Robert,
AFAIK you have to give a special property when using the
JAX-RPC handler do define if you are using the request
or the response path or bot. Just recently (yesterday or even today)
there were a new CVS checkin that fixed some problems in
this area. IMO it's worth to have a look.
Regards,
Werner
Robert Sauer schrieb:
Hi Werner,
I'm now using the JAX-RPC compliant handler.
First we tried the WSDoAll* classes. As we need to configure WS-Sec on a per
call basis, we configured handler using the
call.setClientHandlers(reqHandler, respHandler) method. With the effect,
that during serialization namespaces got lost. A code review indicates that
doing so is activating a completely different WS invokation code path.
Anyways, installing the JAX-RPC handler with
call.getService().getHandlerRegistry().getHandlerChain() leaves
serialization intact. But now with the effect that the handler is not only
invoked just before sending, but after the receive, too. So far we could not
find a property to silently return when handling the response.
Best regards,
Robert
-----Original Message-----
From: Dittmann, Werner [mailto:[EMAIL PROTECTED]
Sent: Friday, July 22, 2005 8:11 AM
To: Robert Sauer; [email protected]
Subject: AW: ws-sec req/resp symmetry
Robter,
usually this is not required. It depends on the setup of your
deployment files on the client side. You can setup the
request and the response path independently.
BTW, which handler do you use? The JAX-RPX compliant handler
or the WSDoAll* pair of handlers?
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Robert Sauer [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 22. Juli 2005 07:39
An: [email protected]
Betreff: ws-sec req/resp symmetry
Greetings,
this seems to be more of a spec question, but I was not
able to find
it yesterday. The scenario is as follows:
When sending authentication enabled requests, we include
for instance
username/password info with the request by using the
WSS4JHandler. The
problem now is that when the response arrives, the same handler is
looking for ws-sec headers in it, too. When they are
missing it throws
an exception, thus rendering the call failed.
Is it really required that any response to a ws-sec enabled request
has to include ws-sec headers, too?
Best regards,
Robert
