Colm O hEigeartaigh created CXF-6401:
----------------------------------------
Summary: Change the order that the set of security results are
searched to create a security context
Key: CXF-6401
URL: https://issues.apache.org/jira/browse/CXF-6401
Project: CXF
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 3.1.1, 3.0.6
Right now we search the list of security results from WSS4J from the last
result backwards, and stop when we meet a result that can be used to create a
security context. However, we should instead create a list of desired
tokens/actions with a priority to each one. So for example, if a (signed) SAML
token is in the security header, this should have a higher priority than say a
Signature, as the likely intention of the service logic is that the SAML Token
encapsulates the user identity.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
