You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Glen Mazza (JIRA)" <ji...@apache.org> on 2007/08/17 01:59:30 UTC

[jira] Commented: (CXF-826) WSS Security header processed by WSS4J is returned as response header

    [ https://issues.apache.org/jira/browse/CXF-826?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12520415 ] 

Glen Mazza commented on CXF-826:
--------------------------------

Two issues very closely related to this were fixed in late July.  Would you please check to see if the problem is still occurring in CXF 2.0.1--the latest release?  Thanks!


> WSS Security header processed by WSS4J is returned as response header
> ---------------------------------------------------------------------
>
>                 Key: CXF-826
>                 URL: https://issues.apache.org/jira/browse/CXF-826
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.0
>            Reporter: Matthias Germann
>
> If a SOAP request contains a WSS Security header, the header will be returned to the client with the SOAP response, although it was sucessfully processed by the WSS4JInInterceptor. This leads to an error on the client because the client does not understand the mustUnderstand-Header.
> IMHO, the WSS Security Header should be removed by the WSS4JInInterceptor.
> Request:
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" AssertionID="_9a45d2d65567f21cf91315506ec25a63" IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" MinorVersion="1">
> ...
> </Assertion></wsse:Security>
> </soapenv:Header>
> <soapenv:Body><helloWorld xmlns="http://test.sts.stvbe.dvbern.ch"></helloWorld></soapenv:Body></soapenv:Envelope>
> Response:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header>
> <wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" AssertionID="_9a45d2d65567f21cf91315506ec25a63" IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" MinorVersion="1">
> ...
> </Assertion></wsse:Security>
> </soap:Header>
> <soap:Body><helloWorldResponse xmlns="http://test.sts.stvbe.dvbern.ch"><helloWorldReturn> Hello From Apache CXF Service.</helloWorldReturn></helloWorldResponse></soap:Body></soap:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.