How do I remove WS Security from the SOAP header for a particular SOAPAction?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

How do I remove WS Security from the SOAP header for a particular SOAPAction?

Christopher Cheng-2
We are using WS Security to communicate with the server. CXF will add “Security” node to the SOAP Header behind the scene.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
        <soap:Header>
                <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
                        <wsse:UsernameToken wsu:Id="UsernameToken-21b3889b-fbe6-45da-a3ea-331f021c847a">
                                <wsse:Username>WSTEDIBE</wsse:Username>
                                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">.......</wsse:Password>
                                <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">.......</wsse:Nonce>
                                <wsu:Created>2018-02-01T04:23:40.622Z</wsu:Created>
                        </wsse:UsernameToken>
                </wsse:Security>
                ....
        </soap:Header>
        <soap:Body>
            ..............
        </soap:Body>
</soap:Envelope>


Is there any way for me to remove it for some particular SOAPAction such as "SignOut"?

I tried to use OutInterceptor and SOAPHandler, but we could not find the node “Security” in the SOAPHeader in all phases



Is there a way to do so?