I have upgraded cxf & wss4j to 2.7.11, 1.6.15 respectively.
For handling replay attacks , 2.7.11 cxf is modifying the client's messages.
But in 2.7.5 the security option was not there.
Is there any way to disable this option via java because i am expecting the
message which was sent by me.
I have appended the string "replay attack" with my custom exception message
and i got the expected message because
of the below code
if (ex.getMessage() != null && ex.getMessage().contains("replay attack")) {
return ex.getMessage();
}
2.7.11 code
=========
createSoapFault(org.apache.cxf.message.Message message, SoapVersion version,
WSSecurityException e) {
SoapFault fault;
String errorMessage = null;
if (MessageUtils.isRequestor(message)) {
errorMessage = e.getMessage();
} else {
errorMessage = WSS4JUtils.getSafeExceptionMessage(e);
if (errorMessage == null) {
errorMessage = e.getMessage();
}
}
javax.xml.namespace.QName faultCode = e.getFaultCode();
if (version.getVersion() == 1.1 && faultCode != null) {
fault = new SoapFault(errorMessage, e, faultCode);
} else {
fault = new SoapFault(errorMessage, e, version.getSender());
if (version.getVersion() != 1.1 && faultCode != null) {
fault.setSubCode(faultCode);
}
}
return fault;
}
Is there any way to disable security option via java?
Thanks
Shriram.
--
View this message in context:
http://cxf.547215.n5.nabble.com/disabling-replay-attack-security-mechanism-in-apache-cxf-or-wss4j-tp5747393.html
Sent from the cxf-user mailing list archive at Nabble.com.
