cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Commented] (CXF-4759) No security headers created for policy with no Binding assertion
Date Thu, 17 Jan 2013 10:56:13 GMT


Colm O hEigeartaigh commented on CXF-4759:

Have you actually tried that policy to see if it works? A special StaX based interceptor (UsernameTokenInterceptor)
handles the case of UsernameToken policies that are not attached to a binding. See this test
for example:

> No security headers created for policy with no Binding assertion
> ----------------------------------------------------------------
>                 Key: CXF-4759
>                 URL:
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.7.0
>            Reporter: Paton Wong
>         Attachments: UsernameToken-Plain.xml
> For instance if a SOAP service has a policy with a supporting token of UsernameToken
without a TransportBinding, SymmetricBinding or AsymmetricBinding then CXF will not send any
security header.
> In PolicyBasedWSS4JOutInterceptorInternal.handleMessage, there is an attempt to create
a dummy TransportBinding, when the policy itself had not specified a binding. However, without
a TransportToken, the TransportBindingHandler will ignore any supporting tokens.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message