Synapse Axis2FlexibleMEPClient removes AddressingHeaders?!

[Gary Snider <ga...@gmail.com>]

Just curious but why does the
org.apache.synapse.core.axis2.Axis2FlexibleMEPClient remove addressing
headers?

I've tried using synapse in proxy mode as well but here is the scenario and
why removing the headers is wrong for what we're doing:

1) A WS-Security message comes in to synapse (with wsa:MessageID signed &
referenced in the digital signature )
2) Synapse Axis2FlexibleMEPClient removes the wsa:MessageID in the original
message  (Axis2FlexibleMEPClient.removeAddressingHeaders)
3) The endpoint gets the 'forwarded' request and it fails ws-security
validation.  Why?  Because synapse removed the wsa:MessageID which is
referenced in the digital signature!

Why even in 'transparent' proxy mode would synapse remove that?  And what
are my options?

Re: Synapse Axis2FlexibleMEPClient removes AddressingHeaders?!

[Ruwan Linton <ru...@gmail.com>]

Garry,

I found this same post earlier and answered on that thread, please do refer
to that...

Thanks,
Ruwan

On Sat, Aug 9, 2008 at 1:19 AM, Gary Snider <ga...@gmail.com> wrote:

> Just curious but why does the
> org.apache.synapse.core.axis2.Axis2FlexibleMEPClient remove addressing
> headers?
>
> I've tried using synapse in proxy mode as well but here is the scenario and
> why removing the headers is wrong for what we're doing:
>
> 1) A WS-Security message comes in to synapse (with wsa:MessageID signed &
> referenced in the digital signature )
> 2) Synapse Axis2FlexibleMEPClient removes the wsa:MessageID in the original
> message  (Axis2FlexibleMEPClient.removeAddressingHeaders)
> 3) The endpoint gets the 'forwarded' request and it fails ws-security
> validation.  Why?  Because synapse removed the wsa:MessageID which is
> referenced in the digital signature!
>
> Why even in 'transparent' proxy mode would synapse remove that?  And what
> are my options?
>



-- 
Ruwan Linton
http://wso2.org - "Oxygenating the Web Services Platform"
http://ruwansblog.blogspot.com/