Hi, I have submitted a patch to the jira issue, CXF-5079, and we have verified the solution in our environment.
Do we require a unit test and if so - any ideas on how this should be done? It also seems like SOAP actor is hardcoded, maybe we should consider a similar patch for this as well? Best regards, /Oddbjørn ___________________________________________________________________________________________ Oddbjørn Heimdal Accenture Technology Consulting - Security Snarøyveien 30, P.O. Box 363, 1326 Lysaker, Norway Mobile: +47 99 72 19 12 Email: [email protected] -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: 13. June 2013 17:07 To: [email protected] Subject: Re: Mustunderstand hardcodes = true in PolicyBasedWSS4JOutInterceptor Yes, please submit a patch for this. Colm. On Thu, Jun 13, 2013 at 3:53 PM, <[email protected]> wrote: > Hi, > > We have hit a limitation in PolicyBasedWSS4JOutInterceptor which hard > codes mustUnderstand = true (line 99). This is configurable in the > WSS4JOutInterceptor today, but not when using policy. > > public void handleMessage(SoapMessage message) throws Fault { > Collection<AssertionInfo> ais; > SOAPMessage saaj = message.getContent(SOAPMessage.class); > > boolean mustUnderstand = true; > String actor = null; > > Obviously this makes sense in most cases, but we have some > intermediaries which do not understand security... > > Would you accept a patch to have this configurable, for instance by > creating a new property in SecurityConstants (for instance > ws-security.mustsunderstand) and default to true? > > Best regards, > > Oddbjørn > > ______________________________________________________________________ > _____________________ > Oddbjørn Heimdal > Accenture Technology Consulting - Security Snarøyveien 30, P.O. Box > 363, 1326 Lysaker, Norway > Mobile: +47 99 72 19 12 > Email: [email protected]<mailto: > [email protected]> > > > ________________________________ > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you > have received it in error, please notify the sender immediately and > delete the original. Any other use of the e-mail by you is prohibited. > > Where allowed by local law, electronic communications with Accenture > and its affiliates, including e-mail and instant messaging (including > content), may be scanned by our systems for the purposes of > information security and assessment of internal compliance with Accenture > policy. > > > ______________________________________________________________________ > ________________ > > www.accenture.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com
