assuming your policy declare this namespace xmlns:wsp=http://schemas.xmlsoap.org/ws/2004/09/policyAxis2 1.6.2 MTOM enforces existence of wsp:Policy element in policies processed by Axis-MTOM Here is the XSDhttp://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd
In that regard I would *assume* CXF would support the same SecurityPolicy 1.1 as Axis Author Tags: reading Author tags that say Craig McClanahan even though he hasnt touched that code in 10 yrs +1 deprecate that tag! Martin ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Subject: Re: WSS4J 2.0 and some "compatibility" things... > From: [email protected] > Date: Fri, 8 Mar 2013 09:24:42 -0500 > To: [email protected] > > > On Mar 8, 2013, at 9:02 AM, Daniel Kulp <[email protected]> wrote: > > > > > Marc/Colm, > > > > Started looking into the wss4j2 integration stuff on Colms branch in CXF > > and have a question: > > > > In CXF, we have a few places where we're a little more "relaxed" during > > parsing since most of the policies that out there may not be 100% correct. > > The first example I hit was the ws:Policy child element in an HttpsToken. > > wss4j2 throws an exception in this case whereas CXF logs a warning and > > continues. What are your thoughts on this? Should we be completely > > strict or accept the technically invalid policies that are very common? > > Changing the code in HttpsBuilder to: > > Policy nestedPolicy; > > if (nestedPolicyElement == null) { > > //throw new IllegalArgumentException("sp:HttpsToken must have an > > inner wsp:Policy element"); > > nestedPolicy = new Policy(); > > } else { > > nestedPolicy = > > factory.getPolicyEngine().getPolicy(nestedPolicyElement); > > } > > seems to work fine. Likely should have a LOG in there….. > > Likewise for TransportBinding/AlgorithmSuite when using SecurityPolicy 1.1. > Yes, spec says required, but lots of "real world" policies don't have it. > (including most of the one's in the CXF system test suite. :-( ) > > Dan > > > > > > Also, any objections if I go through the code and remove the @author and > > @version tags? Highly discouraged at Apache…. but the $Author$ and > > $Revision$ things and such don't get expanded with git. :-) > > > > > > Thoughts? > > > > -- > > Daniel Kulp > > [email protected] - http://dankulp.com/blog > > Talend Community Coder - http://coders.talend.com > > > > -- > Daniel Kulp > [email protected] - http://dankulp.com/blog > Talend Community Coder - http://coders.talend.com > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
