Announcement Announcement Module
No announcement yet.
Why won't SoapActionCallback work with encrypted messages? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Why won't SoapActionCallback work with encrypted messages?

    I have tested this in both 1.5.7 and 1.5.8.

    My client extends WebServiceGatewaySupport and I want to use it for sending messages to both encrypted and unencrypted web services. The web services use SimpleActionEndpointMapping. When I send the message to the unencrypted service, on the client side I use SoapActionCallback, but this does not work when I want to go to an encrypted service, then I must use ActionCallback. This is bad because the client should not have to behave differently depending on how security interceptor is configured, it should not even have to know there is a security interceptor there.

    Here are the details:

    SoapActionCallback version
    SoapActionCallback callback = new SoapActionCallback(getSoapAction());
    response = (XmlObject)getWebServiceTemplate().marshalSendAndReceive(request, callback);
    ActionCallback version:
    ActionCallback callback = new ActionCallback(getSoapAction());
    response = (XmlObject)getWebServiceTemplate().marshalSendAndReceive(request, callback);
    Unencrypted Wss4jSecurityInterceptor configuration:
     <property name="securementActions" value="UsernameToken Timestamp" />
    Encrypted Wss4jSecurityInterceptor configuration:
     <property name="securementActions" value="Encrypt Timestamp Signature" />
    Using the SoapActionCallback version works fine with the unencrypted message. Sending the same unencrypted message using ActionCallback results in a error:
    SoapFaultClientException: System.Web.Services.Protocols.SoapException: Server did not recognize the value of HTTP Header SOAPAction: .
    OK, fine, seems like since I want to route based on the soap action that using the SoapActionCallback would be the way to go.

    So, trying the SoapActionCallback version with the encrypted message, I get a 404 on the client, but watching the server logs I see:
     No endpoint mapping found for [SaajSoapMessage {}EncryptedData]
    When I switch to the ActionCallback version the encrypted message correctly routes to the endpoint and completes.

    On the server side, the security interceptor contains this in the configuration:
    <property name="validationActions" value="Encrypt Timestamp Signature" />
    I have tried playing around with securementEncryptionParts on the client, but that just seems to unencrypt the entire message instead of just the parts I want, using something like:
     <property name="securementEncryptionParts"
          value="{Content}{}CreateAccountRequest" />
    and anyway, since the default is Content, I don't think I should need to.

    Why does ActionCallback work and SoapActionCallback not work for encrypted messages?