[jbossws-issues] [JBoss JIRA] Commented: (JBWS-2414) jboss-ws-security_1_0.xsd is broken

Alessio Soldano (JIRA) jira-events at lists.jboss.org
Wed Jan 7 09:09:04 EST 2009 

    [ https://jira.jboss.org/jira/browse/JBWS-2414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12445225#action_12445225 ] 

Alessio Soldano commented on JBWS-2414:
---------------------------------------

I don't see an issue here; the username requirements is never specified, as a matter of fact the documentation you refer to has an empty <requires/> tag on server side (the <username/> tag is in the config on client side only, directly under <config>). There's no symmetry here as we have for signature and encryption in terms of config and requires tags. The username token is simply considered if it's found in the incoming message.

> jboss-ws-security_1_0.xsd is broken
> -----------------------------------
>
>                 Key: JBWS-2414
>                 URL: https://jira.jboss.org/jira/browse/JBWS-2414
>             Project: JBoss Web Services
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: jbossws-native
>    Affects Versions: jbossws-native-3.0.4
>         Environment: JBossAS 4.2.3, JBossWS-Native 3.0.4
>            Reporter: Juergen Zimmermann
>            Assignee: Alessio Soldano
>             Fix For: jbossws-native-3.0.6
>
>
> jboss-ws-security_1_0.xsd is broken: The example file found at http://jbossws.jboss.org/mediawiki/index.php?title=WS-Security_options#Username_Token_Authentication would be incorrect because <xs:complexType name="requiresType"> : doesn't have the element "username" (see line 158ff).
> These lines should be added:
>       <xs:element name="username" type="usernameType" minOccurs="0" maxOccurs="1">
>         <xs:annotation>
>           <xs:documentation>Indicates that a username element must be present in the message.</xs:documentation>
>         </xs:annotation>
>       </xs:element>
> Without this declaration schema validation fails regarding <username/> e.g. when editing jboss-wsse-server.xml and jboss-wsse-client.xml by using JBossTools.
> For completeness: here is the example file of the Wiki page (see above):
>    <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
>                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>                          xsi:schemaLocation="http://www.jboss.com/ws-security/config 
>                          http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
>      <config>
>     <username/>
>    <timestamp ttl="300"/>
>      </config>
>    </jboss-ws-security>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list