[WSS-458] Allow no security header in certain use-cases - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0
Component/s: None
Labels:
None

Description

This task is to allow no security header in certain use-cases. Currently an error is thrown:

javax.xml.ws.soap.SOAPFaultException: javax.xml.stream.XMLStreamException: org.apache.wss4j.common.ext.WSSecurityException: Security header is missing
at org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor.processNextEvent(SecurityHeaderInputProcessor.java:160)

Two use-cases that come to mind are:

a) A SupportingToken policy that is "AlwaysToRecipient" with no binding. In this case, the service response could have no security header, which is completely valid + the client should treat it as such.
b) A SOAP Fault is received. Here we want to process the fault and so we should at least fail at the security policy validation stage.

Attachments

Activity

People

Assignee:: Marc Giger

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Jul/13 12:31

Updated:: 06/May/14 09:10

Resolved:: 09/Jul/13 11:06