You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Scott O'Connell <sc...@axcelerate.com> on 2022/08/15 23:34:37 UTC

How to handle WS security where applieTo and endpoint are different?

Hello,

I am having some trouble updating an existing CXF maven project. The
application is a client that connects to a government web service and
uses STS security. The service first makes an authentication call to
get the token, and then calls the web service.

In their new version, version 5, they have an odd requirement that now
the URL in the ApplieTo element for the STS call is slightly different
from the URL of the endpoint of the service that actually needs to be
called - a different path. If I use the new URL then the first STS
call errors with: The relying party specified in the AppliesTo element
is not recognized

If I use the correct AppliesTo URL then the token is returned
correctly but the endpoint itself errors with "The message Action
cannot be processed at the receiver, due to a ContractFilter mismatch
at the EndpointDispatcher" - which I am assuming is because of the
wrong URL. If I paste the request body into Postman and manual send it
to the correct URL it works.

My question is, is there a way I can support this? I have tried to set
the AppliesTo in the code, but any attempt to do that also changes the
endpoint. I have tried using javax SOAP handlers but they don't seem
to let me intercept between these 2 points.

Thanks, Scott

-- 





CONFIDENTIALITY NOTICE AND
DISCLAIMER: This email (including any 
attachment to it) is confidential and may
also be privileged and exempt 
from disclosure under applicable law.
Accordingly, if you are not the 
intended recipient, please notify us immediately
and delete this email 
(including any attachment to it) from your computer
system. You should also 
not disseminate or copy the email. We do not assure the
security of 
information electronically transmitted and your communication with
us 
through such means signifies your acceptance of any risk attaching thereto.
Any statement contained herein is not to be construed as an offer to enter 
into
any contractual obligation nor an acceptance of any offer. Thank you.