This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Resonse not verified independent of enabled or disabled checkbox "Verify response" for WSC. Steps to reproduce: - Create 2 Web Application projects. - Create WS in 1st application and enable message level seurity for this WS (for ex. set X509Token). - Deploy 1st Web Application. - Create WSC and servlet in 2nd Web Application. - Add code to servlet to invoke WS from 1st Web App. - Enable message level security for WSC and set the same security toke as for WS. Enable "verify response" option. - Edit profile which you use for WS and WSC and disable option "Sign Response". - Deploy the 2nd Web App and run servlet. - Notice that servlet passed without exception. - In AS log we can see that response was not signed and verification passed!
This is an issue with AM runtime. Pls create an issue on AM in bugtrak
Here is the corresponding bug in bugtraq: http://bt2ws.central.sun.com/CrPrint?id=6547440
Added to NB IDE 6.0 Preview RNs as follows: Issue 101557: Access Manager always signs up a response.
RN Summary: The Web Service Client's "verify response" configuration doesn't have any effect. The web service client is expected to reject the response from the provider if the client is configured to verify the signature and the provide doesn't send one. But irrespective of the "verify response" setting on the client side, it always accepts the message from the provider.
This issue should be fixed in the latest AM bits. We just need to verify it.
This issue is fixed in the latest AM bits in SDK b18.