Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-871

Security Headers missing with XwsSecurityInterceptor and Spring Integration

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 2.1.4
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      When using Spring Integration's (2.2.4) Web Service Outbound Gateway with the XwsSecurityInterceptor, the security headers are not added to the message that is sent to the server.

      When creating the actual SAAJ SOAP message, the AbstractWebServiceOutboundGateway.RequestMessageCallback calls the DefaultHeaderMapper which sets the SOAP action field. This triggers the serialization of the Java SOAP object to a byte array.

      Later, when the XwsSecurityInterceptor adds the security headers, the byte array is not recreated so the data actually sent to the server does not include the byte array.

      Recommend adding the following at line 139 of the XwsSecurityInterceptor to fix the issue:
      try
      {
      result.saveChanges();
      }
      catch ( SOAPException e)
      {
      throw new XwsSecuritySecurementException("Unable to save security headers to SOAP message", e);
      }
      }

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                arjen.poutsma Arjen Poutsma
                Reporter:
                mleese Matthew Leese
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: