This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Steps to reproduce: - Create 2 Web Applications using Java EE version 5. - Create Web Service with some operation in 1st web application. - Deploy 1st web application. - Create Web Service Client in 2nd Web Application for web service created above. - Create servlet in 2nd web application and put the invokation of some operation of web service in it. - Invoke web service attributes in 2nd application. - Go to 'WSIT' TAB and change some attribute (for example set default username) and then edit it again to change it to original state/value. - Notice that after previous step it is impossible to enable AM security in 'Security' TAB.
It looks like wsit client security attributes can't be turned off.
The wsit *client* security attributes shouldn't break AM at all, that's why. I think I should rework the check so that it only checks the service wsdl for wsit security. Any objections? I reassigned the issue to myself as I think the problem above is in wsit code.
I'm checking only the service policy for settings, so it should work now. Client settings are reflected only if there policy support on service.
Martin, I am reopening this issue because things are not working correctly on the client side. Let's talk after you come back from your vacation. Peter
I'd like to see what is not working in this issue. We may talk about it as well, but the issue should be here.
First of all, if the web service has wsit security enabled, WsitConfigProvider.isWsitSecurityEnabled() is not returning true on the client side. Also, the reverse is not implemented. If the AM client security is enabled, shouldnt the wsit client be disabled? Also, I am not quite sure I understand why if the user enables some attributes in the wsit client tab, the am client tab doesn't get disabled.
To make sure you get the right security status, you need to refresh the client, otherwise it's impossible to check. I checked the client checker code in - had to change the exception handling from security checkers to log only, because I get some everytime on client side.
VERIFIED