Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 91059 invoked from network); 4 Jun 2009 21:15:31 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 4 Jun 2009 21:15:31 -0000 Received: (qmail 33655 invoked by uid 500); 4 Jun 2009 21:15:43 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 33552 invoked by uid 500); 4 Jun 2009 21:15:43 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 33544 invoked by uid 99); 4 Jun 2009 21:15:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jun 2009 21:15:43 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jgawor@gmail.com designates 209.85.221.198 as permitted sender) Received: from [209.85.221.198] (HELO mail-qy0-f198.google.com) (209.85.221.198) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jun 2009 21:15:35 +0000 Received: by qyk36 with SMTP id 36so1987020qyk.27 for ; Thu, 04 Jun 2009 14:15:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=nCRekxLbWPLJEf/kinpOjK0gu5u/NeIE8OBoDgCnnns=; b=TqdPEVfGP5Z1rMtaqvcDJBWjQmJBEtIQftboM/R/X4oX/tI5HJtOEdIa4OU//UkwKc botLwqx2d7IERuOTyrVtfPYi/FfLlLFhnSE9a+s2PVexCCmWF6RniZC66Wm3mcfcrTJj CmWfIK3w8Wx84HkNSFbYSt25fu4y/yocKMcK8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=w2rFm5jy290+IxW+xtj1e1UdQdCdDe3fTkfhslyJgRndvENjZyElxTZ9UgY0Ek9u4l UDQ0dAW46rczhZnlp3VP1q8/uVKqEZQtmRtQFfrFOz8b8ZoHu4uooXIK295YcQblvd7c GySfRk/qjDYxUwZZVgjSeNc3rfeAAipbZbk50= MIME-Version: 1.0 Received: by 10.231.36.198 with SMTP id u6mr704028ibd.29.1244150113982; Thu, 04 Jun 2009 14:15:13 -0700 (PDT) Date: Thu, 4 Jun 2009 17:15:13 -0400 Message-ID: <5eb405c70906041415h41afd756h97abd282387cfcc8@mail.gmail.com> Subject: problems with enforcing transport security constraint in trunk? From: Jarek Gawor To: dev Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hey, I wrote simple tests that test secure access to servlet-based web services (see http://svn.apache.org/viewvc/geronimo/server/trunk/testsuite/webservices-testsuite/jaxws-tests/jaxws-war-sec/). The tests test 1) basic authentication and 2) enforcing transport (CONFIDENTIAL) guarantee. The basic authentication tests work as expected but the transport guarantee do not on both tomcat and jetty. It acts like the transport guarantee wasn't performed at all. I deployed the same tests on 2.1.5-SNAPSHOT and things are working as expected in all cases. So I'm not sure if this is a new bug in trunk, or if I missed something. Any ideas? Thanks, Jarek