On Oct 9, 2014, at 10:02 AM, Sergey Beryozkin <[email protected]> wrote:
> Hi
> On 09/10/14 13:47, Anders Clausen wrote:
>> Thanks for your quick answer Sergey, I've just got one follow up question.
>> Instead of of doing this in java is it something that could be configured
>> in XML where I exclude the MustUnderstandInterceptor?
>>
> AFAIK it is not possible. I guess a 'must understand' is a lower level core
> part of the SOAP binding, in principle a non WS-Security header can also
> require a must understand, hence it is installed by default.
>
> Dan may have more ideas about it
Yea.. cannot really “remove” anything via spring.
However, you COULD write your own little interceptor that does something like:
void handleMessage(SoapMessage m) {
for (Header h: m.getHeaders()) {
if (h instanceof SoapHeader) {
((SoapHeader)h).setMustUnderstand(false);
}
}
}
and then configure that into the interceptor chain via spring. (if the
headers aren’t needed, removing them from the list is also a good option)
Dan
>
> Thanks, Sergey
>
>> On 8 October 2014 14:40, Sergey Beryozkin <[email protected]> wrote:
>>
>>> Hi
>>>
>>> On 08/10/14 11:38, Anders Clausen wrote:
>>>
>>>> Hi
>>>>
>>>> We're using CXF for our REST and SOAP web services. All of our calls
>>>> normally go through a separate security layer. However, in some of our
>>>> test
>>>> environments we haven't got the security layer in place, so when we test
>>>> calls to our SOAP web services we get an error from the
>>>> MustUnderstandInterceptor, as the security credentials are present in the
>>>> SOAP Header. Normally these would obviously be stripped away in the
>>>> security layer but won't be in the previous mentioned scenario.
>>>>
>>>> My questions are:
>>>>
>>>> 1) Since we would never do any WS-Security related tasks in the web
>>>> services layer where we are using CXF, is it possible to disable the
>>>> MustUnderstandInterceptor?
>>>>
>>>> 2) If it's possible, is it acceptable to do so or is it frowned upon.
>>>>
>>>> 3) Could it be done by doing the following in the handleMessage()
>>>>
>>>> MustUnderstandInterceptor must = new MustUnderstandInterceptor();
>>>> InterceptorChain chain = message.getInterceptorChain();
>>>>
>>> I've looked at some code, you do not have to create an instance, iterate
>>> over the chain and check the interceptor class, if it matches, remove it
>>>
>>> Cheers, Sergey
>>>
>>>> chain.remove(must);
>>>>
>>>> Cheers
>>>> Anders
>>>>
>>>>
>>>
>>> --
>>> Sergey Beryozkin
>>>
>>> Talend Community Coders
>>> http://coders.talend.com/
>>>
>>> Blog: http://sberyozkin.blogspot.com
>>>
>>
>
--
Daniel Kulp
[email protected] - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
