I am trying to configure WSSJ4 interceptors.
I have 2 web services. When client generates SOAP message, he's adding usernametoken and signature.
First web service should validate username token, but no signature. Then push message to second service.
Second service should validate signature only, then generate reply and send to a client.
My problem is fact, that first web service is trying to validate signature, even if in its inInterceptor I did not configured signature action. It should just validate username token. Interceptor for first web service config below:
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="user" value="myUser" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass"
value="MyPasswordCallback/>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
Aucun commentaire:
Enregistrer un commentaire