Hmm.....
The only thing I can think of is to subclass the WSS4JOutInterceptor to
override a method or two to turn off the ENCRYPTION_PARTS thing if the body
contains one of the RM messages.
You can probably override the the "getString(String key, Object mc)" call to
do something like:
if (key.equals(WSHandlerConstants.ENCRYPTION_PARTS)) {
SoapMessage m = (SoapMessage)mc;
SOAPMessage doc = msg.getContent(SOAPMessage.class);
SOAPBody body = doc.getSOAPBody();
//check the content of body and return null if RM.....
}
return super.getString(key, mc);
Dan
On Fri December 11 2009 10:58:10 am Alexandros Karypidis wrote:
> Hi,
>
> SHORT STORY:
>
> I need to encrypt an element in my SOAP message. Therefore I configure
> my sending endpoint as follows:
>
> This generally works, but breaks if I enable WS-ReliableMessaging (with
> a policy in the WSDL). In that case, when trying to send a message the
> interceptor fails with:
>
> org.apache.ws.security.WSSecurityException:
> General security error (WSEncryptBody/WSSignEnvelope:
> Element to encrypt/sign not found:
> {http://messaging/}deliver)
>
> Now, apparently this is caused by WS-RM injecting a "CreateSequence"
> message which does not contain my "target" element. I can see only three
> ways out of this and I appreciate any help.
>
> LONG STORY:
>
> My thoughts on getting around this are below, but I need help from
> someone more knowledgable:
>
> 1) I don't know if it's possible to have the WS-Security interceptor be
> added _before_ the WS-RM interceptor (I assume this would result in WSS
> "not seeing" RM-injected messages). Although I add the "WSS" interceptor
> with code, the RM interceptor is added automatically by a policy in the
> WSDL. I add WSS with:
>
> Map<String, Object> outProps = new HashMap<String, Object>();
> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
> // ...
> outProps.put(WSHandlerConstants.ENCRYPTION_PARTS,
> "{Content}{http://messaging/}deliver";);
> org.apache.cxf.endpoint.Client client =
> org.apache.cxf.frontend.ClientProxy.getClient(portStub);
> org.apache.cxf.endpoint.Endpoint cxfEndpoint =
> client.getEndpoint(); cxfEndpoint.getOutInterceptors().add(wssOut);
>
> 2) Is it possible to define the "target part" as "optional" so that WSS
> does not abort when it fails to find the element?
>
> 3) Are neither (1) nor (2) possible, in which case I should open a bug
> report (and start coding)?
>
--
Daniel Kulp
[email protected]
http://www.dankulp.com/blog
