Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-884

Wss4jSecurityInterceptor, don't remove Security Header.

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 2.2.0.RELEASE
    • Fix Version/s: 2.2.1
    • Component/s: Security
    • Labels:
      None

      Description

      When Wss4jSecurityInterceptor.validateMessage successfully validates an incoming message, it automatically removes the Security element from the SOAP header.

      It would be nice to have an option to disable this functionality, so that the Security Element is left intact, so that the elements contained within (mainly X.509 certificates) can be accessed later on.

      There's one line of code to "change" - Wss4jSecurityInterceptor.java:634:
      soapMessage.getEnvelope().getHeader().removeHeaderElement(WS_SECURITY_NAME);

        Activity

          People

          • Assignee:
            gregturn Greg Turnquist
            Reporter:
            jinie Jimmy Selgen Nielsen
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: