Unable to decrypt SOAP request wihout soapaction header [SWS-1092]

[gregturn]

miha- opened SWS-1092 and commented

In the spring tutorial, the endpoint method is annotated with @PayloadRoot: @PayloadRoot(localPart = "orderInput", namespace = "http://samples")

This works fine when the soap message is not encrypted. PayloadRootAnnotationMethodEndpointMapping is able to map to soap message to the corresponding method.

 

When the soap message is encrypted, the PayloadRootAnnotationMethodEndpointMapping is unable to map the soap message because The security interceptor did not have yet the time to decipher it. But here I should be using @SopAction but I can not as client which sending us request is unable to add it (guverment thing).

 

Is there any way to trigger Wss4jSecurityInterceptor before PayloadRootAnnotation is searched? In tutorial is just to use this: 

wss4jSecurityInterceptor.setValidationActions("Timestamp Signature Encrypt");

but this is not working for above decribed reason.

Thank you miha

---

Affects: 3.0.9

[jpw-src]

I created a minimal project to reproduce the problem: https://github.com/jpw-src/spring-boot-webservice-demo

[snicoll]

Thanks for the sample and sorry it took so long to triage. I can reproduce the problem even with the latest 4.0.x release.

Looking at this StackOverflow question I wonder if that's related to the setSecurementEncryptionParts that the client sets. I'll have to dig in to figure out if that's related as I am quite new to the project but let me know if that rings a bell on your end.