[
https://issues.apache.org/jira/browse/CXF-566?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated CXF-566:
------------------------------------
Attachment: passwordtype.patch
> WSS4J constant incorrectly used in WS-Security tests
> ----------------------------------------------------
>
> Key: CXF-566
> URL: https://issues.apache.org/jira/browse/CXF-566
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Reporter: Colm O hEigeartaigh
> Priority: Minor
> Attachments: passwordtype.patch
>
>
> A WSS4J constant is incorrectly used in the WS-Security tests
> RoundTripTest.java and WSS4JInOutTest.java.
> Specifically, for both signing and encrypting, the following is attached to
> the message;
> msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);
> However, this is irrelevant as the WSHandlerConstants.PASSWORD_TYPE tag is
> not processed for these actions, and
> should only be used for UsernameToken actions. In addition,
> WSHandlerConstants.PASSWORD_TYPE should only take the values
> WSConstants.PW_DIGEST or WSConstants.PW_TEXT.
> See the attached patch to correct this. Also, two tests are added to
> WSS4JOutInterceptorTest.java, which check that both password types work
> correctly for UsernameToken actions.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
