Re: Fake the understanding of a "soap:mustUnderstand" header

Mon, 23 Nov 2009 09:04:53 -0800 

You can step on normal processing by making a following hack:

1.  Make a custom interceptor either extending AbstractSoapInterceptor or
AbstractPhaseInterceptor<SoapMessage>

2.  Install it right after CXF default ReadHeadersInterceptor
for example:
    public IgnoreMustUnderstandHeadersInterceptor(Bus b) {
        super(Phase.READ);
        bus = b;
        addAfter(ReadHeadersInterceptor.class);
        }
3. Override public void handleMessage(SoapMessage message) {

4. Find all Header objects inside the message and update
setMustUnderstand(false);

message.getHeaders()



ReadHeadersInterceptor

message.getHeaders().add(shead);


karypid wrote:
> 
> Hi,
> 
> I have a CXF endpoint that uses @WebServiceProvider to process the SOAP
> XML.
> 
> The sender uses WS-Security so the message includes in its SOAP header:
> <wsse:Security 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  
> soap:mustUnderstand="1">
> 
> This causes CXF to throw an Exception saying:
> 23 Νοε 2009 10:30:22 πμ org.apache.cxf.phase.PhaseInterceptorChain 
> doIntercept
> WARNING: Interceptor has thrown exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: MustUnderstand headers: 
> [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security]
>  
> are not understood.
> at 
> org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor$UltimateReceiverMustUnderstandInterceptor.handleMessage(MustUnderstandInterceptor.java:221)
> ... stack trace continues...
> 
> Now, I don't care about the encrypted portion of the message. I just 
> want to use the XML API-s to process the message in my:
> 
> @WebServiceProvider(...)
> @ServiceMode(Mode.MESSAGE)
> @BindingType(value = HTTPBinding.HTTP_BINDING)
> public class AsyncMessagingServiceProvider implements Provider<Source> {
> public Source invoke(Source request) {
> // I need to look at the XML here, no need to decrypt / verify the 
> secured elements
> }
> 
> So how can I tell CXF to just perform the invocation and not worry about 
> "understanding" that header? What are my options? I am thinking that it 
> is possible for an interceptor to mark a header as "understood" so that 
> CXF will not complain. Is there indeed an API for that?
> 
> 

-- 
View this message in context: 
http://old.nabble.com/Fake-the-understanding-of-a-%22soap%3AmustUnderstand%22-header-tp26475723p26482069.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to