[
https://issues.apache.org/jira/browse/RAMPART-286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12846399#action_12846399
]
Alexey Ilyin commented on RAMPART-286:
--------------------------------------
Once more addition for this issue:
If UsernameToken is optional and we don't set username in config or Options
Client should skip this assertion and don't add UsernameToken.
> Support for WS Policy optionality on WS Security assertions
> -----------------------------------------------------------
>
> Key: RAMPART-286
> URL: https://issues.apache.org/jira/browse/RAMPART-286
> Project: Rampart
> Issue Type: New Feature
> Reporter: Prabath Siriwardena
> Assignee: Ruchith Udayanga Fernando
>
> Support for WS Policy "Optional" attribute on the following WS Security
> Policy assertions:
> 1. <sp:IncludeTimestamp>
> 2. <sp:UsernameToken>
> 3. <sp:SignedParts> / <sp:Body>
> 4. <sp:EncryptedParts> / <sp:Body>
> 5. <sp:SupportingTokens> / <sp:X509Token>
> The optional processing would instruct the Rampart Policy-based validation to
> skip validating any of the above policy assertions if they are marked as
> optional, for example if having an optional UsernameToken:
> <wsp:Policy ...>
> <sp:UsernameToken wsp:Optional="true" .../>
> </wsp:Policy>
> and request does not contain an UsernameToken, no error should be generated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
