1 Reply Latest reply on May 16, 2008 7:02 AM by Alessio Soldano

    Webservice security headers removed by LogRecorder

    Esben Henriksen Newbie

      Hi all
      I am trying to use the Webservice Records management system to log all Webservice messages both innbound and outbound.

      I am using Jbooss 4.2.2 and upgraded jbossws to 2.0.3

      The user information is in the security header and this is removed from the SOAP message when it is written to the log file.

      I have tried to put the Recording Handler in front of the WSSecurity Handler in the handler chain but the security headers are still removed.

      Is this the intended behaviour or am I doing something wrong?

      The MemoryBufferRecorder also strips the security headers.

      Any help on this issue would be greatly apreciated.

      Best regards

      Esben Henriksen

        • 1. Re: Webservice security headers removed by LogRecorder
          Alessio Soldano Master

          Both the recording handler and the memory buffer recorder do not change the messages while handling them. As you pointed out, it's only a matter of the handler's position in the handler chain, since the incoming message's security header is removed by the security handler once it has processed the message. So if you need to log that header, the recording handler has to run before the security one.
          When changing the handler chain, please note that the security handler is a POST handler. This means that to run the recording handler first, this need to be configured as a POST handler too (and put first in the list, of course).