svn commit: r1443426 - /webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecSignature.java

Thu, 07 Feb 2013 03:53:12 -0800 

Author: coheigea
Date: Thu Feb  7 11:52:50 2013
New Revision: 1443426

URL: http://svn.apache.org/viewvc?rev=1443426&view=rev
Log:
[WSS-421] - WSSecSignature does not allow access to the internal 
BinarySecurityToken after it is applied to the security header

Modified:
    
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecSignature.java

Modified: 
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecSignature.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecSignature.java?rev=1443426&r1=1443425&r2=1443426&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecSignature.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/ws/security/dom/message/WSSecSignature.java
 Thu Feb  7 11:52:50 2013
@@ -108,6 +108,7 @@ public class WSSecSignature extends WSSe
     private X509Certificate useThisCert = null;
     private Element securityHeader = null;
     private boolean useCustomSecRef;
+    private boolean bstAddedToSecurityHeader = false;
 
     public WSSecSignature() {
         super();
@@ -444,10 +445,10 @@ public class WSSecSignature extends WSSe
      * @param secHeader The security header
      */
     public void prependBSTElementToHeader(WSSecHeader secHeader) {
-        if (bstToken != null) {
+        if (bstToken != null && !bstAddedToSecurityHeader) {
             WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), 
bstToken.getElement());
+            bstAddedToSecurityHeader = true;
         }
-        bstToken = null;
     }
 
     /**
@@ -455,11 +456,11 @@ public class WSSecSignature extends WSSe
      * @param secHeader The security header
      */
     public void appendBSTElementToHeader(WSSecHeader secHeader) {
-        if (bstToken != null) {
+        if (bstToken != null && !bstAddedToSecurityHeader) {
             Element secHeaderElement = secHeader.getSecurityHeader();
             secHeaderElement.appendChild(bstToken.getElement());
+            bstAddedToSecurityHeader = true;
         }
-        bstToken = null;
     }
     
     /**

Reply via email to