Skip to main content

Re: Metro 2.2 .... SOAPMessage.writeTo(Outputstream) dropping WSEE SOAP Header?

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
1 reply [Last post]
Kumar Jayanti Guest
Offline
Joined: 2011-04-02

Hi,

If the SOAPMessage does contain the wsse soap header this is no reason writeTo(os) should drop it. What happens really is that before the message reaches the Handlers the security header is stripped off. Do you need access to the Security Header ?. You would be able to get that by inserting your custom tube into the tubeline.
On 31-Mar-2012, at 12:42 AM, Bernhard Thalmayr wrote:

> Hi experts, I'm sorry if this sounds a bit weird.
>
> I do have an application which does
>
> soapMessage.writeTo()
>
> according to the debugger session 'soapMessages' actual class is 'com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl'.
>
> The soapMessage xml's pretty print looks like this ...
>
> 2012-03-30T18:28:15Z2012-03-30T18:33:15ZJAVA
>
>
> if I use a watch in the debugger session to see .toString() I only get ...
>
> JAVA
>
>
> Is this done by intention?
>
> What SAAJ impl is Metro 2.2 using? The pom's I looked at do not specify a sepcific version of the artifact.
>
> TIA,
> Bernhard
>

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Bernhard Thalma...
Offline
Joined: 2011-10-10

Thanks for your attention Kumar.

Acutally this is OpenSSO JAX-WS Web Service Security Agent ... it does
not send out the message but creates a Document out of it to sign it ...

Full code ...

private Document toDocument() throws SecurityException {
try {
ByteArrayOutputStream bop = new ByteArrayOutputStream();
soapMessage.writeTo(bop);
ByteArrayInputStream bin =
new ByteArrayInputStream(bop.toByteArray());
Document doc = XMLUtils.toDOMDocument(bin, WSSUtils.debug);
if (debug.messageEnabled()) {
debug.message("SecureSOAPMessage.toDocument: Converted
SOAPMessage: " + XMLUtils.print(doc));
}
return doc;
} catch (Exception ex) {
debug.error("SecureSOAPMessage.toDocument: Could not" +
" Convert the SOAP Message to XML document.", ex);
throw new SecurityException(ex.getMessage());
}
}

public static Document toDOMDocument(InputStream is, Debug debug) {
/*
* Constructing a DocumentBuilderFactory for every call is less
* expensive than a synchronizing a single instance of the
factory and
* obtaining the builder
*/
DocumentBuilderFactory dbFactory = null;
try {
// Assign new debug object
dbFactory = DocumentBuilderFactory.newInstance();
dbFactory.setValidating(validating);
dbFactory.setNamespaceAware(true);
} catch (Exception e) {
if (debug != null) {
debug.error("XMLUtils.DocumentBuilder init failed", e);
}
}

try {
DocumentBuilder documentBuilder =
dbFactory.newDocumentBuilder();

if (documentBuilder == null) {
if (debug != null) {
debug.error("XMLUtils.toDOM : null builder instance");
}
return null;
}
documentBuilder.setEntityResolver(new XMLHandler());
if (debug != null && debug.warningEnabled()) {
documentBuilder.setErrorHandler(new ValidationErrorHandler(
debug));
}

return documentBuilder.parse(is);
} catch (Exception e) {
// Since there may potentially be several invalid XML documents
// that are mostly client-side errors, only a warning is
logged for
// efficiency reasons.
if (debug != null && debug.warningEnabled()) {
debug.warning("Can't parse the XML document", e);
}

return null;
}
}

Before calling the 'doDocument' the wsse header is included in the
mesage, but it can not be found anymore in the Document.

So I attached the debugger and it looked like 'writeTo' is loosing it.

Regards,
Bernhard

Am 4/2/12 6:14 AM, schrieb Kumar Jayanti:
> Hi,
>
> If the SOAPMessage does contain the wsse soap header this is no reason writeTo(os) should drop it. What happens really is that before the message reaches the Handlers the security header is stripped off. Do you need access to the Security Header ?. You would be able to get that by inserting your custom tube into the tubeline.
> On 31-Mar-2012, at 12:42 AM, Bernhard Thalmayr wrote:
>
>> Hi experts, I'm sorry if this sounds a bit weird.
>>
>> I do have an application which does
>>
>> soapMessage.writeTo()
>>
>> according to the debugger session 'soapMessages' actual class is 'com.sun.xml.messaging.saaj.soap.ver1_1.Message1_1Impl'.
>>
>> The soapMessage xml's pretty print looks like this ...
>>
>> 2012-03-30T18:28:15Z2012-03-30T18:33:15ZJAVA
>>
>>
>> if I use a watch in the debugger session to see.toString() I only get ...
>>
>> JAVA
>>
>>
>> Is this done by intention?
>>
>> What SAAJ impl is Metro 2.2 using? The pom's I looked at do not specify a sepcific version of the artifact.
>>
>> TIA,
>> Bernhard
>>