Hi,
I am trying to consume a WebService which requires WSRM and that the SOAP
headers are signed.
So I listed in the configuration of the interceptor
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor of the cxf endpoint
the elemenst to sign:
<entry key="signatureParts"
value="{Element}{
http://schemas.xmlsoap.org/ws/2004/08/addressing}To;{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo;
....
Doing so leads to a successful CreateSequence message send to the
WS-Provider, which answers with a CreateSequenceResponse.
But now the cxf WS-Consumer endpoint tries to sign the One-Way message.
This message does not have the header "ReplyTo", and an exception is thrown
in the class org.apache.ws.security.message.WSSecSignatureBase
It is in line 159, where the elementsToSign are checked.
In the specification
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826512
following
is stated: "Note that this assertion does not require that a given part
appear in a message, just that if such a part appears, it requires
integrity protection."
Is there a possibility to change the wss4j implementation so that only
these elements of the SignedParts configuration are signed, which are
available in the message (and not to throw an exception for the elements,
which are not available)? Or I am wrong with my interpretation?
If there is another possibitiy to configure it, please let me know.
Best regards
Kai
