ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Closed] (WSS-458) Allow no security header in certain use-cases
Date Tue, 06 May 2014 09:12:28 GMT


Colm O hEigeartaigh closed WSS-458.

> Allow no security header in certain use-cases
> ---------------------------------------------
>                 Key: WSS-458
>                 URL:
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Colm O hEigeartaigh
>            Assignee: Marc Giger
>             Fix For: 2.0.0
> This task is to allow no security header in certain use-cases. Currently an error is
> org.apache.wss4j.common.ext.WSSecurityException:
Security header is missing
>         at org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(
> Two use-cases that come to mind are:
>  a) A SupportingToken policy that is "AlwaysToRecipient" with no binding. In this case,
the service response could have no security header, which is completely valid + the client
should treat it as such.
>  b) A SOAP Fault is received. Here we want to process the fault and so we should at least
fail at the security policy validation stage.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message