Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-2978

WSA implementation does not check mismatch between soap action and wsa action

    Details

      Description

      Web Services Addressing SOAP Binding spec section 4.2 :
      "Use of the SOAPAction HTTP request header field is required when using the SOAP 1.1 HTTP binding. The field-value of the SOAPAction HTTP request header MUST either be the value of the [action] property enclosed in quotation marks, or the empty value "". The latter case supports the ability to obscure the [action] property through SOAP-level security mechanisms, without requiring otherwise unnecessary transport-level security. Any other value for SOAPAction results in an Invalid Message Addressing Property fault."

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jim.ma Jim Ma
                  Reporter:
                  jim.ma Jim Ma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: