WCF interop issue: Security header ordering constraint
------------------------------------------------------
Key: WSS-147
URL: https://issues.apache.org/jira/browse/WSS-147
Project: WSS4J
Issue Type: Bug
Components: WSS4J Handlers
Environment: Microsoft XP
Reporter: Aditya Sawhney
Assignee: Ruchith Udayanga Fernando
I have WCF Client which uses WS-Security UsernameToken profile. WCF also
automatically adds a TimeStamp header which comes before the UsernameToken
header in the Security header.
If I try to call a CXF web service using CXF exposed from a Java container
then "Security header cannot be authorized" exception is thrown.
The reason is that WSHandler::checkReceiverResults returns false. WSS4J excepts
the security header contents to be in a particular oder in which Timestamp
should come after UsernameToken but in this case it is the opposite and the
validation fails. The WS-Security spec doesnt specify this ordering constraint
and seems to have been self-imposed by WSS4J which is incorrect and needs to be
fixed for the interop to work as desired.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
