cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mary Thompson (JIRA)" <>
Subject [jira] Created: (CXF-2244) Server accepts an unsigned message when the policy requires a signed message.
Date Fri, 29 May 2009 06:34:45 GMT
Server accepts an unsigned message when the policy requires a signed message.

                 Key: CXF-2244
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.2.1
         Environment: java 1.5, MacOS 10.5.7 CXF 2.2.2-SNAPSHOT
            Reporter: Mary Thompson

A policy is attached to the request message that requires the message body to be signed and
Due to an error on the client side, a message is sent with a security header and time stamp
but is not signed.
The server accepts the message anyway.

The inbound message is:
INFO: Inbound Message
ID: 1
Address: /AuthN
Encoding: UTF-8
Content-Type: application/soap+xml; action="";
Headers: {Content-Length=[908], Host=[localhost:9090], User-Agent=[Apache CXF 2.2.2-SNAPSHOT],
connection=[keep-alive], Pragma=[no-cache], Content-Type=[application/soap+xml; action="";
charset=UTF-8], content-type=[application/soap+xml; action="";
charset=UTF-8], Cache-Control=[no-cache], Accept=[*/*]}
Payload: <soap:Envelope xmlns:soap=""><soap:Header><wsse:Security
soap:mustUnderstand="true"><wsu:Timestamp xmlns:wsu=""
wsu:Id="Id-1692283"><verifyUserReq xmlns=""><login><LoginName>mrthompson</LoginName><Password>foobar</Password></login><DN><SubjectDN>CN=Mary
Thompson, DC=net, DC=es</SubjectDN><IssuerDN>CN=esnetCA, DC=net, DC=es</IssuerDN></DN></verifyUserReq></soap:Body></soap:Envelope>

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message