ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Created] (WSS-458) Allow no security header in certain use-cases
Date Tue, 02 Jul 2013 12:32:20 GMT
Colm O hEigeartaigh created WSS-458:

             Summary: Allow no security header in certain use-cases
                 Key: WSS-458
             Project: WSS4J
          Issue Type: Bug
            Reporter: Colm O hEigeartaigh
            Assignee: Marc Giger
             Fix For: 2.0

This task is to allow no security header in certain use-cases. Currently an error is thrown: org.apache.wss4j.common.ext.WSSecurityException:
Security header is missing
        at org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(

Two use-cases that come to mind are:

 a) A SupportingToken policy that is "AlwaysToRecipient" with no binding. In this case, the
service response could have no security header, which is completely valid + the client should
treat it as such.
 b) A SOAP Fault is received. Here we want to process the fault and so we should at least
fail at the security policy validation stage.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message