Nathan Clement created RAMPART-400:
--------------------------------------
Summary: PolicyBasedResultsValidator incorrectly rejects hashed
passwords
Key: RAMPART-400
URL: https://issues.apache.org/jira/browse/RAMPART-400
Project: Rampart
Issue Type: Bug
Affects Versions: 1.6.2
Reporter: Nathan Clement
Attachments: hashed_password.patch
As per the mailing list, when a PasswordDigest is used, wssUt.getPassword()
returns the hashed password value, and an this exception is thrown, even though
the request is valid according to the policy. The if statement on line 333 of
PolicyBasedResultsValidator should be:
{code}
} else if (!ut.isHashPassword() && (wssUt.getPassword() == null ||
!wssUt.getPasswordType().equals(WSConstants.PASSWORD_TEXT))) {
throw new RampartException("invalidUsernameTokenType");
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
