Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-884

Wss4jSecurityInterceptor, don't remove Security Header.

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 2.2.0.RELEASE
    • Fix Version/s: 2.2.1
    • Component/s: Security
    • Labels:
      None

      Description

      When Wss4jSecurityInterceptor.validateMessage successfully validates an incoming message, it automatically removes the Security element from the SOAP header.

      It would be nice to have an option to disable this functionality, so that the Security Element is left intact, so that the elements contained within (mainly X.509 certificates) can be accessed later on.

      There's one line of code to "change" - Wss4jSecurityInterceptor.java:634:
      soapMessage.getEnvelope().getHeader().removeHeaderElement(WS_SECURITY_NAME);

        Attachments

          Activity

            People

            Assignee:
            gregturn Greg Turnquist
            Reporter:
            jinie Jimmy Selgen Nielsen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: