Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 04414D67D for ; Wed, 11 Jul 2012 13:43:13 +0000 (UTC) Received: (qmail 22819 invoked by uid 500); 11 Jul 2012 13:43:12 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 22757 invoked by uid 500); 11 Jul 2012 13:43:11 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 22734 invoked by uid 99); 11 Jul 2012 13:43:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jul 2012 13:43:11 +0000 X-ASF-Spam-Status: No, hits=2.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL,URI_HEX X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [64.95.72.244] (HELO mxout.myoutlookonline.com) (64.95.72.244) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jul 2012 13:43:04 +0000 Received: from mxout.myoutlookonline.com (localhost [127.0.0.1]) by mxout.myoutlookonline.com (Postfix) with ESMTP id 4AB364170C9 for ; Wed, 11 Jul 2012 09:42:43 -0400 (EDT) X-Virus-Scanned: by SpamTitan at mail.lan Received: from S10HUB001.SH10.lan (unknown [10.110.2.1]) by mxout.myoutlookonline.com (Postfix) with ESMTP id CE8C0417172 for ; Wed, 11 Jul 2012 09:42:38 -0400 (EDT) Received: from S10HUBR002.SH10.lan (10.110.133.101) by S10HUB001.SH10.lan (10.110.133.11) with Microsoft SMTP Server (TLS) id 14.1.355.2; Wed, 11 Jul 2012 09:42:38 -0400 Received: from [192.168.1.47] (71.191.228.29) by mail10.myoutlookonline.com (10.110.133.101) with Microsoft SMTP Server id 14.1.289.1; Wed, 11 Jul 2012 09:42:38 -0400 Message-ID: <4FFD82CD.6000007@talend.com> Date: Wed, 11 Jul 2012 09:42:37 -0400 From: Glen Mazza User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: Subject: Re: Policy Alternatives not handled properly on client side References: <1342010907503-5710882.post@n5.nabble.com> In-Reply-To: <1342010907503-5710882.post@n5.nabble.com> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [71.191.228.29] If you're not requiring a UsernameToken in one of the alternatives, that would seem akin to never requiring a UsernameToken so I don't understand the purpose of having an alternative requiring it. If I understand your security situation correctly (I'm probably missing something here), it's akin to saying "You don't have to supply me a number, but if you decide to do so, it better be 693!!!" I'm not sure what the difference security-wise between that and "You don't have to supply me a number" would be, so why not just go with the latter? Regards, Glen On 07/11/2012 08:48 AM, Yoann wrote: > I have a WSDL with the following policy: > > > > > > > > > > > > > > The MessageSecurityBindingPolicy mandates usage of a UsernameToken. > > The policy is equivalent to: > > > > wsp:Optional="true" /> > > > The policy means the UsernameToken is optional. > > My code relies on the support of WS-SecurityPolicy in CXF and is as follows: > > mContext.put("ws-security.username", "USER"); > mContext.put("ws-security.callback-handler", "test.ClientPasswordCallback"); > > The output message contains the WS-Security and verifies the second > alternative. > > With the following: > > mContext.remove("ws-security.username"); > mContext.remove("ws-security.callback-handler"); > > The output message doesn't contain the WS-Security whereas it verifies the > first alternative. > > Is there a way to force the alternative or could CXF check the username > properties are set (which is applicable as per policy definition) and set > the WS-Security according to the policy. > > -- > View this message in context: http://cxf.547215.n5.nabble.com/Policy-Alternatives-not-handled-properly-on-client-side-tp5710882.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Glen Mazza Talend Community Coders coders.talend.com blog: www.jroller.com/gmazza