Sorry, I guess I was looking at the WS-Security sepc not the BSP spec. David
David R Robison Open Roads Consulting, Inc. 103 Watson Road, Chesapeake, VA 23320 phone: +1 757-546-3401 e-mail: [email protected] web: http://www.openroadsconsulting.com blog: http://therobe.blogspot.com book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526 On 10/7/2014 4:09 AM, Colm O hEigeartaigh wrote: > > That particular piece of code is in a block which enforces Basic > Security Profile conformance. In the BSP spec, the EncodingType > attribute *must* be present, there is no default to fall back to. If a > third party client is not sending an EncodingType attribute, then you > will have to disable BSP Compliance on the service to get it to work. > > Colm. > > On Tue, Oct 7, 2014 at 1:51 AM, David R. Robison > <[email protected] > <mailto:[email protected]>> wrote: > > From the WS-Security spec it appears that the encodingType for the > nonce is optional and, if missing, defaults to Base64 encoding. This > patch assumes this default if the encodingType is missing. > David > > Index: > src/main/java/org/apache/ws/security/message/token/UsernameToken.java > =================================================================== > --- > src/main/java/org/apache/ws/security/message/token/UsernameToken.java > (revision 1629762) > +++ > src/main/java/org/apache/ws/security/message/token/UsernameToken.java > (working copy) > @@ -1163,8 +1163,8 @@ > Element nonce = nonceElements.get(0); > String encodingType = nonce.getAttributeNS(null, > "EncodingType"); > // Encoding Type must be equal to Base64Binary > - if (encodingType == null || "".equals(encodingType) > - || > !BinarySecurity.BASE64_ENCODING.equals(encodingType)) { > + if (encodingType == null || "".equals(encodingType)) > encodingType = BinarySecurity.BASE64_ENCODING; > + if(!BinarySecurity.BASE64_ENCODING.equals(encodingType)) { > if (LOG.isDebugEnabled()) { > LOG.debug("The Username Token's nonce > element has > a bad encoding type"); > } > > > > -- > > David R Robison > Open Roads Consulting, Inc. > 103 Watson Road, Chesapeake, VA 23320 > phone: +1 757-546-3401 > e-mail: [email protected] > <mailto:[email protected]> > web: http://www.openroadsconsulting.com > blog: http://therobe.blogspot.com > book: > http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526 > > > > This email communication (including any attachments) may contain > confidential and/or privileged material intended solely for the > individual or entity to which it is addressed. > If you are not the intended recipient, please delete this email > immediately. > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com This email communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed. If you are not the intended recipient, please delete this email immediately.
