[jbossws-issues] [JBoss JIRA] (JBWS-3386) Usernametoken support requires optional elements
Matt Wringe (Created) (JIRA)
jira-events at lists.jboss.org
Wed Nov 16 13:53:40 EST 2011
Usernametoken support requires optional elements
------------------------------------------------
Key: JBWS-3386
URL: https://issues.jboss.org/browse/JBWS-3386
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: jbossws-native
Reporter: Matt Wringe
Usernametoken support is currently broken as it requires a username and password to be present in the wss security header. According to the WSS specifications (both 1.0 and 1.1*) these are optional elements in wsse:UsernameToken. If either one of these elements are missing, then JBossWS incorrectly throws a WSSecurityException.
See http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/element/UsernameToken.java lines 78 and 84 for where it should not be throwing this error.
*
1.1 spec http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf
1.0 spec http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list