Igor Konoplyanko created WSS-659:
------------------------------------
Summary: SecurityContextToken validator set by wrong QName
Key: WSS-659
URL: https://issues.apache.org/jira/browse/WSS-659
Project: WSS4J
Issue Type: Bug
Components: WSS4J Axis Integration
Affects Versions: 2.2.4
Reporter: Igor Konoplyanko
Assignee: Colm O hEigeartaigh
SecurityContextToken validator is set in apache cxf using properties:
properties.put(SCT_TOKEN_VALIDATOR, "someValidator");
But it can't be used because SecurityContextTokeinInputHandler looks it up via
other QName. wss4j sets it as
\{http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier and CXF sets it as
\{http://schemas.xmlsoap.org/ws/2005/02/sc}SecurityContextToken.
Code pieces:
org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
if (validator != null) {
properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
}
WSS4J Part: SecurityContextTokenInputHandler.java:72
SecurityContextTokenValidator securityContextTokenValidator =
wssSecurityProperties.getValidator(elementName);
if (securityContextTokenValidator == null)
{ securityContextTokenValidator = new
SecurityContextTokenValidatorImpl(); }
I am still not sure where this problem should be fixed - on CXF or on wss4j
side?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
