Does your custom element go INTO the security header or go before the security header?
If it's the latter, check the faq: http://cxf.apache.org/faq.html#FAQ-HowcanIaddsoapheaderstotherequest%25252Fresponse%25253F That can also work for the former case. If you add a header with the proper "security" name, the wss4j interceptor will use the existing security header (and add stuff to it) instead of adding a second. Dan On Fri August 7 2009 3:42:19 pm R1ch wrote: > CXF 2.2 and WSS4J 1.5.8 > > Hello all, > I have a working webservice configured with WSS4JOutInterceptor to insert a > signed SAML token. > Now I'm trying to insert an Element before the signature occurs so that my > Element is also signed. > > I tried two different ways and both are not resulting in what I need. > ========================================================================== > 1) did something similar to > > public class myInterceptor extends WSS4JOutInterceptor { > handleMessage(SoapMessage mc) { > SOAPMessage soapMsg = myElement(); > mc.setContent(SOAPMessage.class, soapMsg); > super.handleMessage(mc); > } > } > this throws an exception, dont have it right now but can reproduce if some > needs to see it. > If I place the super.handleMessage(mc); before my code, (before the > myElement()) there is no error > but my element is not in the final soap message. > > Then I noticed that WSS4JOutInterceptor.handleMessage(SoapMessage mc) has > if (mc.getContent(SOAPMessage.class) == null) { > saajOut.handleMessage(mc); > } > So I thought that I can't add SOAPMessage content. so I came up with the > next try > > ========================================================================== > 2) I did something almost exactly to what WSS4JOutInterceptor has, i.e use > an internal interceptor > with phase.USER_PROTOCOL. The WSS4JOutInterceptorInternal is > Phase.POST_PROTOCOL so i figured > if mine was before the post it would work. > > public class myInterceptor extends WSS4JOutInterceptor { > > final class myInternal implements PhaseInterceptor<SoapMessage> { > handleMessage(SoapMessage mc) { > SOAPMessage soapMsg = myElement(); > mc.setContent(SOAPMessage.class, soapMsg); > super.handleMessage(mc); > } > } > } > > Well, my element is in the final SOAP message but it is not signed and my > <BODY> was actually empty > not what the webservice returns. > ========================================================================== > > So I was going to try and my Element to the message as XMLStreamWriter > content but I noticed that > SAAJOutInterceptor.handleMessage(SoapMessage message) replaces that with > W3CDOMStreamWriter > > 1. My first question is how do I get my element signed? > 2. What is the correct way to add content, is it mc.setContent() or do I > mc.getContent and add to that? > 3. What is the pupose of the Message Content Formats? > 4. When should I use SOAPMessage or XMLStreamWriter or any other format? > 5. If I put my content in the message for example as java.io.OutputStream > does it still get added to the final message? > > Thanks for your time. -- Daniel Kulp [email protected] http://www.dankulp.com/blog
