[
https://issues.apache.org/jira/browse/WSS-436?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13642763#comment-13642763
]
Colm O hEigeartaigh commented on WSS-436:
-----------------------------------------
No, as if the policy is "Strict" then was is signed should appear before the
Signature in the header. Realistically though if we can just support Timestamp
and UsernameToken before the Signature then that should be enough.
Colm.
> Outbound StaX code should fail on not finding a signature/encryption part
> -------------------------------------------------------------------------
>
> Key: WSS-436
> URL: https://issues.apache.org/jira/browse/WSS-436
> Project: WSS4J
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Fix For: 2.0
>
>
> The outbound StaX code should fail on not finding a signature/encryption
> part. Perhaps we could just add a boolean to SecurePart indicating whether it
> was satisfied or not, and then loop through the SecurePart lists when we're
> done to check everything was matching.
> With the current code a user might specify the wrong namespace and then
> assume security was applied.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
