Not sure how you are setting the request header, as they can be
manipulated on both the client and server side. I haven't used axis 1.2
yet, however. The way I do it, for xml encryption and digital
signatures, is via the javax.xml.rpc.handler.Handler interface and the
javax.xml.rpc.handler.MessageContext class. In your case, you would
implement:
handleResponse(MessageContext context)
And via the message context convert the message to a Document. Plenty
of examples out there. Then, you would call a method such as:
public static boolean sign(Document doc, X509Certificate cert,
PrivateKey privateKey, boolean debug) throws WSSecurityException
{
try
{
//Add header to the SOAP message if it does not exist
String soap_header = "
http://schemas.xmlsoap.org/soap/envelope/";
// Initialize the library - this is now done inside servlet
WSSInit
org.apache.xml.security.Init.init();
/******************* XML SIGNATURE INIT ***********************
Append the signature element to proper location before signing
***************************************************************/
// Look for the SOAP header
Element headerElement = null;
NodeList nodes = doc.getElementsByTagNameNS (soap_header,
"Header");
//No nodes are expected to be found (length of zero) - add
//header here.
if(nodes.getLength() == 0)
{
headerElement = doc.createElementNS (soap_header, "Header");
nodes = doc.getElementsByTagNameNS (soap_header, "Envelope");
if(nodes != null)
{
Element envelopeElement = (Element)nodes.item(0);
headerElement.setPrefix(envelopeElement.getPrefix());
envelopeElement.appendChild(headerElement);
}
}
else
{
//This shouldn't happen unless explicity done elsewhere
Fwlog.debug(SecurityHelper.class, Fwlog.WI, "Unexpectedly Found
" + nodes.getLength() + " SOAP Header elements... probably ok but not
tested");
headerElement = (Element)nodes.item(0);
}
... sign the Doc
}
This method, as I use it, is called by both client side and server side
handlers.
HTH,
iksrazal
http://www.braziloutsource.com/