ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Lee (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-152) Problem with processing Username Tokens with no password type
Date Fri, 22 Jun 2012 15:40:43 GMT

    [ https://issues.apache.org/jira/browse/WSS-152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13399386#comment-13399386
] 

Chris Lee commented on WSS-152:
-------------------------------

Ah! I had not made the connection between the BSP and the type attribute, so the error was
in my understanding. Please excuse my ignorance, and thank you very much for your help.
                
> Problem with processing Username Tokens with no password type
> -------------------------------------------------------------
>
>                 Key: WSS-152
>                 URL: https://issues.apache.org/jira/browse/WSS-152
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.4
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.5.5
>
>
> The Username Token Profile 1.1 specifies that  a password type is optional:
> "/wsse:UsernameToken/wsse:Password/@Type
>         This optional URI attribute specifies the type of password being provided."
> and furthermore that the default value is "#PasswordText". However, looking at the code
in UsernameTokenProcessor it doesn't appear that we support processing a Username Token with
no password type defined...an exception will probably be thrown here:
> else if (!WSConstants.PASSWORD_TEXT.equals(pwType) && !handleCustomPasswordTypes)
{
>     if (log.isDebugEnabled()) {
>         log.debug("Authentication failed as handleCustomUsernameTokenTypes is false");
>     }
>     throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
> }
> In any case, a test is needed for this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message