WSA implementation does not verify soap action and wsa action mismatch
----------------------------------------------------------------------
Key: JBWS-2978
URL:
https://jira.jboss.org/jira/browse/JBWS-2978
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-native
Affects Versions: jbossws-native-3.3.0.CR1
Reporter: Jim Ma
Assignee: Jim Ma
Fix For: jbossws-native-3.3.0
Web Services Addressing SOAP Binding spec section 4.2 :
"Use of the SOAPAction HTTP request header field is required when using the SOAP 1.1
HTTP binding. The field-value of the SOAPAction HTTP request header MUST either be the
value of the [action] property enclosed in quotation marks, or the empty value
"". The latter case supports the ability to obscure the [action] property
through SOAP-level security mechanisms, without requiring otherwise unnecessary
transport-level security. Any other value for SOAPAction results in an Invalid Message
Addressing Property fault."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira