ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Resolved] (WSS-458) Allow no security header in certain use-cases
Date Tue, 09 Jul 2013 11:07:48 GMT


Colm O hEigeartaigh resolved WSS-458.

    Resolution: Fixed
> Allow no security header in certain use-cases
> ---------------------------------------------
>                 Key: WSS-458
>                 URL:
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Colm O hEigeartaigh
>            Assignee: Marc Giger
>             Fix For: 2.0
> This task is to allow no security header in certain use-cases. Currently an error is
> org.apache.wss4j.common.ext.WSSecurityException:
Security header is missing
>         at org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(
> Two use-cases that come to mind are:
>  a) A SupportingToken policy that is "AlwaysToRecipient" with no binding. In this case,
the service response could have no security header, which is completely valid + the client
should treat it as such.
>  b) A SOAP Fault is received. Here we want to process the fault and so we should at least
fail at the security policy validation stage.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message