Hi Werner, All, > IMHO you have several option here: > - create a new binding/service name in the Axis deployment > that the .Net clients use and adapt the order of actions > (WSS4J does not need a specific order during receive of a > request, the check is only to to enhance security)
If we check whether all the actions are met wouldn't that be sufficient? > > - you may overwrite the code > > Question to the community: WSS4J already supports a "NoSecurity" > parameter. However, this only controls how the handler works > if _no_ security header/security actions were found at all. Shall > we enhance this to switch of/modif security checking? If yes: > are there some ideas? I think we should optimize the switch. As for ideas: Can we have an option that will enable the receiver to allow the actions to be in any order. When we did some indigo interop testing few weeks back, I noticed that the indigo services always orders the response headers inside the wsse:Security header in 'Strict' (MSFT terminology) order. For example in this case they first include all the headers to be signed and then comes the ds:Signature element. When the actions are 'Timestamp Signature ' (singing the timespamp and body) WSS4J expects the Timestamp element to be the last. Thanks -- Ruchith --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
