WSS4J constant incorrectly used in WS-Security tests
----------------------------------------------------
Key: CXF-566
URL: https://issues.apache.org/jira/browse/CXF-566
Project: CXF
Issue Type: Bug
Components: WS-* Components
Reporter: Colm O hEigeartaigh
Priority: Minor
Attachments: passwordtype.patch
A WSS4J constant is incorrectly used in the WS-Security tests
RoundTripTest.java and WSS4JInOutTest.java.
Specifically, for both signing and encrypting, the following is attached to the
message;
msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);
However, this is irrelevant as the WSHandlerConstants.PASSWORD_TYPE tag is not
processed for these actions, and
should only be used for UsernameToken actions. In addition,
WSHandlerConstants.PASSWORD_TYPE should only take the values
WSConstants.PW_DIGEST or WSConstants.PW_TEXT.
See the attached patch to correct this. Also, two tests are added to
WSS4JOutInterceptorTest.java, which check that both password types work
correctly for UsernameToken actions.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
