Both. You can see the logic in the base class "AbstractTokenInterceptor.handleMessage"
Colm. On Fri, Oct 31, 2014 at 4:30 AM, Malisetti, Ramanjaneyulu < [email protected]> wrote: > Is this (AbstractTokenInterceptor) engaged on client side or server side? > > Regards > Raman > > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:[email protected]] > Sent: Friday, October 31, 2014 12:16 AM > To: [email protected] > Subject: Re: Username/PWD on STS > > Yeah, take a look at the "assertTokens" method here: > > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java;hb=HEAD > > Obviously you only want to assert the policies if the correct type of > UsernameToken was received, etc. > > Colm. > > On Thu, Oct 30, 2014 at 5:21 PM, SRog <[email protected]> wrote: > > > Hey there, > > now I got the following fault: > > > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > > <soap:Body> > > <soap:Fault> > > <faultcode>soap:Server</faultcode> > > <faultstring>These policy alternatives can not be satisfied: > > { > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTo > > kens > > {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameTok > > en > > </faultstring> > > </soap:Fault> > > </soap:Body> > > </soap:Envelope> > > > > This is what you meant when talking about policy validation stage will > > fail? > > > > When I take a look at DefaultCryptoCoverageChecker I do not see the > > right place where I could add the assertion. Is there an example how I > > could do this? > > > > Thanks, > > SRog > > > > > > > > > > -- > > View this message in context: > > http://cxf.547215.n5.nabble.com/Username-PWD-on-STS-tp5750076p5750471. > > html Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
