I am signing a SOAP message on using Spring, this doc to be exactly. There is no difference between my configuration and the one described in the documentation. Everything is working and I am signing the outgoing message and the header looks like
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-1">
...
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
However, the problem is that the server is expecting something like
<SOAP-ENV:Header>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-1">
...
</ds:Signature>
</SOAP-ENV:Header>
So, the server doesn’t like my petition. I cannot change anything on the server so I need to find a solution. If a use soapUI to generate a Request, in the request there is no wsse:Security tag so what server is expecting is aligned with its WSDL.
I have googled few hours with no luck. Is there anyway to remove wsse:Security tag? Can I resolve this with Spring or I should implement some custom code?
Well, I am not sure if this is the best answer but this is what I have found out.
Spring WS security focuses on the three different areas of WS-Security: Authentication, Digital signatures and Encryption/Decryption according with WS-Security.
Two of these three areas, Authentication and Digital signatures, are covered by XML Signature so if you just want to sign and/or authenticate your message without encryption/decryption you can use XML Signature directly and not as part of WS-Security. That was my case, client just expecting
<ds:Signature... >directly and not under<wsse:Security ...>I did not find how to do this (the whole thing) with Spring WS, so I implemented it using XMLSignature from Apache WSS4J package that is the the same that Spring does to sign the message.