[
https://issues.apache.org/jira/browse/CXF-4595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13482157#comment-13482157
]
Jason Pell commented on CXF-4595:
---------------------------------
This is the code in HttpsTokenInInterceptor that does actually check for the
client certificate. And in my case, my debugging tells me that the setAsserted
is false, which is a good thing, but then gets overriden.
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
if (tlsInfo != null) {
if (token.isRequireClientCertificate()
&& (tlsInfo.getPeerCertificates() == null
|| tlsInfo.getPeerCertificates().length == 0)) {
asserted = false;
}
} else {
asserted = false;
}
ai.setAsserted(asserted);
> RequireClientCertificate is not validated
> -----------------------------------------
>
> Key: CXF-4595
> URL: https://issues.apache.org/jira/browse/CXF-4595
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.7.0
> Reporter: Jason Pell
> Attachments: PolicySample.tar.gz
>
>
> I can execute a web service which has a RequireClientCertificate="true"
> policy in the transport binding, the problem is that my client is not
> providing a certificate.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
