[jira] Resolved: (CXF-826) WSS Security header processed by WSS4J is returned as response header

Sat, 18 Aug 2007 07:49:03 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Matthias Germann resolved CXF-826.
----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.0.1

I can confirm that this issue is fixed in CXF 2.0.1

> WSS Security header processed by WSS4J is returned as response header
> ---------------------------------------------------------------------
>
>                 Key: CXF-826
>                 URL: https://issues.apache.org/jira/browse/CXF-826
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.0
>            Reporter: Matthias Germann
>             Fix For: 2.0.1
>
>
> If a SOAP request contains a WSS Security header, the header will be returned 
> to the client with the SOAP response, although it was sucessfully processed 
> by the WSS4JInInterceptor. This leads to an error on the client because the 
> client does not understand the mustUnderstand-Header.
> IMHO, the WSS Security Header should be removed by the WSS4JInInterceptor.
> Request:
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; 
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> <soapenv:Header>
> <wsse:Security 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  soapenv:mustUnderstand="1">
> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" 
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
> AssertionID="_9a45d2d65567f21cf91315506ec25a63" 
> IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" 
> MinorVersion="1">
> ...
> </Assertion></wsse:Security>
> </soapenv:Header>
> <soapenv:Body><helloWorld 
> xmlns="http://test.sts.stvbe.dvbern.ch";></helloWorld></soapenv:Body></soapenv:Envelope>
> Response:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
> <soap:Header>
> <wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  soapenv:mustUnderstand="1">
> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" 
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" 
> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
> AssertionID="_9a45d2d65567f21cf91315506ec25a63" 
> IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" 
> MinorVersion="1">
> ...
> </Assertion></wsse:Security>
> </soap:Header>
> <soap:Body><helloWorldResponse 
> xmlns="http://test.sts.stvbe.dvbern.ch";><helloWorldReturn> Hello From Apache 
> CXF 
> Service.</helloWorldReturn></helloWorldResponse></soap:Body></soap:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to