Greetings, this seems to be more of a spec question, but I was not able to find it yesterday. The scenario is as follows:
When sending authentication enabled requests, we include for instance username/password info with the request by using the WSS4JHandler. The problem now is that when the response arrives, the same handler is looking for ws-sec headers in it, too. When they are missing it throws an exception, thus rendering the call failed. Is it really required that any response to a ws-sec enabled request has to include ws-sec headers, too? Best regards, Robert
