I'm using cxf version 3.1.7 to expose a SOAP service.
Due to an old client I must get rid of ONLY this BSP rule R4220 ("Any NONCE
MUST specify an EncodingType attribute").
UserNameTokenInterceptor:
protected UsernameTokenPrincipal parseTokenAndCreatePrincipal(Element
tokenElement, boolean bspCompliant)
throws WSSecurityException, Base64DecodingException {
BSPEnforcer bspEnforcer = new
org.apache.wss4j.common.bsp.BSPEnforcer(!bspCompliant);
org.apache.wss4j.dom.message.token.UsernameToken ut =
new
org.apache.wss4j.dom.message.token.UsernameToken(tokenElement, false,
bspEnforcer);
UsernameTokenInterceptorProvider:
public UsernameTokenInterceptorProvider(Bus bus) {
this((UsernameTokenInterceptor)
bus.getProperty("org.apache.cxf.ws.security.usernametoken.interceptor"));
}
Is setting "org.apache.cxf.ws.security.usernametoken.interceptor" bus' prop
to a custom UserNameTokenInterceptor class overriding
parseTokenAndCreatePrincipal the best I can do?
(So I can define a BSPEnforcer configured to my according to my needs)
I'm importing classpath:META-INF/cxf/cxf.xml in my Spring config. Is a
custom PostProcessor the best way to configure the Bus?
Thank you very much!
Best regards
