Hi
On 09/10/14 13:47, Anders Clausen wrote:
Thanks for your quick answer Sergey, I've just got one follow up question.
Instead of of doing this in java is it something that could be configured
in XML where I exclude the MustUnderstandInterceptor?
AFAIK it is not possible. I guess a 'must understand' is a lower level
core part of the SOAP binding, in principle a non WS-Security header can
also require a must understand, hence it is installed by default.
Dan may have more ideas about it
Thanks, Sergey
On 8 October 2014 14:40, Sergey Beryozkin <[email protected]> wrote:
Hi
On 08/10/14 11:38, Anders Clausen wrote:
Hi
We're using CXF for our REST and SOAP web services. All of our calls
normally go through a separate security layer. However, in some of our
test
environments we haven't got the security layer in place, so when we test
calls to our SOAP web services we get an error from the
MustUnderstandInterceptor, as the security credentials are present in the
SOAP Header. Normally these would obviously be stripped away in the
security layer but won't be in the previous mentioned scenario.
My questions are:
1) Since we would never do any WS-Security related tasks in the web
services layer where we are using CXF, is it possible to disable the
MustUnderstandInterceptor?
2) If it's possible, is it acceptable to do so or is it frowned upon.
3) Could it be done by doing the following in the handleMessage()
MustUnderstandInterceptor must = new MustUnderstandInterceptor();
InterceptorChain chain = message.getInterceptorChain();
I've looked at some code, you do not have to create an instance, iterate
over the chain and check the interceptor class, if it matches, remove it
Cheers, Sergey
chain.remove(must);
Cheers
Anders
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
