Hi all: I have my own interceptor that I used in CXF 2.2.2 to handle WS-Security. My interceptor runs in the pre-protocol phase directly after the SAAJInInterceptor. I recently ran into a problem with encryption after upgrading to CXF 2.2.9. In my incoming SOAP messages, I decrypt the EncryptedData nodes and remove them from the DOM then replace them with the decrypted elements (the content of the SOAP body is encrypted as well as the UsernameToken in the header). This worked fine in CXF 2.2.2 but after upgrading I now get an error being thrown from the DocLiteralInInterceptor (which runs after my interceptor). The stacktrace is included below. From the looks of the error it seems that the DocLiteralInInterceptor is still getting the encrypted SOAP data even though I removed them from the SOAP message. I compared the interceptor chains for CXF 2.2.2 and 2.2.9 and saw that the SOAPHandlerInterceptor and LogicalHandlerInInterceptors are no longer present. I suspect this may be the cause of my problems. Does anyone have any ideas about how I can overcome this?
Aug 1, 2010 10:13:39 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging WARNING: Interceptor for { http://example.com/DummyCompany/F5/WS/Record/V1}RecordService#{http://example.com/DummyCompany/F5/WS/Record/V1}CreateRecordhas thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Unexpected wrapper element { http://www.w3.org/2001/04/xmlenc#}EncryptedData found. Expected { http://example.com/DummyCompany/F5/WS/Record/V1}CreateRecord. at org.apache.cxf.interceptor.DocLiteralInInterceptor.handleMessage(DocLiteralInInterceptor.java:103) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:110) at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:98) at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:423) at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:178) at org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:142) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3686) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Aug 1, 2010 10:13:39 PM org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback onClose