I've been trying to get a web-service and client set up using CXF,
JAX-WS, and the CXF extensions for WS-Security and WS-SecurityPolicy.
I've got it mostly working, but my WSDL has two required SOAP headers
that are intended to be passed to the endpoint, and that I want to be
able to encrypt and sign. When I do so, though, the headers are
correctly decrypted but are not passed to the endpoint after decryption.
This happens because, as far as I can tell,
org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor correctly
searches for headers in the headers list of the Message parameter to
handleMessage, but doesn't find it because the encrypted headers didn't
really exist in their final form in the actual message.
I've been able to "work around" this by sticking a custom interceptor in
between DocLiteralInInterceptor and SoapHeaderInterceptor that reads the
wss4j signature verification result out of the message, interprets the
appropriate decrypted elements as headers, and sticks them into the
headers list, but this solution feels fragile to me.
Any help or suggestions would be appreciated. I'm using CXF 2.3.1 on
Java 6.
Ross M. Lodge
- Problem with encrypted headers and jax-ws binding Ross Lodge
-
