Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-871

Security Headers missing with XwsSecurityInterceptor and Spring Integration

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 2.1.4
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      When using Spring Integration's (2.2.4) Web Service Outbound Gateway with the XwsSecurityInterceptor, the security headers are not added to the message that is sent to the server.

      When creating the actual SAAJ SOAP message, the AbstractWebServiceOutboundGateway.RequestMessageCallback calls the DefaultHeaderMapper which sets the SOAP action field. This triggers the serialization of the Java SOAP object to a byte array.

      Later, when the XwsSecurityInterceptor adds the security headers, the byte array is not recreated so the data actually sent to the server does not include the byte array.

      Recommend adding the following at line 139 of the XwsSecurityInterceptor to fix the issue:
      try
      {
      result.saveChanges();
      }
      catch ( SOAPException e)
      {
      throw new XwsSecuritySecurementException("Unable to save security headers to SOAP message", e);
      }
      }

        Issue Links

          Activity

          Hide
          arjen.poutsma Arjen Poutsma added a comment - - edited

          This seems related to SWS-870.

          Show
          arjen.poutsma Arjen Poutsma added a comment - - edited This seems related to SWS-870 .
          Hide
          arjen.poutsma Arjen Poutsma added a comment -

          Could you please indicate your runtime environment? (JDK, app server, etc. with version numbers).

          Show
          arjen.poutsma Arjen Poutsma added a comment - Could you please indicate your runtime environment? (JDK, app server, etc. with version numbers).
          Hide
          mleese Matthew Leese added a comment -

          JDK 1.7 on Tomcat 7. We're using Metro 2.1.1 for the security backend. This problem only occurred after upgraing to JDK 1.7 and Spring WS 2.1.4 and Spring Integration 2.1.

          Show
          mleese Matthew Leese added a comment - JDK 1.7 on Tomcat 7. We're using Metro 2.1.1 for the security backend. This problem only occurred after upgraing to JDK 1.7 and Spring WS 2.1.4 and Spring Integration 2.1.
          Hide
          arjen.poutsma Arjen Poutsma added a comment -

          Duplicate of SWS-870

          Show
          arjen.poutsma Arjen Poutsma added a comment - Duplicate of SWS-870

            People

            • Assignee:
              arjen.poutsma Arjen Poutsma
              Reporter:
              mleese Matthew Leese
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: