7:53 p.m.
Usernametoken support requires optional elements
------------------------------------------------
Key: JBWS-3386
URL: https://issues.jboss.org/browse/JBWS-3386
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-native
Reporter: Matt Wringe
Usernametoken support is currently broken as it requires a username and password to be
present in the wss security header. According to the WSS specifications (both 1.0 and
1.1*) these are optional elements in wsse:UsernameToken. If either one of these elements
are missing, then JBossWS incorrectly throws a WSSecurityException.
See
http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/sr...
lines 78 and 84 for where it should not be throwing this error.
*
1.1 spec
http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-...
1.0 spec
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:11 p.m.
[
https://issues.jboss.org/browse/JBWS-3386?page=com.atlassian.jira.plugin....
]
Alessio Soldano updated JBWS-3386:
----------------------------------
Fix Version/s: jbossws-native-4.0.1
Usernametoken support requires optional elements
------------------------------------------------
Key: JBWS-3386
URL: https://issues.jboss.org/browse/JBWS-3386
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-native
Reporter: Matt Wringe
Fix For: jbossws-native-4.0.1
Usernametoken support is currently broken as it requires a username and password to be
present in the wss security header. According to the WSS specifications (both 1.0 and
1.1*) these are optional elements in wsse:UsernameToken. If either one of these elements
are missing, then JBossWS incorrectly throws a WSSecurityException.
See
http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/sr...
lines 78 and 84 for where it should not be throwing this error.
*
1.1 spec
http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-...
1.0 spec
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:25 a.m.
[
https://issues.jboss.org/browse/JBWS-3386?page=com.atlassian.jira.plugin....
]
Alessio Soldano commented on JBWS-3386:
---------------------------------------
Hi Matt,
I agree on the need to remove the check on the password, as that *may* be provided but is
not mandatory. After having checked again the spec, I'm not sure about the same for
the username. Can you tell me exactly where you see the Username being considered
optional?
Thanks
Usernametoken support requires optional elements
------------------------------------------------
Key: JBWS-3386
URL: https://issues.jboss.org/browse/JBWS-3386
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-native
Reporter: Matt Wringe
Assignee: Alessio Soldano
Fix For: jbossws-native-4.0.1
Usernametoken support is currently broken as it requires a username and password to be
present in the wss security header. According to the WSS specifications (both 1.0 and
1.1*) these are optional elements in wsse:UsernameToken. If either one of these elements
are missing, then JBossWS incorrectly throws a WSSecurityException.
See
http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/sr...
lines 78 and 84 for where it should not be throwing this error.
*
1.1 spec
http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-...
1.0 spec
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:27 a.m.
[
https://issues.jboss.org/browse/JBWS-3386?page=com.atlassian.jira.plugin....
]
Alessio Soldano updated JBWS-3386:
----------------------------------
Fix Version/s: jbossws-native-4.0.1
(was: jbossws-native-4.0.2)
Usernametoken support requires optional elements
------------------------------------------------
Key: JBWS-3386
URL: https://issues.jboss.org/browse/JBWS-3386
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-native
Reporter: Matt Wringe
Assignee: Alessio Soldano
Fix For: jbossws-native-4.0.1
Usernametoken support is currently broken as it requires a username and password to be
present in the wss security header. According to the WSS specifications (both 1.0 and
1.1*) these are optional elements in wsse:UsernameToken. If either one of these elements
are missing, then JBossWS incorrectly throws a WSSecurityException.
See
http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/sr...
lines 78 and 84 for where it should not be throwing this error.
*
1.1 spec
http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-...
1.0 spec
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:36 p.m.
[
https://issues.jboss.org/browse/JBWS-3386?page=com.atlassian.jira.plugin....
]
Matt Wringe commented on JBWS-3386:
-----------------------------------
hmm, yeah, looking at this again it appears you are right that the username is mandatory
but not the password. I must have misread the spec when filling out the original jira (and
the interoperability issue we were seeing was with an empty password but with a username
specified).
Usernametoken support requires optional elements
------------------------------------------------
Key: JBWS-3386
URL: https://issues.jboss.org/browse/JBWS-3386
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-native
Reporter: Matt Wringe
Assignee: Alessio Soldano
Fix For: jbossws-native-4.0.1
Usernametoken support is currently broken as it requires a username and password to be
present in the wss security header. According to the WSS specifications (both 1.0 and
1.1*) these are optional elements in wsse:UsernameToken. If either one of these elements
are missing, then JBossWS incorrectly throws a WSSecurityException.
See
http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/sr...
lines 78 and 84 for where it should not be throwing this error.
*
1.1 spec
http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-...
1.0 spec
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4470
days inactive
4545
days old
jbossws-issues@lists.jboss.org
4 comments
4 participants
participants (4)
-
Alessio Soldano (JIRA) -
Alessio Soldano (Updated) (JIRA)
-
Matt Wringe (Created) (JIRA)
-
Matt Wringe (JIRA)