svn commit: r1443424 - /webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java

Thu, 07 Feb 2013 03:43:01 -0800 

Author: coheigea
Date: Thu Feb  7 11:42:37 2013
New Revision: 1443424

URL: http://svn.apache.org/viewvc?rev=1443424&view=rev
Log:
[WSS-421] - WSSecSignature does not allow access to the internal 
BinarySecurityToken after it is applied to the security header

Modified:
    
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java

Modified: 
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java?rev=1443424&r1=1443423&r2=1443424&view=diff
==============================================================================
--- 
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java
 (original)
+++ 
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java
 Thu Feb  7 11:42:37 2013
@@ -108,6 +108,7 @@ public class WSSecSignature extends WSSe
     private X509Certificate useThisCert = null;
     private Element securityHeader = null;
     private boolean useCustomSecRef;
+    private boolean bstAddedToSecurityHeader = false;
 
     public WSSecSignature() {
         super();
@@ -443,10 +444,10 @@ public class WSSecSignature extends WSSe
      * @param secHeader The security header
      */
     public void prependBSTElementToHeader(WSSecHeader secHeader) {
-        if (bstToken != null) {
+        if (bstToken != null && !bstAddedToSecurityHeader) {
             WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), 
bstToken.getElement());
+            bstAddedToSecurityHeader = true;
         }
-        bstToken = null;
     }
 
     /**
@@ -454,11 +455,11 @@ public class WSSecSignature extends WSSe
      * @param secHeader The security header
      */
     public void appendBSTElementToHeader(WSSecHeader secHeader) {
-        if (bstToken != null) {
+        if (bstToken != null && !bstAddedToSecurityHeader) {
             Element secHeaderElement = secHeader.getSecurityHeader();
             secHeaderElement.appendChild(bstToken.getElement());
+            bstAddedToSecurityHeader = true;
         }
-        bstToken = null;
     }
     
     /**

Reply via email to