[jbossws-issues] [JBoss JIRA] Updated: (JBWS-3253) JBossWS does not decode Nonce
Brad Maxwell (JIRA)
jira-events at lists.jboss.org
Thu Mar 24 15:37:00 EDT 2011
[ https://issues.jboss.org/browse/JBWS-3253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brad Maxwell updated JBWS-3253:
-------------------------------
Affects Version/s: (was: jbossws-native-3.1.2)
(was: jbossws-native-3.2.0)
(was: jbossws-native-3.2.2)
> JBossWS does not decode Nonce
> -----------------------------
>
> Key: JBWS-3253
> URL: https://issues.jboss.org/browse/JBWS-3253
> Project: JBoss Web Services
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: ws-security
> Environment: JDK 6
> JBoss 5.1.0 jdk 6
> Windows XP
> Reporter: Brad Maxwell
> Assignee: Darran Lofthouse
> Labels: nonce, usernametoken, ws-security
> Fix For: jbossws-native-3.4.0.CR1
>
> Attachments: UsernameTokenCallback.java
>
>
> I am filing this bug after discussing http://community.jboss.org/message/540669
> Nonce is not decoded when encoding type is Base64.
> UsernameToken has this piece of code:
> String encodingType = elem.getAttribute("EncodingType");
> if (encodingType != null && encodingType.length() > 0 && !Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
> throw new WSSecurityException("Unsupported nonce encoding type: " + encodingType);
> encodingType is not used anywhere else.
> In UsernameTokenCallback.java there is the need to decode nonce, so, something like:
> String nonce = (String)info.getInfo(NONCE);
> if (nonce != null) {
> try {
> digest.update(new BASE64Decoder().decodeBuffer(nonce));
> } catch (IOException e) {
> // ignore exceptions
> }
> }
> need to be added to UsernameTokenCallback.java
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list