Bug 5756 - allow developer to bypass secure msg consistency check
: allow developer to bypass secure msg consistency check
Status: RESOLVED FIXED
: Java WS Security
Authentication
: 4.0.5
: PC Linux
: P3 normal
: 4.0.7
Assigned To:
: http://www-unix.mcs.anl.gov/~tfreeman...
:
:
:
  Show dependency treegraph
 
Reported: 2008-01-04 11:34 by
Modified: 2008-01-22 15:33 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2008-01-04 11:34:56
(see patch URL)

Don't require secure envelope on response

  - since this is an https connection, the deployment does not see the need to
encode the reply in a secure envelope.  The server trusts the client via secure
message (allowing for anonymous clients in the TLS connection) but assumes
client will trust response via its https configuration.

   - boils down to bypassing the consistency check in WSSecurityClientHandler
for the call

   - Introduces Constants.GSI_SEC_MSG_SECREPLY_UNECESSARY --> Boolean.TRUE
------- Comment #1 From 2008-01-22 15:33:59 -------
Patch committed to branch and trunk. Thanks Tim.