It's probably a bug. What does your security policy look like? Colm.
On Tue, Apr 26, 2016 at 8:45 AM, Stefan Müller <[email protected]> wrote: > Hi, > > in our project we have a conflict between two parties using different > webservice frameworks. > We use apache cxf (3.1.3). > > This is what happens: > We use a WS-SecurityPolicy for all communication with a partner. This > policy > defines that attachments must be encrypted. > The problem is now when we send a message without attachments with this > policy, cxf creates a EncryptedKey element in the security header. But this > EncryptedKey element (xenc:EncryptedKey > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";) has no referencelist > (which > is correct) and is not associated with any element because we don't encrypt > anything in this case. > > The other party rejects these messages because of this unnecessary > EncryptedKey element. > > > In my opinion this element is not necessary but it is not a bug and I can > not find anything against it in the corresponding specs. > > What do you think about it. Is it a bug? > > > Greets > > > > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/EncryptedKey-in-Security-Header-for-messages-wihtout-encrypted-content-tp5768129.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
