[jbossws-issues] [JBoss JIRA] (JBWS-3386) Usernametoken support requires optional elements
Matt Wringe (JIRA)
jira-events at lists.jboss.org
Mon Jan 30 09:36:48 EST 2012
[ https://issues.jboss.org/browse/JBWS-3386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12662737#comment-12662737 ]
Matt Wringe commented on JBWS-3386:
-----------------------------------
hmm, yeah, looking at this again it appears you are right that the username is mandatory but not the password. I must have misread the spec when filling out the original jira (and the interoperability issue we were seeing was with an empty password but with a username specified).
> Usernametoken support requires optional elements
> ------------------------------------------------
>
> Key: JBWS-3386
> URL: https://issues.jboss.org/browse/JBWS-3386
> Project: JBoss Web Services
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: jbossws-native
> Reporter: Matt Wringe
> Assignee: Alessio Soldano
> Fix For: jbossws-native-4.0.1
>
>
> Usernametoken support is currently broken as it requires a username and password to be present in the wss security header. According to the WSS specifications (both 1.0 and 1.1*) these are optional elements in wsse:UsernameToken. If either one of these elements are missing, then JBossWS incorrectly throws a WSSecurityException.
> See http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/element/UsernameToken.java lines 78 and 84 for where it should not be throwing this error.
> *
> 1.1 spec http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf
> 1.0 spec http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list