Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-826

WSS Security header processed by WSS4J is returned as response header

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0
    • 2.0.1
    • WS-* Components
    • None

    Description

      If a SOAP request contains a WSS Security header, the header will be returned to the client with the SOAP response, although it was sucessfully processed by the WSS4JInInterceptor. This leads to an error on the client because the client does not understand the mustUnderstand-Header.

      IMHO, the WSS Security Header should be removed by the WSS4JInInterceptor.

      Request:
      <?xml version="1.0" encoding="UTF-8"?>
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" AssertionID="_9a45d2d65567f21cf91315506ec25a63" IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" MinorVersion="1">
      ...
      </Assertion></wsse:Security>
      </soapenv:Header>
      <soapenv:Body><helloWorld xmlns="http://test.sts.stvbe.dvbern.ch"></helloWorld></soapenv:Body></soapenv:Envelope>

      Response:
      <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
      <soap:Header>
      <wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
      <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" AssertionID="_9a45d2d65567f21cf91315506ec25a63" IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" MinorVersion="1">
      ...
      </Assertion></wsse:Security>
      </soap:Header>
      <soap:Body><helloWorldResponse xmlns="http://test.sts.stvbe.dvbern.ch"><helloWorldReturn> Hello From Apache CXF Service.</helloWorldReturn></helloWorldResponse></soap:Body></soap:Envelope>

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CXF-790 SOAP headers copied from input SOAPMessage to output SOAPMessage

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Activity

            People

              Unassigned Unassigned
              germm Matthias Germann
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: