Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Headers missing with XwsSecurityInterceptor and Spring Integration [SWS-871] #945

Closed
gregturn opened this issue Mar 31, 2014 · 4 comments
Assignees

Comments

@gregturn
Copy link
Member

@gregturn gregturn commented Mar 31, 2014

Matthew Leese opened SWS-871 and commented

When using Spring Integration's (2.2.4) Web Service Outbound Gateway with the XwsSecurityInterceptor, the security headers are not added to the message that is sent to the server.

When creating the actual SAAJ SOAP message, the AbstractWebServiceOutboundGateway.RequestMessageCallback calls the DefaultHeaderMapper which sets the SOAP action field. This triggers the serialization of the Java SOAP object to a byte array.

Later, when the XwsSecurityInterceptor adds the security headers, the byte array is not recreated so the data actually sent to the server does not include the byte array.

Recommend adding the following at line 139 of the XwsSecurityInterceptor to fix the issue:
try
{
result.saveChanges();
}
catch ( SOAPException e)
{
throw new XwsSecuritySecurementException("Unable to save security headers to SOAP message", e);
}
}


Affects: 2.1.4

Issue Links:

  • #944 WS-Addressing headers missing from synchronous SOAP responses
    ("duplicates")

Referenced from: commits 06d7356

@gregturn
Copy link
Member Author

@gregturn gregturn commented Apr 8, 2014

Arjen Poutsma commented

This seems related to #944.

@gregturn
Copy link
Member Author

@gregturn gregturn commented Apr 10, 2014

Arjen Poutsma commented

Could you please indicate your runtime environment? (JDK, app server, etc. with version numbers).

@gregturn
Copy link
Member Author

@gregturn gregturn commented Apr 10, 2014

Matthew Leese commented

JDK 1.7 on Tomcat 7. We're using Metro 2.1.1 for the security backend. This problem only occurred after upgraing to JDK 1.7 and Spring WS 2.1.4 and Spring Integration 2.1.

@gregturn
Copy link
Member Author

@gregturn gregturn commented Apr 14, 2014

Arjen Poutsma commented

Duplicate of #944

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.