[jira] [Commented] (RAMPART-400) PolicyBasedResultsValidator incorrectly rejects hashed passwords

Wed, 13 Mar 2013 12:34:13 -0700 

    [ 
https://issues.apache.org/jira/browse/RAMPART-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13601532#comment-13601532
 ] 

Hudson commented on RAMPART-400:
--------------------------------

Integrated in Rampart #1438 (See [https://builds.apache.org/job/Rampart/1438/])
    Applied patch provided in RAMPART-400 by Nathan Clement (Revision 1456077)

     Result = SUCCESS
ruchithf : 
Files : 
* 
/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
* 
/axis/axis2/java/rampart/trunk/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
* 
/axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-hashed-password.xml
* 
/axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-plaintext-password.xml

                
> PolicyBasedResultsValidator incorrectly rejects hashed passwords
> ----------------------------------------------------------------
>
>                 Key: RAMPART-400
>                 URL: https://issues.apache.org/jira/browse/RAMPART-400
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.6.2
>            Reporter: Nathan Clement
>            Assignee: Ruchith Udayanga Fernando
>             Fix For: 1.7.0
>
>         Attachments: hashed_password.patch
>
>
> As per the mailing list, when a PasswordDigest is used, wssUt.getPassword() 
> returns the hashed password value, and an this exception is thrown, even 
> though the request is valid according to the policy.  The if statement on 
> line 333 of PolicyBasedResultsValidator should be:
> {code}
> } else if (!ut.isHashPassword() && (wssUt.getPassword() == null ||
>           !wssUt.getPasswordType().equals(WSConstants.PASSWORD_TEXT))) {
>     throw new RampartException("invalidUsernameTokenType");
> {code}
> See attached for patch code.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to