Re: Possible Bug? WSConstants.PASSWORD_TEXT set but PasswordDigest sent...

Thu, 24 Nov 2005 14:20:16 -0800

and BTW, this is my WSDD.  I have the parameters removed:

<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java=" http://xml.apache.org/axis/wsdd/providers/java">
 <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
  <globalConfiguration >
   <requestFlow >
    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
    <!-- parameters removed -->
   
    </handler>
   </requestFlow >
  </globalConfiguration >
</deployment>





On 11/24/05, Brian Woo <[EMAIL PROTECTED]> wrote:
Hi all,

I might have found a bug in the (WSS4J / AXIS).  I have tried to send a UsernameToken in plain text (PASSWORD_TEXT) but the SOAP message is sending a PasswordDigest block instead.  Note that, the server handler can see decode the SOAP message and get my username correctly.


    private void doSomething()
    {
        //modify the path to the client_deploy.wsdd
        EngineConfiguration config = new FileProvider(
                "client_deploy_without_parameters.wsdd");
        DummyServiceService locator = new DummyServiceServiceLocator(
                config);

        try
        {
            Remote remote = locator.getPort(DummyService.class);
            Stub axisPort = (Stub) remote;
            axisPort._setProperty(WSHandlerConstants.ACTION,
                    WSHandlerConstants.USERNAME_TOKEN);
            axisPort._setProperty(UsernameToken.PASSWORD_TYPE,
                    WSConstants.PASSWORD_TEXT );
            axisPort._setProperty(WSHandlerConstants.USER, "bwoo");
           
            // Use my Handler class...
            ClientAuthenticationHandler pwCallback = new ClientAuthenticationHandler();
            axisPort._setProperty(WSHandlerConstants.PW_CALLBACK_REF, pwCallback);

            DummyServiceSoapBindingStub service =
                (DummyServiceSoapBindingStub) axisPort;

            System.out.println("Calling service...");
            service.doSomething();
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }


And this is the actually SOAP sent (sending PasswordDigest):

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv=" http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd=" http://www.w3.org/2001/XMLSchema" xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance">
  <soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " soapenv:mustUnderstand="1">
      <wsse:UsernameToken>
        <wsse:Username>bwoo</wsse:Username>
        <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">QxdnxcARsfL55IBpxa7dgaDEIYU=</wsse:Password>
        <wsse:Nonce>RQ6MrBY1RBEQXCN998yb2Q==</wsse:Nonce>
        <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >2005-11-24T21:54:46.350Z</wsu:Created>
      </wsse:UsernameToken>
    </wsse:Security>
  </soapenv:Header>
  <soapenv:Body>
    <doSomething/>
  </soapenv:Body>
</soapenv:Envelope>


I have found someone reporting the same problem, but no response:
http://www.mail-archive.com/[email protected]/msg00182.html

Is this a bug or am I missing something?



--
Regards,

Brian Woo

Reply via email to