On Mar 8, 2013, at 9:02 AM, Daniel Kulp <[email protected]> wrote: > > Marc/Colm, > > Started looking into the wss4j2 integration stuff on Colms branch in CXF and > have a question: > > In CXF, we have a few places where we're a little more "relaxed" during > parsing since most of the policies that out there may not be 100% correct. > The first example I hit was the ws:Policy child element in an HttpsToken. > wss4j2 throws an exception in this case whereas CXF logs a warning and > continues. What are your thoughts on this? Should we be completely strict > or accept the technically invalid policies that are very common? Changing > the code in HttpsBuilder to: > Policy nestedPolicy; > if (nestedPolicyElement == null) { > //throw new IllegalArgumentException("sp:HttpsToken must have an > inner wsp:Policy element"); > nestedPolicy = new Policy(); > } else { > nestedPolicy = > factory.getPolicyEngine().getPolicy(nestedPolicyElement); > } > seems to work fine. Likely should have a LOG in there…..
Likewise for TransportBinding/AlgorithmSuite when using SecurityPolicy 1.1. Yes, spec says required, but lots of "real world" policies don't have it. (including most of the one's in the CXF system test suite. :-( ) Dan > > Also, any objections if I go through the code and remove the @author and > @version tags? Highly discouraged at Apache…. but the $Author$ and > $Revision$ things and such don't get expanded with git. :-) > > > Thoughts? > > -- > Daniel Kulp > [email protected] - http://dankulp.com/blog > Talend Community Coder - http://coders.talend.com > -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
