This section describes known security issues and solutions.
This problem occurs, for example, when a target message in a client-side message-security-binding element is specified by java-method within a port-info element within a service-ref element:
<!ELEMENT service-ref ( service-ref-name, port-info*, call-property*, wsdl- override?, service-impl-class?, service-qname? )\> <!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub- property*, call-property*, message-security-binding? )\> <!ELEMENT message-security-binding ( message-security* )\> <!ELEMENT message-security ( message+, request-protection?, response-protection? )\> <!ELEMENT message ( java-method? | operation-name? )\>
The message-security-binding element is used here to define message protection policies for specific methods of a web service endpoint.
Use an operation-name element within the message element to identify by WSDL operation name the message to which the protection policies defined in the containing message-security element apply.