dkulp wrote: > >> I would >> next like to test out the WS-SecurityPolicy configuration that Dan has >> done. Is it supported only on the CXF 2.2 branch or both 2.1.x and >> 2.2? > > Just 2.2. It's very "unstable" right now as I kind of move things > around to get it working. Right now, there is pretty much no error > handling (it likely will just printStackTrace and continue with > unpredicatble results), I'll probably refactory the sending into 3 (or > more) interceptors, and the incoming messages are currently not > validated against the policies. Basically, there is still much work to > do, but it's at a state where the basic usecases are working. The MS > InteropFest usecases are now working (except the UsernameToken stuff, > and I'm not sure why yet. Seems MS wants those encrypted, even if the > policy says not to, but I haven't dug into all that yet. Not having a > windows box is slightly hindering that progress.) >
By MS wanting messages encrypted, I'm unsure if you mean message-level or transport-level encryption. Regardless, Jiandong Guo of the Metro team has written[1] that Metro requires some type of encryption regardless of what the policy says. I suspect it is to help idiot-proof their web service stack, i.e., they would rather not support an experienced user who has the rare requirement for unencrypted username/password tokens in order to keep the system solid for the tons of newbies who might otherwise forget to encrypt their SOAP messages. Glen [1] http://www.nabble.com/Re%3A-How-to-implement-WS-Security-with-UsernameToken-on-plain-HTTP-transport-p19445662.html -- View this message in context: http://www.nabble.com/WS-SecurityPolicy-in-CXF-2.1.x%2C-or-just-2.2--tp19830360p19965860.html Sent from the cxf-dev mailing list archive at Nabble.com.
