hi,
Sandesha2 SecurityManager has this interface. Here what this message Part
parameter means.
/**
* Check that the given element of the message demonstrated proof of
possession of
* the given token. This allows Sandesha to implement the checking
required by the
* RM spec. Proof is normally demonstrated by signing or encrypting the
the given
* part using the token.
* If the elements is not secured with the given token the
SecurityManager must
* throw an exception.
*/
public abstract void checkProofOfPossession(SecurityToken token,
OMElement messagePart, MessageContext message)
throws SandeshaException;
I went through the code and so that always Soap Body and Sequence header
parts are passed to this parameter. Is this means
for a Secure conversation is it required to Sign and Encrypt these parts?
Is there any reason why this check is done like this without checking the
given Security token value with the Security token value in the
Security Header?
thanks,
Amila.
--
Amila Suriarachchi,
WSO2 Inc.
