I'm a bit confused by your post, why would you want to use SignatureConfirmation when there is no response message?
Colm. On Tue, Feb 11, 2014 at 10:22 AM, slefebvre <[email protected]>wrote: > Hello, > > Prerequirement : > * Web service with no response (request only) (Jax-ws configuration) > * WSS Policy set on this service > * RequireSignatureConfirmation set in the policy. > > When receiving a bogus request (in my case a request without any > signature), > CXF respond with a empty-body empty-SignatureConfirmation BEFORE validating > the request against the policy. > > Therefore, the client gets a 202 response, where it think should get a soap > fault. > > I'm aware the client should fail on the signature confirmation, but since > it > send a request without signature in the first place, chances are high it > just ignores the response without knowing the request failed. > > Is my analysis right ? Is that a bug ? > Thanks for your responses. > Simon > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/WSS-CXF-Server-respond-empty-SignatureConfirmation-instead-of-failing-on-bogus-request-tp5739797.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
