ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Closed] (WSS-442) "Never" Token Inclustion is not handled correctly (for X.509 tokens)
Date Tue, 06 May 2014 09:11:18 GMT


Colm O hEigeartaigh closed WSS-442.

> "Never" Token Inclustion is not handled correctly (for X.509 tokens)
> --------------------------------------------------------------------
>                 Key: WSS-442
>                 URL:
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Colm O hEigeartaigh
>            Assignee: Marc Giger
>             Fix For: 2.0.0
> If we are using a SymmetricBinding, we might have a ProtectionToken policy that is an
X.509 Token with an Inclusion of "Never". WSS4J 2.0 does not appear to validate this use-case
> if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
>             setErrorMessage("Token must not be included");
>             asserted = false;
>         }
> The problem is that the Signature references an EncryptedKey, which in turn references
an X.509 Token. Even though the X.509 Token is not included as a BinarySecurityToken in the
message, it still creates an X509TokenSecurityEvent, which is then treated by the policy validation
code in the same way as if the token was included.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message