Hi, I haven't checked it yet - but according to the WSS specs sending of security confirmation is also required (AFAIK) in any case even if the request didn't contain an Signature
I'll cross check it. Regards, Werner Ruchith Fernando wrote: > Hi, > > On 5/23/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> Hi Ruchith, >> >> thanks again, this works. But isn't this a bug? >> Why does it include a SignatureConfirmation if there is no signature to >> confirm? > > Yep ... I agree that we should not return SignatureConfirmation when > there's no signature in the request... please file a JIRA bug here: > [1] > >> If this behaviour is correct, the default value of >> enableSignatureConfirmation should be "false", shouldn't it? > > +1 on making the default false... and I believe this will be fixed > when we support WS-SecurityPolicy (in WSS4J 2.0). > > Thanks, > Ruchith > > [1] http://issues.apache.org/jira/browse/WSS > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
