The only issue in this approach is, it exposes the system from rogue requests trying to guess passwords and when defended with max re-tries, will lock users. Not just that, it also has potential to open server sessions and max-out, when other parts of the contract are not satisfied. Can this be classified as a bug for future improvement?
-- View this message in context: http://cxf.547215.n5.nabble.com/WS-Policy-Execution-order-tp5639774p5643639.html Sent from the cxf-user mailing list archive at Nabble.com.
