On Monday 17 January 2011 9:34:04 pm Ross Lodge wrote: > I've been trying to get a web-service and client set up using CXF, > JAX-WS, and the CXF extensions for WS-Security and WS-SecurityPolicy. > I've got it mostly working, but my WSDL has two required SOAP headers > that are intended to be passed to the endpoint, and that I want to be > able to encrypt and sign. When I do so, though, the headers are > correctly decrypted but are not passed to the endpoint after decryption. > > This happens because, as far as I can tell, > org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor correctly > searches for headers in the headers list of the Message parameter to > handleMessage, but doesn't find it because the encrypted headers didn't > really exist in their final form in the actual message. > > I've been able to "work around" this by sticking a custom interceptor in > between DocLiteralInInterceptor and SoapHeaderInterceptor that reads the > wss4j signature verification result out of the message, interprets the > appropriate decrypted elements as headers, and sticks them into the > headers list, but this solution feels fragile to me. > > Any help or suggestions would be appreciated. I'm using CXF 2.3.1 on > Java 6.
This definitely looks like a bug. Most likely, your code you have in your interceptor should be stuck into the WSS4JInInterceptor at the end of the processMessage call. Can you file a bug and possibly attach a patch? Thanks! -- Daniel Kulp [email protected] http://dankulp.com/blog
