ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Commented] (WSS-152) Problem with processing Username Tokens with no password type
Date Fri, 22 Jun 2012 09:23:43 GMT


Colm O hEigeartaigh commented on WSS-152:

What's the error exactly? 1.6 enforces the BasicSecurityProfile which says that a UsernameToken
must have a password type set. This can be turned off though via WSSConfig.

> Problem with processing Username Tokens with no password type
> -------------------------------------------------------------
>                 Key: WSS-152
>                 URL:
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.4
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.5.5
> The Username Token Profile 1.1 specifies that  a password type is optional:
> "/wsse:UsernameToken/wsse:Password/@Type
>         This optional URI attribute specifies the type of password being provided."
> and furthermore that the default value is "#PasswordText". However, looking at the code
in UsernameTokenProcessor it doesn't appear that we support processing a Username Token with
no password type exception will probably be thrown here:
> else if (!WSConstants.PASSWORD_TEXT.equals(pwType) && !handleCustomPasswordTypes)
>     if (log.isDebugEnabled()) {
>         log.debug("Authentication failed as handleCustomUsernameTokenTypes is false");
>     }
>     throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
> }
> In any case, a test is needed for this.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message