If you can supply a test-case I'll look into it... Colm.
On Tue, Feb 11, 2014 at 4:28 PM, slefebvre <[email protected]>wrote: > Hi Colm, > > The policy was given by the "other end" partner to use when talking with > them (two-way, with and without response). > I'll raise the question about the utility of the SignatureConfirmation to > them. > > Can you confirm that cxf "fail" (either by soap fault or 500) when > something > wrong happen on an asynchronous call ? > > Thanks. > > > coheigea wrote > > I'm a bit confused by your post, why would you want to use > > SignatureConfirmation when there is no response message? > > > > Colm. > > > > On Tue, Feb 11, 2014 at 10:22 AM, slefebvre < > > > simon.lefebvre@ > > > >wrote: > > > >> Hello, > >> > >> Prerequirement : > >> * Web service with no response (request only) (Jax-ws configuration) > >> * WSS Policy set on this service > >> * RequireSignatureConfirmation set in the policy. > >> > >> When receiving a bogus request (in my case a request without any > >> signature), > >> CXF respond with a empty-body empty-SignatureConfirmation BEFORE > >> validating > >> the request against the policy. > >> > >> Therefore, the client gets a 202 response, where it think should get a > >> soap > >> fault. > >> > >> I'm aware the client should fail on the signature confirmation, but > since > >> it > >> send a request without signature in the first place, chances are high it > >> just ignores the response without knowing the request failed. > >> > >> Is my analysis right ? Is that a bug ? > >> Thanks for your responses. > >> Simon > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/WSS-CXF-Server-respond-empty-SignatureConfirmation-instead-of-failing-on-bogus-request-tp5739797p5739824.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
