Wss4jSecurityInterceptor alters CData in SOAP body

[dreamdevil00]

Wss4jSecurityInterceptor escapses CDATA which is not supposed.

A minimal reproducible demo

Step to reproduce:
execute test in com.example.demo.WebServiceTest
and trace logs shows

2022-01-07 17:57:21.469 TRACE 17976 --- [           main] o.s.ws.client.MessageTracing.sent        : Sent request [<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" SOAP-ENV:mustUnderstand="1"><wsse:UsernameToken wsu:Id="UsernameToken-9768067b-0d6c-4b73-8cec-7a7dcc13acb1"><wsse:Username>Bob</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body><echo>&lt;req&gt;Hello World!&lt;/req&gt;</echo></SOAP-ENV:Body></SOAP-ENV:Envelope>]

If WebServiceTemplate execute the test without Wss4jSecurityInterceptor
then trace log shows

2022-01-07 17:58:53.354 TRACE 16852 --- [           main] o.s.ws.client.MessageTracing.sent        : Sent request [<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><echo><![CDATA[<req>Hello World!</req>]]></echo></SOAP-ENV:Body></SOAP-ENV:Envelope>]

The later result is expected.

[snicoll]

Thanks for the report and the sample, I can reproduce with the latest version.