[
https://issues.apache.org/jira/browse/WSS-659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16983364#comment-16983364
]
Igor Konoplyanko commented on WSS-659:
--------------------------------------
PR created https://github.com/apache/ws-wss4j/pull/2
> SecurityContextToken validator set by wrong QName
> -------------------------------------------------
>
> Key: WSS-659
> URL: https://issues.apache.org/jira/browse/WSS-659
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Axis Integration
> Affects Versions: 2.2.4
> Reporter: Igor Konoplyanko
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 2.2.5
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> SecurityContextToken validator is set in apache cxf using properties:
> properties.put(SCT_TOKEN_VALIDATOR, "someValidator");
>
> But it can't be used because SecurityContextTokeinInputHandler looks it up
> via other QName. wss4j sets it as
> {noformat}{http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier{noformat} and
> CXF sets it as
> {noformat}{http://schemas.xmlsoap.org/ws/2005/02/sc}SecurityContextToken{noformat}.
>
> {noformat}
> org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
> if (validator != null) {
> properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
> properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
> }
> {noformat}
> {noformat}
> WSS4J Part: SecurityContextTokenInputHandler.java:72
> SecurityContextTokenValidator securityContextTokenValidator =
> wssSecurityProperties.getValidator(elementName);
> if (securityContextTokenValidator == null) {
> securityContextTokenValidator = new SecurityContextTokenValidatorImpl();
>
> }
> {noformat}
>
> I am still not sure where this problem should be fixed - on CXF or on wss4j
> side?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
