Answers inline.

On Fri, Jul 10, 2015 at 8:14 PM, <> wrote:

WSSConfig doesn’t have that flag anymore as far as I can tell. Is this default behavior now, or is there some other way to enable that behavior? I see that I can set it on a RequestData, but I don’t have one of those at the point I’m setting up the security engine.

You can change your code to create a RequestData Object instead when calling the WSSecurityEngine methods. The WSSecurityEngine methods that don't take RequestData just end up creating RequestData internally anyway:


2. WSSConfig used to have a method isWsiBSPCompliant(), which would trigger slightly different behaviors for me depending on its setting when I retrieved in from a RequestData object. Is that what the RequestData.isDisableBSPEnforcement() flag is now?


Yeah, although it has the opposite semantics, as it is set to false by default, meaning that BSP enforcement is enabled. You can also disable specific BSP rules via the ignoredBSPRules List in RequestData.




Stephen W. Chappell

Colm O hEigeartaigh

Talend Community Coder