[
https://issues.jboss.org/browse/JBWS-3386?page=com.atlassian.jira.plugin....
]
Alessio Soldano updated JBWS-3386:
----------------------------------
Fix Version/s: jbossws-native-4.0.1
(was: jbossws-native-4.0.2)
Usernametoken support requires optional elements
------------------------------------------------
Key: JBWS-3386
URL:
https://issues.jboss.org/browse/JBWS-3386
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-native
Reporter: Matt Wringe
Assignee: Alessio Soldano
Fix For: jbossws-native-4.0.1
Usernametoken support is currently broken as it requires a username and password to be
present in the wss security header. According to the WSS specifications (both 1.0 and
1.1*) these are optional elements in wsse:UsernameToken. If either one of these elements
are missing, then JBossWS incorrectly throws a WSSecurityException.
See
http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/sr...
lines 78 and 84 for where it should not be throwing this error.
*
1.1 spec
http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-...
1.0 spec
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira