cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anders Clausen <>
Subject Removal of CXF interceptor
Date Wed, 08 Oct 2014 10:38:25 GMT

We're using CXF for our REST and SOAP web services. All of our calls
normally go through a separate security layer. However, in some of our test
environments we haven't got the security layer in place, so when we test
calls to our SOAP web services we get an error from the
MustUnderstandInterceptor, as the security credentials are present in the
SOAP Header. Normally these would obviously be stripped away in the
security layer but won't be in the previous mentioned scenario.

My questions are:

1) Since we would never do any WS-Security related tasks in the web
services layer where we are using CXF, is it possible to disable the

2) If it's possible, is it acceptable to do so or is it frowned upon.

3) Could it be done by doing the following in the handleMessage()

        MustUnderstandInterceptor must = new MustUnderstandInterceptor();
        InterceptorChain chain = message.getInterceptorChain();


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message