cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From slefebvre <simon.lefeb...@monext.net>
Subject Re: [WSS] CXF Server respond empty SignatureConfirmation instead of failing on bogus request
Date Tue, 11 Feb 2014 16:28:03 GMT
Hi Colm,

The policy was given by the "other end" partner to use when talking with
them (two-way, with and without response).
I'll raise the question about the utility of the SignatureConfirmation to
them.

Can you confirm that cxf "fail" (either by soap fault or 500) when something
wrong happen on an asynchronous call ?

Thanks.


coheigea wrote
> I'm a bit confused by your post, why would you want to use
> SignatureConfirmation when there is no response message?
> 
> Colm.
> 
> On Tue, Feb 11, 2014 at 10:22 AM, slefebvre &lt;

> simon.lefebvre@

> &gt;wrote:
> 
>> Hello,
>>
>> Prerequirement :
>>  * Web service with no response (request only) (Jax-ws configuration)
>>  * WSS Policy set on this service
>>  * RequireSignatureConfirmation set in the policy.
>>
>> When receiving a bogus request (in my case a request without any
>> signature),
>> CXF respond with a empty-body empty-SignatureConfirmation BEFORE
>> validating
>> the request against the policy.
>>
>> Therefore, the client gets a 202 response, where it think should get a
>> soap
>> fault.
>>
>> I'm aware the client should fail on the signature confirmation, but since
>> it
>> send a request without signature in the first place, chances are high it
>> just ignores the response without knowing the request failed.
>>
>> Is my analysis right ? Is that a bug ?
>> Thanks for your responses.
>> Simon





--
View this message in context: http://cxf.547215.n5.nabble.com/WSS-CXF-Server-respond-empty-SignatureConfirmation-instead-of-failing-on-bogus-request-tp5739797p5739824.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message