I just wrote a method with an random generator to issue the secuirty context token. After that I stored the token in a database and then I compare the received sctoken from the client with the token in the database via a callbackhandler.
I think that does not make sense or it is wrong to use a policy with a supporting token "secureconversation" without a tokenstore. Am I right? In my opinion, I have two options. 1) Apply a STS, which uses all functionalities of the apache cxf to use a policy with WS-SecureConversation 2) Remove the policy of WS-SecureConversation. I do not prefer option two. Regards, Patrick -- View this message in context: http://cxf.547215.n5.nabble.com/WS-SecureConversation-MTOM-Policy-cannot-be-satisfied-tp5780524p5780686.html Sent from the cxf-user mailing list archive at Nabble.com.
