ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1482762 - /webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
Date Wed, 15 May 2013 11:11:20 GMT
Author: coheigea
Date: Wed May 15 11:11:20 2013
New Revision: 1482762

URL: http://svn.apache.org/r1482762
Log:
Process UsernameToken nonces properly for the plaintext case

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java?rev=1482762&r1=1482761&r2=1482762&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/UsernameTokenValidatorImpl.java
Wed May 15 11:11:20 2013
@@ -57,8 +57,6 @@ public class UsernameTokenValidatorImpl 
             tokenContext.getWssSecurityProperties().isAllowUsernameTokenNoPassword() 
                 || Boolean.parseBoolean((String)tokenContext.getWsSecurityContext().get(WSSConstants.PROP_ALLOW_USERNAMETOKEN_NOPASSWORD));
 
-        final byte[] nonceVal;
-
         // Check received password type against required type
         WSSConstants.UsernameTokenPasswordType requiredPasswordType = 
             tokenContext.getWssSecurityProperties().getUsernameTokenPasswordType();
@@ -93,6 +91,10 @@ public class UsernameTokenValidatorImpl 
 
         final EncodedString encodedNonce =
                 XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsse_Nonce);
+        byte[] nonceVal = null;
+        if (encodedNonce != null && encodedNonce.getValue() != null) {
+            nonceVal = Base64.decodeBase64(encodedNonce.getValue());
+        }
 
         final AttributedDateTime attributedDateTimeCreated =
                 XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsu_Created);
@@ -111,27 +113,21 @@ public class UsernameTokenValidatorImpl 
                 throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN,
"badTokenType01");
             }
 
-            nonceVal = Base64.decodeBase64(encodedNonce.getValue());
-
             verifyDigestPassword(username.getValue(), passwordType, nonceVal, created, tokenContext);
         } else if ((usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT)
                 || (passwordType != null && passwordType.getValue() != null
                 && usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE))
{
-            nonceVal = null;
             
             verifyPlaintextPassword(username.getValue(), passwordType, tokenContext);
         } else if (passwordType != null && passwordType.getValue() != null) {
             if (!handleCustomPasswordTypes) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
             }
-            nonceVal = null;
-            
             verifyCustomPassword(username.getValue(), passwordType, tokenContext);
         } else {
             if (!allowUsernameTokenNoPassword) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
             }
-            nonceVal = null;
         }
 
         final String password;



Mime
View raw message