Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3452

WS-Security Encrypted headers fail with JAX-WS Binding

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.1, 2.3.3
    • Fix Version/s: 2.4, 2.3.4
    • Component/s: WS-* Components
    • Labels:
      None
    • Environment:

      Java 6

      Description

      When building a SOAP web service using CXF, JAX-WS, and the CXF extensions for WS-Security and WS-SecurityPolicy, SOAP headers that are encrypted are correctly decrypted, but are not correctly passed to the endpoint.

      This happens because, as far as I can tell, org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor correctly searches for headers in the headers list of the Message parameter to handleMessage, but doesn't find it because the encrypted headers didn't really exist in their final form in the actual message.

      I've seen this on 2.3.1 and 2.3.3; no reason to suspect that 2.3.2 also has it but I haven't tested. Running Java 1.6.0_24 on OS X, although I don't think the OS or java version has anything to do with it.

        Attachments

        1. EncryptedHeaderBug.zip
          44 kB
          Ross M. Lodge

          Activity

            People

            • Assignee:
              dkulp Daniel Kulp
              Reporter:
              eddardstark Ross M. Lodge
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: