You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Christopher Cheng <li...@christophercheng.com> on 2018/02/01 05:59:24 UTC
How do I remove WS Security from the SOAP header for a particular
SOAPAction?
We are using WS Security to communicate with the server. CXF will add “Security” node to the SOAP Header behind the scene.
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsse:UsernameToken wsu:Id="UsernameToken-21b3889b-fbe6-45da-a3ea-331f021c847a">
<wsse:Username>WSTEDIBE</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">.......</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">.......</wsse:Nonce>
<wsu:Created>2018-02-01T04:23:40.622Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
....
</soap:Header>
<soap:Body>
..............
</soap:Body>
</soap:Envelope>
Is there any way for me to remove it for some particular SOAPAction such as "SignOut"?
I tried to use OutInterceptor and SOAPHandler, but we could not find the node “Security” in the SOAPHeader in all phases
Is there a way to do so?