Thanks for your quick answer Sergey, I've just got one follow up question. Instead of of doing this in java is it something that could be configured in XML where I exclude the MustUnderstandInterceptor?
On 8 October 2014 14:40, Sergey Beryozkin <[email protected]> wrote: > Hi > > On 08/10/14 11:38, Anders Clausen wrote: > >> Hi >> >> We're using CXF for our REST and SOAP web services. All of our calls >> normally go through a separate security layer. However, in some of our >> test >> environments we haven't got the security layer in place, so when we test >> calls to our SOAP web services we get an error from the >> MustUnderstandInterceptor, as the security credentials are present in the >> SOAP Header. Normally these would obviously be stripped away in the >> security layer but won't be in the previous mentioned scenario. >> >> My questions are: >> >> 1) Since we would never do any WS-Security related tasks in the web >> services layer where we are using CXF, is it possible to disable the >> MustUnderstandInterceptor? >> >> 2) If it's possible, is it acceptable to do so or is it frowned upon. >> >> 3) Could it be done by doing the following in the handleMessage() >> >> MustUnderstandInterceptor must = new MustUnderstandInterceptor(); >> InterceptorChain chain = message.getInterceptorChain(); >> > I've looked at some code, you do not have to create an instance, iterate > over the chain and check the interceptor class, if it matches, remove it > > Cheers, Sergey > >> chain.remove(must); >> >> Cheers >> Anders >> >> > > -- > Sergey Beryozkin > > Talend Community Coders > http://coders.talend.com/ > > Blog: http://sberyozkin.blogspot.com >
