WSSexutiry and NoSecurity Action

[Cencio <ce...@gmail.com>]

Hi all,

i made a simple service that works as a content based router. 
My problem is when it process messages with some WS-Secutiry header. As
expected it throws a "soap:MustUnderstand" fault. So i try to configure the
WSS4JInInterceptor with the action "NoSecurity" to ignore the headers, but
set them as understood. It doesn't works, raising the exception "No crypto
property file supplied for decryption".

Did i misunderstand the function of "NoSecurity" action? There is a way to
ignore security headers without adding a dedicated interceptor?

Thanks,
Lorenzo
-- 
View this message in context: http://old.nabble.com/WSSexutiry-and-NoSecurity-Action-tp28990192p28990192.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: WSSexutiry and NoSecurity Action

[Daniel Kulp <dk...@apache.org>]

On Friday 25 June 2010 4:51:22 am Cencio wrote:
> Hi all,
> 
> i made a simple service that works as a content based router.
> My problem is when it process messages with some WS-Secutiry header. As
> expected it throws a "soap:MustUnderstand" fault. So i try to configure the
> WSS4JInInterceptor with the action "NoSecurity" to ignore the headers, but
> set them as understood. It doesn't works, raising the exception "No crypto
> property file supplied for decryption".
> 
> Did i misunderstand the function of "NoSecurity" action? There is a way to
> ignore security headers without adding a dedicated interceptor?

Honestly, the best performing way to do it if you don't want to process the 
security header would be to write a simple Interceptor that subclasses the 
SoapInterceptor and returns the security namespace in it's understood list.   
The interceptor would just do nothing in it's handleMessage call.   That would 
tell the MustUnderstandInterceptor that the namespace is understood, but it 
wouldn't actually do anything.    That would avoid all the SAAJ stuff and 
setting up WSS4J and everything.


-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog