You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Christopher Cheng <li...@christophercheng.com> on 2018/02/01 05:59:24 UTC

How do I remove WS Security from the SOAP header for a particular SOAPAction?

We are using WS Security to communicate with the server. CXF will add “Security” node to the SOAP Header behind the scene. 

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
	<soap:Header>
		<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
			<wsse:UsernameToken wsu:Id="UsernameToken-21b3889b-fbe6-45da-a3ea-331f021c847a">
				<wsse:Username>WSTEDIBE</wsse:Username>
				<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">.......</wsse:Password>
				<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">.......</wsse:Nonce>
				<wsu:Created>2018-02-01T04:23:40.622Z</wsu:Created>
			</wsse:UsernameToken>
		</wsse:Security>
		....
	</soap:Header>
	<soap:Body>		
            ..............
	</soap:Body>
</soap:Envelope>


Is there any way for me to remove it for some particular SOAPAction such as "SignOut"?

I tried to use OutInterceptor and SOAPHandler, but we could not find the node “Security” in the SOAPHeader in all phases



Is there a way to do so?