Hello,
Prerequirement :
* Web service with no response (request only) (Jax-ws configuration)
* WSS Policy set on this service
* RequireSignatureConfirmation set in the policy.
When receiving a bogus request (in my case a request without any signature),
CXF respond with a empty-body empty-SignatureConfirmation BEFORE validating
the request against the policy.
Therefore, the client gets a 202 response, where it think should get a soap
fault.
I'm aware the client should fail on the signature confirmation, but since it
send a request without signature in the first place, chances are high it
just ignores the response without knowing the request failed.
Is my analysis right ? Is that a bug ?
Thanks for your responses.
Simon
Prerequirement :
* Web service with no response (request only) (Jax-ws configuration)
* WSS Policy set on this service
* RequireSignatureConfirmation set in the policy.
When receiving a bogus request (in my case a request without any signature),
CXF respond with a empty-body empty-SignatureConfirmation BEFORE validating
the request against the policy.
Therefore, the client gets a 202 response, where it think should get a soap
fault.
I'm aware the client should fail on the signature confirmation, but since it
send a request without signature in the first place, chances are high it
just ignores the response without knowing the request failed.
Is my analysis right ? Is that a bug ?
Thanks for your responses.
Simon