you can set the ordering of the sec tokens inside the sec header using the "action" property of the Axis WS Security handlers.
Regards, Werner > -----Original Message----- > From: ext Aditya Sawhney (JIRA) [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 16, 2008 2:09 AM > To: [email protected] > Subject: [jira] Updated: (WSS-147) WCF interop issue: > Security header ordering constraint > > > [ > https://issues.apache.org/jira/browse/WSS-147?page=com.atlassi an.jira.plugin.system.issuetabpanels:all-tabpanel ] > > Aditya Sawhney updated WSS-147: > ------------------------------- > > Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5 > (was: Microsoft XP) > > > WCF interop issue: Security header ordering constraint > > ------------------------------------------------------ > > > > Key: WSS-147 > > URL: https://issues.apache.org/jira/browse/WSS-147 > > Project: WSS4J > > Issue Type: Bug > > Components: WSS4J Handlers > > Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5 > > Reporter: Aditya Sawhney > > Assignee: Ruchith Udayanga Fernando > > > > I have WCF Client which uses WS-Security UsernameToken > profile. WCF also automatically adds a TimeStamp header which > comes before the UsernameToken header in the Security header. > > If I try to call a CXF web service using CXF exposed from > a Java container then "Security header cannot be authorized" > exception is thrown. > > The reason is that WSHandler::checkReceiverResults returns > false. WSS4J excepts the security header contents to be in a > particular oder in which Timestamp should come after > UsernameToken but in this case it is the opposite and the > validation fails. The WS-Security spec doesnt specify this > ordering constraint and seems to have been self-imposed by > WSS4J which is incorrect and needs to be fixed for the > interop to work as desired. > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
