[jbossws-issues] [JBoss JIRA] (JBWS-3812) Incorrect value for ws-security.ut.validator

Alessio Soldano (JIRA) issues at jboss.org
Wed Sep 24 11:08:03 EDT 2014 

    [ https://issues.jboss.org/browse/JBWS-3812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13005757#comment-13005757 ] 

Alessio Soldano commented on JBWS-3812:
---------------------------------------

John,
I'd need a reproducer for this, or at least some additional information and/or a stacktrace from where the string property value for the ut validator causes issue.
While the CXF documentation indeed says "Validator *instance*", the most of the code dealing with those props is able to get the String value and use it to create an instance of the specified class name. When it comes to the ut.validator, in current CXF master that's processed in 3 points, in UsernameTokenInterceptor, WSS4JInInterceptor.CXFRequestData and WSS4JStaxInInterceptor. The first of the three is the only one that does not seem to be able to deal with a String value. I could simply fix that, but I'd need a testcase stressing this issue. I've tried modifying some of the systests in CXF sources to use a String value for custom ut validators, but could not reproduce the issue.

> Incorrect value for ws-security.ut.validator
> --------------------------------------------
>
>                 Key: JBWS-3812
>                 URL: https://issues.jboss.org/browse/JBWS-3812
>             Project: JBoss Web Services
>          Issue Type: Bug
>          Components: jbossws-cxf
>    Affects Versions: jbossws-cxf-4.2.4
>            Reporter: John Ament
>            Assignee: Alessio Soldano
>             Fix For: jbossws-cxf-5.0
>
>
> I found a forum post indicating that this value should work, in my hunt to make security work in WildFly.  https://community.jboss.org/thread/229071
> When you set the parameter ws-security.ut.validator in jaxws-endpoint-config.xml, the value that gets set is in fact the string value, e.g. com.mycompany.cxf.validators.MySpecialValidator
> CXF is expecting that this is an instantiated instance of the class, not a classname.  It results in a ClassCastException.  You can see here for reference: http://cxf.apache.org/docs/ws-securitypolicy.html look under Validator implementations.
> To work around this, you can register a custom InInterceptor and set the value in the message context.  It's not ideal, but you could read the value from jaxws-endpoint-config.xml and instantiate that class, passing it back to the message context.



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the jbossws-issues mailing list