[jira] Created: (CXF-826) WSS Security header processed by WSS4J is returned as response header

Tue, 24 Jul 2007 03:12:52 -0700 

WSS Security header processed by WSS4J is returned as response header
---------------------------------------------------------------------

                 Key: CXF-826
                 URL: https://issues.apache.org/jira/browse/CXF-826
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.0
            Reporter: Matthias Germann


If a SOAP request contains a WSS Security header, the header will be returned 
to the client with the SOAP response, although it was sucessfully processed by 
the WSS4JInInterceptor. This leads to an error on the client because the client 
does not understand the mustUnderstand-Header.

IMHO, the WSS Security Header should be removed by the WSS4JInInterceptor.

Request:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; 
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 soapenv:mustUnderstand="1">
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
AssertionID="_9a45d2d65567f21cf91315506ec25a63" 
IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" 
MinorVersion="1">
...
</Assertion></wsse:Security>
</soapenv:Header>
<soapenv:Body><helloWorld 
xmlns="http://test.sts.stvbe.dvbern.ch";></helloWorld></soapenv:Body></soapenv:Envelope>


Response:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Header>
<wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
 soapenv:mustUnderstand="1">
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" 
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
AssertionID="_9a45d2d65567f21cf91315506ec25a63" 
IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" 
MinorVersion="1">
...
</Assertion></wsse:Security>
</soap:Header>
<soap:Body><helloWorldResponse 
xmlns="http://test.sts.stvbe.dvbern.ch";><helloWorldReturn> Hello From Apache 
CXF Service.</helloWorldReturn></helloWorldResponse></soap:Body></soap:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to