[jira] [Work logged] (WSS-659) SecurityContextToken validator set by wrong QName

Thu, 09 Jan 2020 04:25:09 -0800 


     [ 
https://issues.apache.org/jira/browse/WSS-659?focusedWorklogId=368978&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-368978
 ]

ASF GitHub Bot logged work on WSS-659:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 09/Jan/20 12:24
            Start Date: 09/Jan/20 12:24
    Worklog Time Spent: 10m 
      Work Description: coheigea commented on pull request #2: WSS-659 
SecurityContextToken validator fixing QName
URL: https://github.com/apache/ws-wss4j/pull/2
 
 
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 368978)
    Time Spent: 20m  (was: 10m)

> SecurityContextToken validator set by wrong QName
> -------------------------------------------------
>
>                 Key: WSS-659
>                 URL: https://issues.apache.org/jira/browse/WSS-659
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Axis Integration
>    Affects Versions: 2.2.4
>            Reporter: Igor Konoplyanko
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 2.2.5
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> SecurityContextToken validator is set in apache cxf using properties:
>  properties.put(SCT_TOKEN_VALIDATOR, "someValidator");
>   
>  But it can't be used because SecurityContextTokeinInputHandler looks it up 
> via other QName. wss4j sets it as 
> {noformat}{http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier{noformat} and 
> CXF sets it as 
> {noformat}{http://schemas.xmlsoap.org/ws/2005/02/sc}SecurityContextToken{noformat}.
>  
> {noformat}
> org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
> if (validator != null) { 
>    properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator); 
>    properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator); 
> }
> {noformat}
> {noformat}
> WSS4J Part: SecurityContextTokenInputHandler.java:72 
> SecurityContextTokenValidator securityContextTokenValidator = 
> wssSecurityProperties.getValidator(elementName); 
> if (securityContextTokenValidator == null) {
>   securityContextTokenValidator = new SecurityContextTokenValidatorImpl();    
>     
> }
> {noformat}
>  
> I am still not sure where this problem should be fixed - on CXF or on wss4j 
> side?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to