[
https://issues.apache.org/jira/browse/WSS-659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Igor Konoplyanko updated WSS-659:
---------------------------------
Description:
SecurityContextToken validator is set in apache cxf using properties:
properties.put(SCT_TOKEN_VALIDATOR, "someValidator");
But it can't be used because SecurityContextTokeinInputHandler looks it up via
other QName. wss4j sets it as
{[http://schemas.xmlsoap.org/ws/2005/02/sc]}Identifier and CXF sets it as
{[http://schemas.xmlsoap.org/ws/2005/02/sc]}SecurityContextToken.
{noformat}
org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
if (validator != null) {
properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
}
{noformat}
{noformat}
WSS4J Part: SecurityContextTokenInputHandler.java:72
SecurityContextTokenValidator securityContextTokenValidator =
wssSecurityProperties.getValidator(elementName);
if (securityContextTokenValidator == null)
{ securityContextTokenValidator = new
SecurityContextTokenValidatorImpl(); }
{noformat}
I am still not sure where this problem should be fixed - on CXF or on wss4j
side?
was:
SecurityContextToken validator is set in apache cxf using properties:
properties.put(SCT_TOKEN_VALIDATOR, "someValidator");
But it can't be used because SecurityContextTokeinInputHandler looks it up via
other QName. wss4j sets it as
\{http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier and CXF sets it as
\{http://schemas.xmlsoap.org/ws/2005/02/sc}SecurityContextToken.
Code pieces:
org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
if (validator != null) {
properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
}
WSS4J Part: SecurityContextTokenInputHandler.java:72
SecurityContextTokenValidator securityContextTokenValidator =
wssSecurityProperties.getValidator(elementName);
if (securityContextTokenValidator == null)
{ securityContextTokenValidator = new
SecurityContextTokenValidatorImpl(); }
I am still not sure where this problem should be fixed - on CXF or on wss4j
side?
> SecurityContextToken validator set by wrong QName
> -------------------------------------------------
>
> Key: WSS-659
> URL: https://issues.apache.org/jira/browse/WSS-659
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Axis Integration
> Affects Versions: 2.2.4
> Reporter: Igor Konoplyanko
> Assignee: Colm O hEigeartaigh
> Priority: Major
>
> SecurityContextToken validator is set in apache cxf using properties:
> properties.put(SCT_TOKEN_VALIDATOR, "someValidator");
>
> But it can't be used because SecurityContextTokeinInputHandler looks it up
> via other QName. wss4j sets it as
> {[http://schemas.xmlsoap.org/ws/2005/02/sc]}Identifier and CXF sets it as
> {[http://schemas.xmlsoap.org/ws/2005/02/sc]}SecurityContextToken.
>
> {noformat}
> org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
> if (validator != null) {
> properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
> properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
> }
> {noformat}
> {noformat}
> WSS4J Part: SecurityContextTokenInputHandler.java:72
> SecurityContextTokenValidator securityContextTokenValidator =
> wssSecurityProperties.getValidator(elementName);
> if (securityContextTokenValidator == null)
> { securityContextTokenValidator = new
> SecurityContextTokenValidatorImpl(); }
> {noformat}
>
> I am still not sure where this problem should be fixed - on CXF or on wss4j
> side?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
