[
https://issues.apache.org/jira/browse/CXF-4595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13482112#comment-13482112
]
Jason Pell commented on CXF-4595:
---------------------------------
The HttpsTokenInInterceptor is PRE-STREAM
The PolicyBasedWSS4JInInterceptor is PRE-PROTOCOL
So according to http://cxf.apache.org/docs/interceptors.html, the
HttpsTokenInInterceptor executes first. So TransportBindingPolicyValidator is
definately
overriding what has already been set in HttpsTokenInInterceptor.
Should it not be ignoring anything that has already been checked by
HttpsTokenInInterceptor?
In fact should the following code:
if (binding.getTransportToken() != null) {
assertPolicy(aim, binding.getTransportToken());
assertPolicy(aim, binding.getTransportToken().getToken());
}
be removed from TransportBindingPolicyValidator????
> RequireClientCertificate is not validated
> -----------------------------------------
>
> Key: CXF-4595
> URL: https://issues.apache.org/jira/browse/CXF-4595
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.7.0
> Reporter: Jason Pell
> Attachments: PolicySample.tar.gz
>
>
> I can execute a web service which has a RequireClientCertificate="true"
> policy in the transport binding, the problem is that my client is not
> providing a certificate.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
