Hi,
We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard codes
mustUnderstand = true (line 99). This is configurable in the
WSS4JOutInterceptor today, but not when using policy.
public void handleMessage(SoapMessage message) throws Fault {
Collection<AssertionInfo> ais;
SOAPMessage saaj = message.getContent(SOAPMessage.class);
boolean mustUnderstand = true;
String actor = null;
Obviously this makes sense in most cases, but we have some intermediaries which
do not understand security...
Would you accept a patch to have this configurable, for instance by creating a
new property in SecurityConstants (for instance ws-security.mustsunderstand)
and default to true?
Best regards,
Oddbjørn
___________________________________________________________________________________________
Oddbjørn Heimdal
Accenture Technology Consulting - Security
Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway
Mobile: +47 99 72 19 12
Email: [email protected]<mailto:[email protected]>
________________________________
This message is for the designated recipient only and may contain privileged,
proprietary, or otherwise confidential information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the e-mail by you is prohibited.
Where allowed by local law, electronic communications with Accenture and its
affiliates, including e-mail and instant messaging (including content), may be
scanned by our systems for the purposes of information security and assessment
of internal compliance with Accenture policy.
______________________________________________________________________________________
www.accenture.com
