[
https://issues.apache.org/jira/browse/WSS-610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated WSS-610:
------------------------------------
Fix Version/s: 2.1.11
2.0.11
2.2.0
> WSSecurityUtil.decodeAction misbehaving when sending NoSecurity
> ---------------------------------------------------------------
>
> Key: WSS-610
> URL: https://issues.apache.org/jira/browse/WSS-610
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Alexandru-Constantin Bledea
> Assignee: Colm O hEigeartaigh
> Fix For: 2.2.0, 2.0.11, 2.1.11
>
>
> The decode method from org.apache.wss4j.dom.util.WSSecurityUtil doesn't
> appear to do the right thing when sending NoSecurity.
> There seems to be an assumption that if someone will add NoSecurity it will
> always be in the first position.
> But if we're sending for instance "UsernameToken NoSecurity Signature" we're
> getting back [ 1 ].
> If we want NoSecurity to override all other actions, we should probably
> return []
> {code:java}
> if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
> return actions;
> {code}
> should probably be replaced with
> {code:java}
> if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
> return Collections.emptyList();
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
