class InsertResponseOutHeaderProcessor implements Processor { public void process(Exchange exchange) throws Exception { exchange.getIn().setHeader(Header.HEADER_LIST, new ArrayList<SoapHeader>()); } } Is there a more elegant solution to removed processed headers? Am I missing a configuration setting? Thanks! On Sun, Jul 6, 2014 at 5:54 PM, Willem Jiang <willem.ji...@gmail.com> wrote: > If you switch the data format to POJO, you should not see the security > header any more. > If you still need to use PAYLOAD data format, you need to clean up the > soap header of the payload message, as camel-cxf doesn’t put the soap > header into camel message header. > > -- > Willem Jiang > > Red Hat, Inc. > Web: http://www.redhat.com > Blog: http://willemjiang.blogspot.com (English) > http://jnn.iteye.com (Chinese) > Twitter: willemjiang > Weibo: 姜宁willem > > > > On July 7, 2014 at 6:48:34 AM, Michael Lambert ( > macfleck...@functionofwhy.com) wrote: > > I am attempting to proxy calls to a service and centralize ws-secuity > > handling within a camel route. Everything works perfectly but the > > ws-secuirty headers arent being removed and are instead being propogated > > down to the proxied service. This results in a MustUnderstand problem as > > the proxied service is not setup to handle security. > > > > This has to be a common scenario. Can someone give me a hint as to what > > might be wrong? > > > > The cxf endpoints are configured this way: > > > > ---- > > > address="/proxy/userService" > > endpointName="us:userSoapServicePort" > serviceName="us:userSoapServicePorts" > > wsdlURL="classpath:service/user-soap-v1.wsdl" > > xmlns:us="urn:healthmedia:wsdl:user:soap:v1" > > > > > > > > > > value="classpath:server-keystore.properties" /> > > > > > > > > > > > address="${user-service.url}" > > endpointName="us:userSoapServicePort" > serviceName="us:userSoapServicePorts" > > wsdlURL="classpath:service/user-soap-v1.wsdl" > > xmlns:us="urn:healthmedia:wsdl:user:soap:v1" /> > > > > ---- > > And the route is configured this way: > > ---- > > > > > > > location="classpath:user-service.properties"/> > > > > > > > > > > > > > > > > > > > > > > > > > > > > ---- > > > > Thanks in advance! > > > > -Mike > > > >
