cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthias Germann (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (CXF-826) WSS Security header processed by WSS4J is returned as response header
Date Sat, 18 Aug 2007 14:48:31 GMT

     [ https://issues.apache.org/jira/browse/CXF-826?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Matthias Germann resolved CXF-826.
----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.0.1

I can confirm that this issue is fixed in CXF 2.0.1

> WSS Security header processed by WSS4J is returned as response header
> ---------------------------------------------------------------------
>
>                 Key: CXF-826
>                 URL: https://issues.apache.org/jira/browse/CXF-826
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.0
>            Reporter: Matthias Germann
>             Fix For: 2.0.1
>
>
> If a SOAP request contains a WSS Security header, the header will be returned to the
client with the SOAP response, although it was sucessfully processed by the WSS4JInInterceptor.
This leads to an error on the client because the client does not understand the mustUnderstand-Header.
> IMHO, the WSS Security Header should be removed by the WSS4JInInterceptor.
> Request:
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soapenv:Header>
> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" AssertionID="_9a45d2d65567f21cf91315506ec25a63"
IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" MinorVersion="1">
> ...
> </Assertion></wsse:Security>
> </soapenv:Header>
> <soapenv:Body><helloWorld xmlns="http://test.sts.stvbe.dvbern.ch"></helloWorld></soapenv:Body></soapenv:Envelope>
> Response:
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header>
> <wsse:Security xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1">
> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" AssertionID="_9a45d2d65567f21cf91315506ec25a63"
IssueInstant="2007-07-24T10:07:05.490Z" Issuer="dvberntest" MajorVersion="1" MinorVersion="1">
> ...
> </Assertion></wsse:Security>
> </soap:Header>
> <soap:Body><helloWorldResponse xmlns="http://test.sts.stvbe.dvbern.ch"><helloWorldReturn>
Hello From Apache CXF Service.</helloWorldReturn></helloWorldResponse></soap:Body></soap:Envelope>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message