[
https://issues.apache.org/jira/browse/RAMPART-400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nathan Clement updated RAMPART-400:
-----------------------------------
Attachment: hashed_password.patch
> PolicyBasedResultsValidator incorrectly rejects hashed passwords
> ----------------------------------------------------------------
>
> Key: RAMPART-400
> URL: https://issues.apache.org/jira/browse/RAMPART-400
> Project: Rampart
> Issue Type: Bug
> Affects Versions: 1.6.2
> Reporter: Nathan Clement
> Attachments: hashed_password.patch
>
>
> As per the mailing list, when a PasswordDigest is used, wssUt.getPassword()
> returns the hashed password value, and an this exception is thrown, even
> though the request is valid according to the policy. The if statement on
> line 333 of PolicyBasedResultsValidator should be:
> {code}
> } else if (!ut.isHashPassword() && (wssUt.getPassword() == null ||
> !wssUt.getPasswordType().equals(WSConstants.PASSWORD_TEXT))) {
> throw new RampartException("invalidUsernameTokenType");
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
