Hi Anil, Could you paste the SOAP response to the client? Maybe the returned encrypted token is not in the security header or something?
Colm. On Fri, Oct 14, 2011 at 1:46 PM, Blue Diamond <gvnan...@gmail.com> wrote: > Hi, > > We are using CXF 2.3.x, and we have our WS-SecurityPolicy that has something > like: > > <sp:EncryptedParts> > <sp:Body /> > </sp:EncryptedParts> > <sp:EncryptedElements> > <sp:XPath>/wsse:Security/wsse:SecurityContextToken</sp:XPath> > </sp:EncryptedElements> > > > Requirement is that, we have our custom security token in header that needs > to be encrypted. > > What happens, is that the EncryptedElements section was taken care in SOAP > requests. i.e., client side encrypts & server side decrypts. All is well. > But in response, the element is encrypted on the server side but on the > client side, it is not decrypted. So client doesn't see the token in > response header but rather sees a <xenc:CipherData> header. > > This looks like a bug to me (could be in WSS4J). > > Is anyone aware of this issue? > Do we have a fix? > Is there some property (config) that can make the client side WS-Security > layer do the decryption part? Or is the only hope the later versions of CXF? > > Thanks & Regards, > Anil > -- Colm O hEigeartaigh http://coheigea.blogspot.com/ Talend - http://www.talend.com/apache
