[
https://issues.apache.org/jira/browse/WSS-152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13399386#comment-13399386
]
Chris Lee commented on WSS-152:
-------------------------------
Ah! I had not made the connection between the BSP and the type attribute, so
the error was in my understanding. Please excuse my ignorance, and thank you
very much for your help.
> Problem with processing Username Tokens with no password type
> -------------------------------------------------------------
>
> Key: WSS-152
> URL: https://issues.apache.org/jira/browse/WSS-152
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.4
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.5
>
>
> The Username Token Profile 1.1 specifies that a password type is optional:
> "/wsse:UsernameToken/wsse:Password/@Type
> This optional URI attribute specifies the type of password being
> provided."
> and furthermore that the default value is "#PasswordText". However, looking
> at the code in UsernameTokenProcessor it doesn't appear that we support
> processing a Username Token with no password type defined...an exception will
> probably be thrown here:
> else if (!WSConstants.PASSWORD_TEXT.equals(pwType) &&
> !handleCustomPasswordTypes) {
> if (log.isDebugEnabled()) {
> log.debug("Authentication failed as handleCustomUsernameTokenTypes is
> false");
> }
> throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
> }
> In any case, a test is needed for this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
