Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.5.10, 2.6.8, 2.7.5
-
None
-
Unknown
Description
As discussed on the cxf-developer mailing list, patch is coming up shortly:
Yes, please submit a patch for this.
Colm.
On Thu, Jun 13, 2013 at 3:53 PM, <oddbjorn.heimdal@accenture.com> wrote:
> Hi,
>
> We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard
> codes mustUnderstand = true (line 99). This is configurable in the
> WSS4JOutInterceptor today, but not when using policy.
>
> public void handleMessage(SoapMessage message) throws Fault {
> Collection<AssertionInfo> ais;
> SOAPMessage saaj = message.getContent(SOAPMessage.class);
>
> boolean mustUnderstand = true;
> String actor = null;
>
> Obviously this makes sense in most cases, but we have some
> intermediaries which do not understand security...
>
> Would you accept a patch to have this configurable, for instance by
> creating a new property in SecurityConstants (for instance
> ws-security.mustsunderstand) and default to true?
>
> Best regards,
>
> Oddbjørn
>
> ______________________________________________________________________
> _____________________
> Oddbjørn Heimdal
> Accenture Technology Consulting - Security Snarøyveien 30, P.O. Box
> 363, 1326 Lysaker, Norway
> Mobile: +47 99 72 19 12
> Email: oddbjorn.heimdal@accenture.com<mailto:
> oddbjorn.heimdal@accenture.com>
>
>
> ________________________________
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you
> have received it in error, please notify the sender immediately and
> delete the original. Any other use of the e-mail by you is prohibited.
>
> Where allowed by local law, electronic communications with Accenture
> and its affiliates, including e-mail and instant messaging (including
> content), may be scanned by our systems for the purposes of
> information security and assessment of internal compliance with Accenture policy.
>
>
> ______________________________________________________________________
> ________________
>
> www.accenture.com
>
–
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com