[jbossws-issues] [JBoss JIRA] Commented: (JBWS-2414) jboss-ws-security_1_0.xsd is broken
Alessio Soldano (JIRA)
jira-events at lists.jboss.org
Wed Jan 7 09:09:04 EST 2009
[ https://jira.jboss.org/jira/browse/JBWS-2414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12445225#action_12445225 ]
Alessio Soldano commented on JBWS-2414:
---------------------------------------
I don't see an issue here; the username requirements is never specified, as a matter of fact the documentation you refer to has an empty <requires/> tag on server side (the <username/> tag is in the config on client side only, directly under <config>). There's no symmetry here as we have for signature and encryption in terms of config and requires tags. The username token is simply considered if it's found in the incoming message.
> jboss-ws-security_1_0.xsd is broken
> -----------------------------------
>
> Key: JBWS-2414
> URL: https://jira.jboss.org/jira/browse/JBWS-2414
> Project: JBoss Web Services
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: jbossws-native
> Affects Versions: jbossws-native-3.0.4
> Environment: JBossAS 4.2.3, JBossWS-Native 3.0.4
> Reporter: Juergen Zimmermann
> Assignee: Alessio Soldano
> Fix For: jbossws-native-3.0.6
>
>
> jboss-ws-security_1_0.xsd is broken: The example file found at http://jbossws.jboss.org/mediawiki/index.php?title=WS-Security_options#Username_Token_Authentication would be incorrect because <xs:complexType name="requiresType"> : doesn't have the element "username" (see line 158ff).
> These lines should be added:
> <xs:element name="username" type="usernameType" minOccurs="0" maxOccurs="1">
> <xs:annotation>
> <xs:documentation>Indicates that a username element must be present in the message.</xs:documentation>
> </xs:annotation>
> </xs:element>
> Without this declaration schema validation fails regarding <username/> e.g. when editing jboss-wsse-server.xml and jboss-wsse-client.xml by using JBossTools.
> For completeness: here is the example file of the Wiki page (see above):
> <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://www.jboss.com/ws-security/config
> http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
> <config>
> <username/>
> <timestamp ttl="300"/>
> </config>
> </jboss-ws-security>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list