[
https://jira.jboss.org/jira/browse/JBWS-2414?page=com.atlassian.jira.plug...
]
Alessio Soldano commented on JBWS-2414:
---------------------------------------
I don't see an issue here; the username requirements is never specified, as a matter
of fact the documentation you refer to has an empty <requires/> tag on server side
(the <username/> tag is in the config on client side only, directly under
<config>). There's no symmetry here as we have for signature and encryption in
terms of config and requires tags. The username token is simply considered if it's
found in the incoming message.
jboss-ws-security_1_0.xsd is broken
-----------------------------------
Key: JBWS-2414
URL:
https://jira.jboss.org/jira/browse/JBWS-2414
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-native
Affects Versions: jbossws-native-3.0.4
Environment: JBossAS 4.2.3, JBossWS-Native 3.0.4
Reporter: Juergen Zimmermann
Assignee: Alessio Soldano
Fix For: jbossws-native-3.0.6
jboss-ws-security_1_0.xsd is broken: The example file found at
http://jbossws.jboss.org/mediawiki/index.php?title=WS-Security_options#Us...
would be incorrect because <xs:complexType name="requiresType"> :
doesn't have the element "username" (see line 158ff).
These lines should be added:
<xs:element name="username" type="usernameType"
minOccurs="0" maxOccurs="1">
<xs:annotation>
<xs:documentation>Indicates that a username element must be present in
the message.</xs:documentation>
</xs:annotation>
</xs:element>
Without this declaration schema validation fails regarding <username/> e.g. when
editing jboss-wsse-server.xml and jboss-wsse-client.xml by using JBossTools.
For completeness: here is the example file of the Wiki page (see above):
<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
<config>
<username/>
<timestamp ttl="300"/>
</config>
</jboss-ws-security>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira