[SWS-582] Wss4jSecurityInterceptor loosing action from HTTP ContentType header for SOAP V1.2 Created: 12/Nov/09  Updated: 04/May/12  Resolved: 13/Jan/10

Status: Closed
Project: Spring Web Services
Component/s: Security
Affects Version/s: 1.5.8
Fix Version/s: 1.5.9

Type: Bug Priority: Major
Reporter: Gary Jacobs Assignee: Tareq Abedrabbo
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


This is very similar to SWS-416

While that fixed it for SOAP V1.1, where there is a separate HTTP for SOAPAction, for SOAP V1.2 the action is included in the HTTP Header ContentType

Here's the ContentType Header without the interceptor:

Content-Type: application/soap+xml; charset=utf-8; action="MySoapAction"

Here's the ContentType Header with the interceptor:

Content-Type: application/soap+xml; charset=utf-8

I'm using the SaajSoapMessageFactory

Comment by Gary Jacobs [ 16/Nov/09 ]

I tried using AxiomSoapMessageFactory and the SOAP Action comes through OK, so it looks related to SaajSoapMessageFactory

It seems to only occur using SOAP V1.2

Comment by Tareq Abedrabbo [ 12/Jan/10 ]

I'm not able to reproduce the issue. I'll commit the corresponding unit tests later (some refactoring is needed). Meanwhile, can you tell me which Saaj provider/version are you using?

Comment by Gary Jacobs [ 12/Jan/10 ]

I'm using it via Maven.

Here's the dependency:


Comment by Tareq Abedrabbo [ 13/Jan/10 ]

I'm still not able to reproduce the issue but:

  • I've just fixed a SOAP action related issue (SWS-595). Can you try a recent snapshot to see if it got any better?
  • Also, you can take a look at the unit tests that I've added trying to reproduce the issue to compare.


Comment by Gary Jacobs [ 13/Jan/10 ]

I tried it with the latest snapshot and got the same result

I looked at your unit tests. I'm invoking the set SoapUtils.setActionInContentType indirectly via SaajSoapMessage.setSoapAction.

Here's what works and doesn't work:

SOAP 1.1, Saaj, wss4j interceptor - works
SOAP 1.2, Saaj, wss4j interceptor - doesn't work
SOAP 1.2, Saaj, xwss interceptor - works
SOAP 1.2, Axiom, wss4j interceptor - works

Comment by Tareq Abedrabbo [ 13/Jan/10 ]

The tests I was referring to are in Wss4jMessageInterceptorSoapActionTestCase.java. Can you take a look to compare to your use case?

Comment by Gary Jacobs [ 13/Jan/10 ]

The main difference I see is that I am using X.509 token rather than username token

Here's the config for my interceptor bean:

<bean id="securityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="securementActions" value="Timestamp Signature"/>
<property name="timeToLive" value="10"/>
<property name="securementSignatureKeyIdentifier" value="DirectReference" />

Comment by Tareq Abedrabbo [ 13/Jan/10 ]

I'm resolving this as "cannot reproduce" for the moment. Feel free to add comments here or to attach test cases and I'll be glad to reopen the issue if necessary.

Comment by Arjen Poutsma [ 04/May/12 ]

Closing old issues

Generated at Tue Oct 23 20:18:33 UTC 2018 using JIRA 7.9.2#79002-sha1:3bb15b68ecd99a30eb364c4c1a393359bcad6278.