Protecting Custom Headers

When an operation uses SOAP headers, VuGen does not automatically sign or encrypt them. To incorporate a protection scheme such as a signature or encryption, you must manually add the following information to the scenario's configuration file (.stss) in the behavior element:

  • soapAction of the relevant operation

  • The header XML name and namespace

  • The protection level

The following example shows an outgoing message with the soapAction, http://mySoapAction. The XML element header1 from namespace http://myServiceNamespace is encrypted and signed. The header2 element from the same namespace is only signed.

<protocols ...>
                                <protectionRequirements action="http://mySoapAction">
                                        <header localName="header1" namespace="http://myServiceNamespace" />                                   
                                        <header localName="header1" namespace=" http://myServiceNamespace " />                                   
                                        <header localName="header2" namespace=" http://myServiceNamespace " />