Glen Mazza (Talend) wrote > > If I understand your security situation correctly (I'm probably missing > something here)... >
Just to detail the security use case: The client may: - either sent a usernametoken in all requests - or sent a usernametoken and request a session at the same time and then echo the session only in the subsequent requests until he explicitly closes it. The session is an element which is a custom one (could be viewed as a secure conversation ID) and is added in the Header. -- View this message in context: http://cxf.547215.n5.nabble.com/Policy-Alternatives-not-handled-properly-on-client-side-tp5710882p5710889.html Sent from the cxf-user mailing list archive at Nabble.com.
