[jbossws-issues] [JBoss JIRA] Created: (JBWS-3253) JBossWS does not decode Nonce
Brad Maxwell (JIRA)
jira-events at lists.jboss.org
Thu Mar 24 15:37:00 EDT 2011
JBossWS does not decode Nonce
-----------------------------
Key: JBWS-3253
URL: https://issues.jboss.org/browse/JBWS-3253
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: ws-security
Affects Versions: jbossws-native-3.1.2, jbossws-native-3.2.0, jbossws-native-3.2.2
Environment: JDK 6
JBoss 5.1.0 jdk 6
Windows XP
Reporter: Brad Maxwell
Assignee: Darran Lofthouse
Fix For: jbossws-native-3.4.0.CR1
Attachments: UsernameTokenCallback.java
I am filing this bug after discussing http://community.jboss.org/message/540669
Nonce is not decoded when encoding type is Base64.
UsernameToken has this piece of code:
String encodingType = elem.getAttribute("EncodingType");
if (encodingType != null && encodingType.length() > 0 && !Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
throw new WSSecurityException("Unsupported nonce encoding type: " + encodingType);
encodingType is not used anywhere else.
In UsernameTokenCallback.java there is the need to decode nonce, so, something like:
String nonce = (String)info.getInfo(NONCE);
if (nonce != null) {
try {
digest.update(new BASE64Decoder().decodeBuffer(nonce));
} catch (IOException e) {
// ignore exceptions
}
}
need to be added to UsernameTokenCallback.java
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list