To access a secured web service either via WSS4J or XWSS, your client needs to set the correct WS-Security headers.
There are various ways to do this. One of the simplest way is setting up an interceptor, i.e via org.springframework.ws.soap.security.wss4j.Wss4jSe curityInterceptor - just like the way you do it for the Spring WS provider.
HOWEVER, the Spring WS Reference doesn't even mention this one for the client. Even the word interceptor is not even mentioned in the client chapter at http://static.springsource.org/sprin...t.html#d0e3963. But on the provider chapter at http://static.springsource.org/sprin...ml/server.html. It's mentioned at least in the following lines:
I think this should qualify as a JIRA request???There are a number of standard EndpointInterceptor implementations you can use in your Web service. Additionally, there is the XwsSecurityInterceptor, which is described in Section 7.2, “ XwsSecurityInterceptor ”.
What do you think guys?
In the Spring Integration forum, there was a mistake in the MessageBuilder example (like one word). I was advised by Mark Fisher to post a JIRA. That's was just a small issue (maybe a typo). But this one is something big...something missing in the Spring WS reference.
Calling out Arjen for your advise (I hope I didn't miss this in the Spring WS reference)
My point here anyone reading the reference would have less time searching if it was at least mentioned in the client chapter