[CXF-4759] No security headers created for policy with no Binding assertion - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Incomplete
Affects Version/s: 2.7
Fix Version/s: NeedMoreInfo
Component/s: WS-* Components
Labels:
None

Estimated Complexity:
Unknown

Description

For instance if a SOAP service has a policy with a supporting token of UsernameToken without a TransportBinding, SymmetricBinding or AsymmetricBinding then CXF will not send any security header.

In PolicyBasedWSS4JOutInterceptorInternal.handleMessage, there is an attempt to create a dummy TransportBinding, when the policy itself had not specified a binding. However, without a TransportToken, the TransportBindingHandler will ignore any supporting tokens.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

UsernameToken-Plain.xml
17/Jan/13 01:48
0.5 kB
Paton Wong

Activity

People

Assignee:: Unassigned

Reporter:: Paton Wong

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Jan/13 01:45

Updated:: 09/Apr/13 15:19

Resolved:: 25/Feb/13 22:44