[jbossws-issues] [JBoss JIRA] Updated: (JBWS-3014) JBossWS does not decode Nonce
[
https://jira.jboss.org/jira/browse/JBWS-3014?page=com.atlassian.jira.plug...
]
Romano Silva updated JBWS-3014:
-------------------------------
Attachment: UsernameTokenCallback.java
Here is my patched file. This works when I use a WSS4J Axis client.
JBossWS does not decode Nonce
-----------------------------
Key: JBWS-3014
URL: https://jira.jboss.org/jira/browse/JBWS-3014
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-native-3.1.2, jbossws-native-3.2.0, jbossws-native-3.2.2
Environment: JDK 6
JBoss 5.1.0 jdk 6
Windows XP
Reporter: Romano Silva
Attachments: UsernameTokenCallback.java
I am filing this bug after discussing http://community.jboss.org/message/540669
Nonce is not decoded when encoding type is Base64.
UsernameToken has this piece of code:
String encodingType = elem.getAttribute("EncodingType");
if (encodingType != null && encodingType.length() > 0 &&
!Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
throw new WSSecurityException("Unsupported nonce encoding type: " +
encodingType);
encodingType is not used anywhere else.
In UsernameTokenCallback.java there is the need to decode nonce, so, something like:
String nonce = (String)info.getInfo(NONCE);
if (nonce != null) {
try {
digest.update(new BASE64Decoder().decodeBuffer(nonce));
} catch (IOException e) {
// ignore exceptions
}
}
need to be added to UsernameTokenCallback.java
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira