This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Ashutosh Shahi reports: 1. Can not change the WSSAssertion. It comes up as Wss10 for some profiles and Wss11 for others, and there is no option to configure it. For example, for "Mutual Certificates Security", it is set to Wss10. Now, If I want to set RequireSignatureConfirmation for this profile, I can't as it is supported only for Wss11. RequireSignatureConfirmation is not displayed in list of configurable options. I am using glassfish build 33, netbeans daily build of Jan 31st, wsitm03 netbeans module of Feb 7th. I think, #1 should definitely be filed as an RFE; Kumar can you confirm this? Yes. In my profiles document, for some profiles like the first one (UsernameAuth with SymmetricKeys..) i fixed the WSS version to 1.1 inorder to take advantage of EKSHA1. That way the developer need not possess his own certificate to able to securely communicate with the service. For many of the other profiles, i believe i have put the version as WSS1.0/WSS1.1 : indicating that either versions should be usable. I believe martin's counter argument for this has been does the developer really care whether it is 1.1 or 1.0.... The answer is no, but there are certain intricacies such as RequrieSignatureConfirmation, when someone enables this the WSS version should automatically be set to WSS 1.1 (since the default version for WS-SecurityPolicy is WSS 1.0, so NB should generate an explicit WSS assertion in this case). If such things are taken care things might still be ok. But in general some developer may say i want WSS 1.1 or that i want WSS 1.0 because the other party does not support WSS 1.1. So the UI should allow such flexibility where possible.
This is not planned any soon.