You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Robert Sauer <ro...@carnot.ag> on 2005/07/22 07:39:19 UTC

ws-sec req/resp symmetry

Greetings,

this seems to be more of a spec question, but I was not able to find it
yesterday. The scenario is as follows:

When sending authentication enabled requests, we include for instance
username/password info with the request by using the WSS4JHandler. The
problem now is that when the response arrives, the same handler is looking
for ws-sec headers in it, too. When they are missing it throws an exception,
thus rendering the call failed.

Is it really required that any response to a ws-sec enabled request has to
include ws-sec headers, too?

Best regards,
Robert