ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kai Rommel <>
Subject Re: Issue because elements within signedParts list are not optional
Date Wed, 06 Nov 2013 15:13:13 GMT
Hi Colm,
thanks for the information. I used WS-SecurityPolicy and I do not get the
exception. I am wondering whether there will be a fix for WSS4J to align
the behaviour, or is it recommended not to use WSS4JOutInterceptor but to
use WS-SecurityPolicy in the future.
Best regards

2013/10/25 Colm O hEigeartaigh <>

> Hi Kai,
> Rather than using CXF's WSS4JOutInterceptor, you need to use
> WS-SecurityPolicy instead. When WSS4J is configured in this way, any
> SignedParts Element will only be signed if they exist in the message.
> Colm.
> On Fri, Oct 25, 2013 at 1:35 PM, Kai Rommel <>wrote:
>> Hi,
>> I am trying to consume a WebService which requires WSRM and that the SOAP
>> headers are signed.
>> So I listed in the configuration of the interceptor
>> of the cxf endpoint
>> the elemenst to sign:
>>  <entry key="signatureParts"
>>                     value="{Element}{
>> ....
>> Doing so leads to a successful CreateSequence message send to the
>> WS-Provider, which answers with a CreateSequenceResponse.
>> But now the cxf WS-Consumer endpoint tries to sign the One-Way message.
>> This message does not have the header "ReplyTo", and an exception is thrown
>> in the class
>> It is in line 159, where the elementsToSign are checked.
>> In the specification
>> is stated: "Note that this assertion does not require that a given part
>> appear in a message, just that if such a part appears, it requires
>> integrity protection."
>> Is there a possibility to change the wss4j implementation so that only
>> these elements of the SignedParts configuration are signed, which are
>> available in the message (and not to throw an exception for the elements,
>> which are not available)? Or I am wrong with my interpretation?
>> If there is another possibitiy to configure it, please let me know.
>> Best regards
>>  Kai
> --
> Colm O hEigeartaigh
> Talend Community Coder

View raw message