ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Richardson (Created) (JIRA)" <>
Subject [jira] [Created] (WSS-321) Cannot configure for no password element expected using Spring configuration
Date Thu, 20 Oct 2011 10:52:10 GMT
Cannot configure for no password element expected using Spring configuration

                 Key: WSS-321
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core, WSS4J Handlers
    Affects Versions: 1.6.3
         Environment: Ubuntu 10.04. ServiceMix 4.
            Reporter: Paul Richardson
            Assignee: Colm O hEigeartaigh

We don't wish to have a Password element in the inbound SOAP request.
WSSecurityUtil.decodeAction() parses the actions that are put in the Spring xml file. We have
"UsernameToken", so decodeAction sets the internal representation of the expected WS Security
elements to a list with the single value: WSConstants.UT(0x01).

When a SOAP message arrives, UsernameTokenProcessor.handleToken() is called which sets the
expected action to WSConstants.UT_NOPASSWORD (0x2000) because there is no password element.Thus
when WSHandler.checkReceiverResultsAnyOrder() which checks that the list of expected actions
and received actions are the same, it fails and the debug output is 'Security processing failed
(actions mismatch)".

Yes, we could override the Processor to get around this, but we were hoping to take advantage
of the recent changes which meant that we just needed to implement our own Validator.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message