2:32 p.m.
JBossWS does not decode Nonce
-----------------------------
Key: JBWS-3014
URL: https://jira.jboss.org/jira/browse/JBWS-3014
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: ws-security
Affects Versions: jbossws-native-3.2.2, jbossws-native-3.2.0, jbossws-native-3.1.2
Environment: JDK 6
JBoss 5.1.0 jdk 6
Windows XP
Reporter: Romano Silva
I am filing this bug after discussing http://community.jboss.org/message/540669
Nonce is not decoded when encoding type is Base64.
UsernameToken has this piece of code:
String encodingType = elem.getAttribute("EncodingType");
if (encodingType != null && encodingType.length() > 0 &&
!Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
throw new WSSecurityException("Unsupported nonce encoding type: " +
encodingType);
encodingType is not used anywhere else.
In UsernameTokenCallback.java there is the need to decode nonce, so, something like:
String nonce = (String)info.getInfo(NONCE);
if (nonce != null) {
try {
digest.update(new BASE64Decoder().decodeBuffer(nonce));
} catch (IOException e) {
// ignore exceptions
}
}
need to be added to UsernameTokenCallback.java
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:10 p.m.
New subject: [JBoss JIRA] Updated: (JBWS-3014) JBossWS does not decode Nonce
[
https://jira.jboss.org/jira/browse/JBWS-3014?page=com.atlassian.jira.plug...
]
Romano Silva updated JBWS-3014:
-------------------------------
Attachment: UsernameTokenCallback.java
Here is my patched file. This works when I use a WSS4J Axis client.
JBossWS does not decode Nonce
-----------------------------
Key: JBWS-3014
URL: https://jira.jboss.org/jira/browse/JBWS-3014
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-native-3.1.2, jbossws-native-3.2.0, jbossws-native-3.2.2
Environment: JDK 6
JBoss 5.1.0 jdk 6
Windows XP
Reporter: Romano Silva
Attachments: UsernameTokenCallback.java
I am filing this bug after discussing http://community.jboss.org/message/540669
Nonce is not decoded when encoding type is Base64.
UsernameToken has this piece of code:
String encodingType = elem.getAttribute("EncodingType");
if (encodingType != null && encodingType.length() > 0 &&
!Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
throw new WSSecurityException("Unsupported nonce encoding type: " +
encodingType);
encodingType is not used anywhere else.
In UsernameTokenCallback.java there is the need to decode nonce, so, something like:
String nonce = (String)info.getInfo(NONCE);
if (nonce != null) {
try {
digest.update(new BASE64Decoder().decodeBuffer(nonce));
} catch (IOException e) {
// ignore exceptions
}
}
need to be added to UsernameTokenCallback.java
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:43 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-3014) JBossWS does not decode Nonce
[
https://jira.jboss.org/browse/JBWS-3014?page=com.atlassian.jira.plugin.sy...
]
Darran Lofthouse updated JBWS-3014:
-----------------------------------
Fix Version/s: jbossws-native-4.0
Affects: [Release Notes]
A comment should be added to the release notes advising of this change, although this does
now fix the interoperability required for other stacks this change does mean that when
using JBossWS both the endpoint and the client will need to be updated to the same
version.
JBossWS does not decode Nonce
-----------------------------
Key: JBWS-3014
URL: https://jira.jboss.org/browse/JBWS-3014
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: ws-security
Affects Versions: jbossws-native-3.1.2, jbossws-native-3.2.0, jbossws-native-3.2.2
Environment: JDK 6
JBoss 5.1.0 jdk 6
Windows XP
Reporter: Romano Silva
Assignee: Darran Lofthouse
Fix For: jbossws-native-4.0
Attachments: UsernameTokenCallback.java
I am filing this bug after discussing http://community.jboss.org/message/540669
Nonce is not decoded when encoding type is Base64.
UsernameToken has this piece of code:
String encodingType = elem.getAttribute("EncodingType");
if (encodingType != null && encodingType.length() > 0 &&
!Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
throw new WSSecurityException("Unsupported nonce encoding type: " +
encodingType);
encodingType is not used anywhere else.
In UsernameTokenCallback.java there is the need to decode nonce, so, something like:
String nonce = (String)info.getInfo(NONCE);
if (nonce != null) {
try {
digest.update(new BASE64Decoder().decodeBuffer(nonce));
} catch (IOException e) {
// ignore exceptions
}
}
need to be added to UsernameTokenCallback.java
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5278
days inactive
5324
days old
jbossws-issues@lists.jboss.org
2 comments
2 participants
participants (2)
-
Darran Lofthouse (JIRA) -
Romano Silva (JIRA)