Adding SOAP Security Header via a proxy

[INeedAGoodName]

Hi all,

I have an existing Spring based Webservice and an existing 'proxy' (servlet based) that I need to get working together. I would like to have the proxy read in client messages, add in a security header based on its own certificate, and then forward on to webservices that only accept that particular certificate. FYI - The proxy itself authorises the client and maintains sessions etc. The webservice uses Spring WS Security.

The proxy is servlet based, so I simply get POST message that may / may not actually be a SOAP message, but for now we can assume it is. What would be the easiest / best way to take the POST message (InputStream) and add a security header based on its certificate? At the moment I'm leaning towards converting the message to a SOAPMessage and attempting to manually add the header before forwarding to the webservice. Is this possible, or is there a better way?

Thanks in advance.

[INeedAGoodName]

The SOAP message is generic, in theory this should work for multiple webservices that use the proxy. So, regardless of what is in the SOAP body or where the request is going, I need to be able to add the certificate information to the header.

[INeedAGoodName]

So, I'm looking at using the XWSS processor interface outlined here: http://docs.oracle.com/cd/E17802_01/...ySamples5.html

It looks like it should do everything I need.