I am using ws-policy/ws-security attachments to configure and execute x509 encryption in soap messages.
I was under the impression that when cxf processes the ws-security headers in incoming messages that it would remove them from the envelope. That does not appear to be the case however. I am using a cxf proxy to process all ws-security related messages and then routing the call down to the actual web service afterward. The problem is that the proxy is relaying not only the body of the soap request but the mustunderstand headers related to security as well. This results in the proxied web service throwing a MustUnderstand exception. Is there something i need to configure to enable the behavior I require/except? Thanks again! -Mike
