Skip to main content

How to do encryption and validation of outgoing soap message (client)?

Please note these forums are being decommissioned and use the new and improved forums at
1 reply [Last post]
Joined: 2011-11-29


- I am using JAX-WS (2.1.x) in a standalone client application.

- Xml schema validation is in place, thanks to SchemaValidationFeature.

- I've been able to encrypt and sign my soap message before it is sent using WSS4J, from a SoapHandler implementation. (I have validated the produced soap request against the deployed web service using soapUI and it is working, so I can assume that the encryption and signature are ok, because when I remove one of those two, the service fails with a security reason...).

So, my problem is that, when running my application, it now fails (since I added the encryption) with a SaxParseException because schema validation seems to be done after my handler gets called (which encrypts and signs the message). Here's the error message: "Caused by: org.xml.sax.SAXParseException: cvc-elt.1: Cannot find the declaration of element 'xenc:EncryptedData'." This tells me that the default jax-ws validation mechanism (done by jaxp I think..or jaxb..?) can't obviously validates encrypted message since it doesn't recognize the <xenc:EncryptedData> element in the soap:body.

My question is: Does anybody know how to set a custom SoapHandler (like the one I did to implement some WSS features, encryption and signature) AFTER the validation gets called?? This way, validation would occur on soap message BEFORE it gets encrypted and sent to the server/service, which would solve all my problems. Otherwise, anyone has a better suggestion to fix this situation? I've googled for many hours, and I feel like I am the only one on earth who wants to do validation AND encryption (in that specific order) before sending the soap message to the server. I can't imagine....

Thanks for you help!


Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joined: 2011-11-29

Well, based on what I understand so far, it doesn't seem like I can use both Validation (automatic validation using SchemaValidationFeature) and Encryption (via SoapHandler).

This validation feature from Sun is called AFTER any custom SoapHandlers, and it doesn't seem like we have any control on that execution order.

I will have to drop one of the two, but both are requirements for my client/project. I will probably end up droping the automatic soap message validation against schemas (using the SchemaValidationFeature from Sun), and implement a custom validation functionality inside my custom SoapHandler, which will be called BEFORE the wss4j encryption/signature takes place, in order to validate the original message, not the encrypted version of it, which is causing the SaxParseException.....but that's a bit of a pain....

..but, if anyone has already been able to use both SchemaValidationFeature AND encryption from a custom SoapHandler, please share your skills!