[
https://issues.apache.org/jira/browse/CXF-826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520415
]
Glen Mazza commented on CXF-826:
--------------------------------
Two issues very closely related to this were fixed in late July. Would you
please check to see if the problem is still occurring in CXF 2.0.1--the latest
release? Thanks!
> WSS Security header processed by WSS4J is returned as response header
> ---------------------------------------------------------------------
>
> Key: CXF-826
> URL: https://issues.apache.org/jira/browse/CXF-826
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.0
> Reporter: Matthias Germann
>
> If a SOAP request contains a WSS Security header, the header will be returned
> to the client with the SOAP response, although it was sucessfully processed
> by the WSS4JInInterceptor. This leads to an error on the client because the
> client does not understand the mustUnderstand-Header.
> IMHO, the WSS Security Header should be removed by the WSS4JInInterceptor.
> Request:
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="1">
> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
> AssertionID="_9a45d2d65567f21cf91315506ec25a63"
> IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1"
> MinorVersion="1">
> ...
> </Assertion></wsse:Security>
> </soapenv:Header>
> <soapenv:Body><helloWorld
> xmlns="http://test.sts.stvbe.dvbern.ch";></helloWorld></soapenv:Body></soapenv:Envelope>
> Response:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
> <soap:Header>
> <wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="1">
> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
> AssertionID="_9a45d2d65567f21cf91315506ec25a63"
> IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1"
> MinorVersion="1">
> ...
> </Assertion></wsse:Security>
> </soap:Header>
> <soap:Body><helloWorldResponse
> xmlns="http://test.sts.stvbe.dvbern.ch";><helloWorldReturn> Hello From Apache
> CXF
> Service.</helloWorldReturn></helloWorldResponse></soap:Body></soap:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
