synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruwan Linton" <ruwan.lin...@gmail.com>
Subject Re: Synapse Axis2FlexibleMEPClient removes AddressingHeaders?!
Date Sat, 09 Aug 2008 12:52:15 GMT
Garry,

I found this same post earlier and answered on that thread, please do refer
to that...

Thanks,
Ruwan

On Sat, Aug 9, 2008 at 1:19 AM, Gary Snider <gary.s.snider@gmail.com> wrote:

> Just curious but why does the
> org.apache.synapse.core.axis2.Axis2FlexibleMEPClient remove addressing
> headers?
>
> I've tried using synapse in proxy mode as well but here is the scenario and
> why removing the headers is wrong for what we're doing:
>
> 1) A WS-Security message comes in to synapse (with wsa:MessageID signed &
> referenced in the digital signature )
> 2) Synapse Axis2FlexibleMEPClient removes the wsa:MessageID in the original
> message  (Axis2FlexibleMEPClient.removeAddressingHeaders)
> 3) The endpoint gets the 'forwarded' request and it fails ws-security
> validation.  Why?  Because synapse removed the wsa:MessageID which is
> referenced in the digital signature!
>
> Why even in 'transparent' proxy mode would synapse remove that?  And what
> are my options?
>



-- 
Ruwan Linton
http://wso2.org - "Oxygenating the Web Services Platform"
http://ruwansblog.blogspot.com/

Mime
View raw message