Hi, We are using CXF 2.3.x, and we have our WS-SecurityPolicy that has something like:
<sp:EncryptedParts> <sp:Body /> </sp:EncryptedParts> <sp:EncryptedElements> <sp:XPath>/wsse:Security/wsse:SecurityContextToken</sp:XPath> </sp:EncryptedElements> Requirement is that, we have our custom security token in header that needs to be encrypted. What happens, is that the EncryptedElements section was taken care in SOAP requests. i.e., client side encrypts & server side decrypts. All is well. But in response, the element is encrypted on the server side but on the client side, it is not decrypted. So client doesn't see the token in response header but rather sees a <xenc:CipherData> header. This looks like a bug to me (could be in WSS4J). Is anyone aware of this issue? Do we have a fix? Is there some property (config) that can make the client side WS-Security layer do the decryption part? Or is the only hope the later versions of CXF? Thanks & Regards, Anil
