Hi,
One more contribution to this list:
I discovered some strange behaviour which I am not sure whether it is a bug or a feature:
Environment: Apache Axis 1.4, WSS4J 1.5, Apache Tomcat 5.5.17 (server-side), Java app (client-side).
I use the WSDoAllSender and WSDoAllReceiver for the RequestFlow and
ResponseFlow of both the client and the service. The client and the
service are able to exchange signed and/or encrypted messages.
Now, on to the issue: For the request flow, if the client handler
specifies as action "Signature" and the service handler expects
"Signature Encrypt", the client sends a signed message, the signature
is verified at the server side and the message gets delivered to the
service, although the message is not encrypted as expected. The same
happens in the opposite direction as well.
Although it might be nice as a feature (see my previous post), I am
afraid it is a bug and an exception should be thrown/fault should be
returned (something like WSDoAllReceiver: security processing failed
(actions mismatch)).
What would the verdict be: bug or feature?
Cheers,
Robert.
- Bug or feature? Robert Maier
- Re: Bug or feature? Fred Dushin
- Re: Bug or feature? Robert Maier
