I'm not sure I understand the issue completely. If WS1 is "secure", then the client is sending WS-Security headers. Thus, WS1 should be sending back ws-security headers as part of the response.
That said, I expect the security requirements to be different for WS1 than what is required for WS1 to interact with WS2. Thus, I would suggest one of: 1) Don't configure them on the bus. Configure them on WS1 and the WS2/client directly so they would have different configurations. 2) Use a different bus for WS1 and WS2/client. This is a bit more complex as you would need to use the SpringBusFactory to create separate busses with separate configs and "manage" it setting the BusFactory.setThreadDefaultBus(..) calls as appropriate. Dan On Thu February 12 2009 1:15:16 pm O. Baujard wrote: > Hi, > > I have the following requirements in a projet : > > - Create a Web Service (lets name it WS1) and in the service > implementation, call an other Web Service (lets name it WS2). So we have > the call chain : Client --> WS1 --> WS2 > - WS1 and WS2 are secured with WS-SECURITY. > - WS-SECURITY must be placed at bus level --> it means in and out > interceptors for client and server are shared on the same bus because WS1 > is also a client of WS2. > - WS1 and WS2 are deployed on different Tomcat Servers. > > For now, Client --> WS1 works well in my environment but now I want to add > WS1 --> WS2 > > What are the possible configurations, if it's possible ? > > How to prevent in this architecture the "server side" outInterceptor to > place WS-SECURITY headers on the response to the "client side " ? > > Olivier -- Daniel Kulp dk...@apache.org http://www.dankulp.com/blog
