Re: The client handler strips the SOAP-headers (WS Sec. Signature) off

From: Bobby Bissett - Javasoft <>
Date: Mon, 20 Oct 2003 10:28:07 -0400

Hi Marcus,

I can't tell from below whether or not you're adding your handler to the
chain and keeping the ws sec handler or not. The ws sec handler isn't
going to do what I think you want, so you will have to write your own
jax-rpc handler and not use xws-security at all. The EA release does
not have much flexibility in what it does.


> When I add a handler (extending GenericHandler) and add it to the
> handler chain on the client side I can't see (inside the handler code)
> the tags which WS security signing should have created. And the
> signature element (wsse:Security) aren't added after the handler
> processed the request because they doesn't show up on the server side
> either. If a use the signing helper on the client side without a handler
> the signature i attached and seen on the server side. So using a handler
> together with the WS Signature helper seems to not work. Is it really
> possibly to use WS Security Signature handler together with a custom
> handler written by oneself.
> I'm adding these two lines for signing the JAX-RPC call
> // Create a CertificateClientHelper for a client-side stub/proxy
> CertificateClientHelper cch =
> CertificateClientHelper.createFor(proxy);
> // Sign the request and then dump the message for debugging
> cch.addSignRequest().addDumpRequest();
> Inside the handler in method handleRequest I just dump the SOAP message.
> When doing this I only see the SOAP-body.
> // Write entire soap message to System.out
> OutputStream objOutputStream = System.out;
> message.writeTo(objOutputStream);
> Regards,
> Marcus Heinonen
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail: