Hi all,

I have an existing Spring based Webservice and an existing 'proxy' (servlet based) that I need to get working together. I would like to have the proxy read in client messages, add in a security header based on its own certificate, and then forward on to webservices that only accept that particular certificate. FYI - The proxy itself authorises the client and maintains sessions etc. The webservice uses Spring WS Security.

The proxy is servlet based, so I simply get POST message that may / may not actually be a SOAP message, but for now we can assume it is. What would be the easiest / best way to take the POST message (InputStream) and add a security header based on its certificate? At the moment I'm leaning towards converting the message to a SOAPMessage and attempting to manually add the header before forwarding to the webservice. Is this possible, or is there a better way?

Thanks in advance.