[jbossws-issues] [JBoss JIRA] Updated: (JBWS-3014) JBossWS does not decode Nonce

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Fri Jun 18 08:43:46 EDT 2010 

     [ https://jira.jboss.org/browse/JBWS-3014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated JBWS-3014:
-----------------------------------

    Fix Version/s: jbossws-native-4.0
          Affects: [Release Notes]


A comment should be added to the release notes advising of this change, although this does now fix the interoperability required for other stacks this change does mean that when using JBossWS both the endpoint and the client will need to be updated to the same version.

> JBossWS does not decode Nonce
> -----------------------------
>
>                 Key: JBWS-3014
>                 URL: https://jira.jboss.org/browse/JBWS-3014
>             Project: JBoss Web Services
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: ws-security
>    Affects Versions:  jbossws-native-3.1.2, jbossws-native-3.2.0,  jbossws-native-3.2.2
>         Environment: JDK 6
> JBoss 5.1.0 jdk 6
> Windows XP
>            Reporter: Romano Silva
>            Assignee: Darran Lofthouse
>             Fix For: jbossws-native-4.0
>
>         Attachments: UsernameTokenCallback.java
>
>
> I am filing this bug after discussing http://community.jboss.org/message/540669
> Nonce is not decoded when encoding type is Base64.
> UsernameToken has this piece of code:
> String encodingType = elem.getAttribute("EncodingType");
>          if (encodingType != null && encodingType.length() > 0 && !Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
>             throw new WSSecurityException("Unsupported nonce encoding type: " + encodingType);
> encodingType is not used anywhere else.
> In UsernameTokenCallback.java there is the need to decode nonce, so, something like:
> String nonce = (String)info.getInfo(NONCE);
>          if (nonce != null) {
>             try {
> 				digest.update(new BASE64Decoder().decodeBuffer(nonce));
> 			} catch (IOException e) {
> 				// ignore exceptions
> 			}
>          }
> need to be added to UsernameTokenCallback.java

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list