cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor
Date Thu, 13 Jun 2013 15:06:42 GMT
Yes, please submit a patch for this.

Colm.


On Thu, Jun 13, 2013 at 3:53 PM, <oddbjorn.heimdal@accenture.com> wrote:

> Hi,
>
> We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard
> codes mustUnderstand = true (line 99). This is configurable in the
> WSS4JOutInterceptor today, but not when using policy.
>
>         public void handleMessage(SoapMessage message) throws Fault {
>             Collection<AssertionInfo> ais;
>             SOAPMessage saaj = message.getContent(SOAPMessage.class);
>
>             boolean mustUnderstand = true;
>             String actor = null;
>
> Obviously this makes sense in most cases, but we have some intermediaries
> which do not understand security...
>
> Would you accept a patch to have this configurable, for instance by
> creating a new property in SecurityConstants (for instance
> ws-security.mustsunderstand) and default to true?
>
> Best regards,
>
> Oddbjørn
>
> ___________________________________________________________________________________________
> Oddbjørn Heimdal
> Accenture Technology Consulting -  Security
> Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway
> Mobile: +47 99 72 19 12
> Email: oddbjorn.heimdal@accenture.com<mailto:
> oddbjorn.heimdal@accenture.com>
>
>
> ________________________________
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited.
>
> Where allowed by local law, electronic communications with Accenture and
> its affiliates, including e-mail and instant messaging (including content),
> may be scanned by our systems for the purposes of information security and
> assessment of internal compliance with Accenture policy.
>
>
> ______________________________________________________________________________________
>
> www.accenture.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message