That does not seem to work. I'm trying to trace why this is, but it seems that in org.apache.cxf.ws.security.wss4j.assertTokens (at line 269) the "assertPolicy" lines come up with a valid list of policies:
(value of aim)
{{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802}Created=[{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802}Created:true],
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}UsernameToken=[{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}UsernameToken:true],
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SupportingTokens=[{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}SupportingTokens:true],
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802}Nonce=[{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802}Nonce:true],
{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}WssUsernameToken10=[{http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}WssUsernameToken10:true]}
but after the (UsernameToken)assertTokens(message,
SPConstants.USERNAME_TOKEN, true) line the returned token has "nonce" and
"timestamp" set to false.
I'm not sure that this is the cause though
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-client-send-nonce-and-timestamp-tp5749743p5749800.html
Sent from the cxf-user mailing list archive at Nabble.com.
