Thanks. I'll work on creating a bug. I'm not sure if I'll be able to
upload a real patch, although I can upload a copy of the new interceptor
I wrote.
Ross
On 1/18/11 12:30 PM, Daniel Kulp wrote:
On Monday 17 January 2011 9:34:04 pm Ross Lodge wrote:
I've been trying to get a web-service and client set up using CXF,
JAX-WS, and the CXF extensions for WS-Security and WS-SecurityPolicy.
I've got it mostly working, but my WSDL has two required SOAP headers
that are intended to be passed to the endpoint, and that I want to be
able to encrypt and sign. When I do so, though, the headers are
correctly decrypted but are not passed to the endpoint after decryption.
This happens because, as far as I can tell,
org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor correctly
searches for headers in the headers list of the Message parameter to
handleMessage, but doesn't find it because the encrypted headers didn't
really exist in their final form in the actual message.
I've been able to "work around" this by sticking a custom interceptor in
between DocLiteralInInterceptor and SoapHeaderInterceptor that reads the
wss4j signature verification result out of the message, interprets the
appropriate decrypted elements as headers, and sticks them into the
headers list, but this solution feels fragile to me.
Any help or suggestions would be appreciated. I'm using CXF 2.3.1 on
Java 6.
This definitely looks like a bug. Most likely, your code you have in your
interceptor should be stuck into the WSS4JInInterceptor at the end of the
processMessage call. Can you file a bug and possibly attach a patch?
Thanks!
