ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: Issue because elements within signedParts list are not optional
Date Fri, 25 Oct 2013 12:55:47 GMT
Hi Kai,

Rather than using CXF's WSS4JOutInterceptor, you need to use
WS-SecurityPolicy instead. When WSS4J is configured in this way, any
SignedParts Element will only be signed if they exist in the message.


On Fri, Oct 25, 2013 at 1:35 PM, Kai Rommel <>wrote:

> Hi,
> I am trying to consume a WebService which requires WSRM and that the SOAP
> headers are signed.
> So I listed in the configuration of the interceptor
> of the cxf endpoint
> the elemenst to sign:
>  <entry key="signatureParts"
>                     value="{Element}{
> ....
> Doing so leads to a successful CreateSequence message send to the
> WS-Provider, which answers with a CreateSequenceResponse.
> But now the cxf WS-Consumer endpoint tries to sign the One-Way message.
> This message does not have the header "ReplyTo", and an exception is thrown
> in the class
> It is in line 159, where the elementsToSign are checked.
> In the specification
> is stated: "Note that this assertion does not require that a given part
> appear in a message, just that if such a part appears, it requires
> integrity protection."
> Is there a possibility to change the wss4j implementation so that only
> these elements of the SignedParts configuration are signed, which are
> available in the message (and not to throw an exception for the elements,
> which are not available)? Or I am wrong with my interpretation?
> If there is another possibitiy to configure it, please let me know.
> Best regards
> Kai

Colm O hEigeartaigh

Talend Community Coder

View raw message