Colm, Sergey,
thanks, my test is now passing with the latest trunk.
Cheers
Alessio
On 04/27/2011 11:08 AM, Sergey Beryozkin wrote:
Hi Alessio, Colm
Unfortunately I did not have a system test involving this interceptor
checking digest passwords (I have the one for a policy first case
though), so the regression was not spotted, thanks Colm for applying a
fix.
Alessio - as a workaround, while working with CXF 2.4.0, please override
AbstractUsernameTokenAuthenticatingInterceptor.getSecurityEngine(boolean),
and copy the code from the superclass but register another Validator
implementation, which
extends
AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator
but overrides only its verifyDigestPassword method
that should it till CXF 2.4.1 is released.
One thing about using AbstractUsernameTokenAuthenticatingInterceptor
is that it won't work in policy-first cases.
Thus you might want to consider using another approach, extend
org.apache.cxf.interceptor.security.AbstractUsernameTokenInterceptor
which does not in turn extend WSS4JInInterceptor, please see
http://cxf.apache.org/docs/security.html#Security-WSSecurityUsernameTokenandCustomAuthentication
Thanks, Sergey
On Wed, Apr 27, 2011 at 9:46 AM, Colm O hEigeartaigh
<[email protected]> wrote:
Already taken care of..
https://issues.apache.org/jira/browse/CXF-3476
Colm.
On Wed, Apr 27, 2011 at 9:32 AM, Alessio Soldano<[email protected]> wrote:
On 04/27/2011 10:30 AM, Colm O hEigeartaigh wrote:
Hi Alessio,
Did I miss something here?
No, it's a bug. It should be "isHashed" not "isDerivedKey".
Colm.
OK, I can open a jira and fix that, or you're already doing it?
Thanks
Alessio
--
Alessio Soldano
Web Service Lead, JBoss
--
Alessio Soldano
Web Service Lead, JBoss
