Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-826

WSS Security header processed by WSS4J is returned as response header

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0
    • 2.0.1
    • WS-* Components
    • None

    Description

      If a SOAP request contains a WSS Security header, the header will be returned to the client with the SOAP response, although it was sucessfully processed by the WSS4JInInterceptor. This leads to an error on the client because the client does not understand the mustUnderstand-Header.

      IMHO, the WSS Security Header should be removed by the WSS4JInInterceptor.

      Request:
      <?xml version="1.0" encoding="UTF-8"?>
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" AssertionID="_9a45d2d65567f21cf91315506ec25a63" IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" MinorVersion="1">
      ...
      </Assertion></wsse:Security>
      </soapenv:Header>
      <soapenv:Body><helloWorld xmlns="http://test.sts.stvbe.dvbern.ch"></helloWorld></soapenv:Body></soapenv:Envelope>

      Response:
      <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
      <soap:Header>
      <wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" AssertionID="_9a45d2d65567f21cf91315506ec25a63" IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" MinorVersion="1">
      ...
      </Assertion></wsse:Security>
      </soap:Header>
      <soap:Body><helloWorldResponse xmlns="http://test.sts.stvbe.dvbern.ch"><helloWorldReturn> Hello From Apache CXF Service.</helloWorldReturn></helloWorldResponse></soap:Body></soap:Envelope>

      Attachments

        Issue Links

        is related to

        Bug - A problem which impairs or prevents the functions of the product. CXF-790 SOAP headers copied from input SOAPMessage to output SOAPMessage

        • Blocker - Blocks development and/or testing work, production could not run
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            germm Matthias Germann
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment