Hi Andrei, Thanks for your help. I'll give this a try.
The reason why I'm doing this is to avoid a problem that exists involving encrypted MTOM-based attachments, because I just can't get CXF and WSS4J to do the decryption on its own (I'm told that a streaming feature for solving this issue will be included in WSS4J 2.0). If I execute the request to the web service outside of CXF, I can read the encrypted key from the response, decrypt it, and then simply use that to decrypt the attachment. I could insert the values into a POJO and return it as if it came directly from CXF. It's a really specific case for this web service.
An alternative for us is to use IBM WebSphere Application Server, because we're told by IBM that it supports this feature. But that software is almost $6000. If we can avoid that cost and the additional cost of having to learn a new platform, we'd prefer that.
Jen (2013/10/26 14:01), Andrei Shakirin wrote:
Hi, If you would like to prevent sending outbound message to the server in out interceptor on the client side, you can either: 1. Throw exception in out interceptor handleMessage(): public class TestInterceptor extends AbstractPhaseInterceptor<Message> { public TestInterceptor() { super(Phase.POST_LOGICAL); }public void handleMessage(Message message) {if (MessageUtils.isRequestor(message)) { // Check some conditions here throw new IllegalStateException("test"); } } ... } 2. Abort the interceptor chain and return hard coded response public class TestInterceptor extends AbstractPhaseInterceptor<Message> { public TestInterceptor() { super(Phase.POST_LOGICAL); } public void handleMessage(Message message) { if (MessageUtils.isRequestor(message)) { // Check some conditions here message.getInterceptorChain().abort(); Endpoint e = message.getExchange().get(Endpoint.class); Message responseMsg = new MessageImpl(); responseMsg.setExchange(message.getExchange()); responseMsg = e.getBinding().createMessage(responseMsg); MessageObserver observer = message.getExchange().get( MessageObserver.class); if (observer != null) { // client side outbound, the request message becomes the // response message responseMsg.setContent(XMLStreamReader.class, message.getContent(XMLStreamReader.class)); message.getExchange().setInMessage(responseMsg); responseMsg.put( PhaseInterceptorChain.STARTING_AT_INTERCEPTOR_ID, LogicalHandlerInInterceptor.class.getName()); observer.onMessage(responseMsg); } } } ... } Could I ask what is the requirement to re-implement signature and encryption logic by your own? Regards, Andrei.-----Original Message----- From: Jennifer Ruttan [mailto:[email protected]] Sent: Samstag, 26. Oktober 2013 17:41 To: [email protected] Subject: Preventing a soap message from being sent? Hi all, Is it possible to create an OutInterceptor that intercepts the SOAP message and prevents it from being sent to the server? I'm specifically hoping to be able to use CXF to sign and encrypt my outgoing message, but handle all incoming logic myself. Alternately, is it possible to hijack the WSS4JInInterceptor so that I can perform a custom decryption and signature verification task instead of the standard operation? (I know how to decrypt the message that I receive.) Jen
