[ http://issues.apache.org/jira/browse/WSS-2?page=all ]
Werner Dittmann closed WSS-2:
-----------------------------
Resolution: Won't Fix
Would fix it only if backward compatibility (pre 1.0) is strongly required.
> Pre-OASIS_1_0 Compliance uses inappropriate header attributes
> -------------------------------------------------------------
>
> Key: WSS-2
> URL: http://issues.apache.org/jira/browse/WSS-2
> Project: WSS4J
> Type: Bug
> Environment: JDK1.4.2_04; windows 2000sp4; axis1.2beta
> Reporter: Cameron F. Logan
>
> For web services that are only compliant to lower specifications (e.g.,
> OASIS_2002_07), the presence of the "Type" attribute on the wsse:Password
> element causes the invocations using the Username token to fail. I compiled
> the WSS4J package with the OASIS_2002_07 compliance level, however, it still
> inserted the lengthy Type attribute in to the Password element; I believe
> that this attribute is only relevant for the OASIS_1_0 specification.
> Especially if/when the header is set to "mustUnderstand", this causes the
> authentication to fail. If one explicitly removes the writting of this type
> attribute in the UsernameToken object, then the invocation succeeds for the
> OASIS_2002_07 compliant service.
> In general, it seems that backward compatibility for the Username token needs
> some serious attention.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
