Bug 4584 - security descriptor uses operation field name instead of QName
: security descriptor uses operation field name instead of QName
: Java WS Security
: unspecified
: PC Linux
: P1 normal
: 4.2.0
Assigned To:
  Show dependency treegraph
Reported: 2006-07-12 10:48 by
Modified: 2008-01-18 16:06 (History)



You need to log in before you can comment on or make changes to this bug.

Description From 2006-07-12 10:48:27
The security descriptor uses the operation field name (ElementDesc.fieldName)
instead of the full QName in the name attribute of the method element under
methodAuthentication. This causes confusion when the operation definition in
the WSDL specifies an operation name with a begining capital letter. The field
name is de-capitalized by Axis, so the security descriptor doesn't match the
schema. This can cause problems such as gridmap authz not being performed since
the operation isn't technically listed in the security descriptor. I think it
would be better to use the full QName instead to match what's defined in the
------- Comment #1 From 2008-01-18 16:06:44 -------
Support for QName of method to specify policy has been added to trunk code.
QName or local name can be used for method authentication policy. Documentation
has been updated.