[jbossws-issues] [JBoss JIRA] Updated: (JBWS-3014) JBossWS does not decode Nonce
Romano Silva (JIRA)
jira-events at lists.jboss.org
Mon May 3 16:10:06 EDT 2010
[ https://jira.jboss.org/jira/browse/JBWS-3014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Romano Silva updated JBWS-3014:
-------------------------------
Attachment: UsernameTokenCallback.java
Here is my patched file. This works when I use a WSS4J Axis client.
> JBossWS does not decode Nonce
> -----------------------------
>
> Key: JBWS-3014
> URL: https://jira.jboss.org/jira/browse/JBWS-3014
> Project: JBoss Web Services
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: ws-security
> Affects Versions: jbossws-native-3.1.2, jbossws-native-3.2.0, jbossws-native-3.2.2
> Environment: JDK 6
> JBoss 5.1.0 jdk 6
> Windows XP
> Reporter: Romano Silva
> Attachments: UsernameTokenCallback.java
>
>
> I am filing this bug after discussing http://community.jboss.org/message/540669
> Nonce is not decoded when encoding type is Base64.
> UsernameToken has this piece of code:
> String encodingType = elem.getAttribute("EncodingType");
> if (encodingType != null && encodingType.length() > 0 && !Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
> throw new WSSecurityException("Unsupported nonce encoding type: " + encodingType);
> encodingType is not used anywhere else.
> In UsernameTokenCallback.java there is the need to decode nonce, so, something like:
> String nonce = (String)info.getInfo(NONCE);
> if (nonce != null) {
> try {
> digest.update(new BASE64Decoder().decodeBuffer(nonce));
> } catch (IOException e) {
> // ignore exceptions
> }
> }
> need to be added to UsernameTokenCallback.java
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list