We are using the user name token headers for authentication .As we use the provider based implementation we are not using any server side password callbacks and we are reading the soap headers directly .I have not configured the WSS4J interceptors in the cxf-servlet.xml as we handle everything in the code.But I see the exception below at the response time.Are the security headers automatically retrieved and included back in the response?
I see a discussion and a solution which makes use of an interceptor as a work around.Is this fixed in cxf? http://mail-archives.apache.org/mod_mbox/cxf-users/200902.mbox/%[email protected]%3e org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss -wssecurity-secext-1.0.xsd}Security] are not understood. at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.h andleMessage(MustUnderstandInterceptor.java:177) at org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.h andleMessage(MustUnderstandInterceptor.java:151) thanks and regards, Bharath
