[
https://issues.apache.org/jira/browse/WSS-321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed WSS-321.
-----------------------------------
> Cannot configure for no password element expected using Spring configuration
> ----------------------------------------------------------------------------
>
> Key: WSS-321
> URL: https://issues.apache.org/jira/browse/WSS-321
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core, WSS4J Handlers
> Affects Versions: 1.6.3
> Environment: Ubuntu 10.04. ServiceMix 4.
> Reporter: Paul Richardson
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.4
>
>
> We don't wish to have a Password element in the inbound SOAP request.
> WSSecurityUtil.decodeAction() parses the actions that are put in the Spring
> xml file. We have "UsernameToken", so decodeAction sets the internal
> representation of the expected WS Security elements to a list with the single
> value: WSConstants.UT(0x01).
> When a SOAP message arrives, UsernameTokenProcessor.handleToken() is called
> which sets the expected action to WSConstants.UT_NOPASSWORD (0x2000) because
> there is no password element.Thus when
> WSHandler.checkReceiverResultsAnyOrder() which checks that the list of
> expected actions and received actions are the same, it fails and the debug
> output is 'Security processing failed (actions mismatch)".
> Yes, we could override the Processor to get around this, but we were hoping
> to take advantage of the recent changes which meant that we just needed to
> implement our own Validator.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
