Hi, I'm trying to have a class that validates incoming SCT written in request with Stax Security. Request looks like this: <soapenv:Header> <wsse:Security> <wsc:SecurityContextToken> <wsc:Identifier>myToken</wsc:Identifier> </wsc:SecurityContextToken> </wsse:Security> </soapenv:Header>
And I'm configuring it as properties.put(SCT_TOKEN_VALIDATOR, "MySuperValidator"); Now I see that myValidator is being instantiated but it can't be called because WSS4J gets validator by other QName that CXF is setting it. CXF Part: org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators if (validator != null) { properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator); properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator); } WSS4J Part: SecurityContextTokenInputHandler.java:72 //elementName == {http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier but should be SecurityContextToken ? SecurityContextTokenValidator securityContextTokenValidator = wssSecurityProperties.getValidator(elementName); if (securityContextTokenValidator == null) { securityContextTokenValidator = new SecurityContextTokenValidatorImpl(); } Is it a bug? Or do I configure it wrongly? I would be also glad to help to provide PR. Cheer Igor -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html