ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Igor Konoplyanko (Jira)" <>
Subject [jira] [Created] (WSS-659) SecurityContextToken validator set by wrong QName
Date Mon, 25 Nov 2019 15:28:00 GMT
Igor Konoplyanko created WSS-659:

             Summary: SecurityContextToken validator set by wrong QName
                 Key: WSS-659
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Axis Integration
    Affects Versions: 2.2.4
            Reporter: Igor Konoplyanko
            Assignee: Colm O hEigeartaigh

SecurityContextToken validator is set in apache cxf using properties:
 properties.put(SCT_TOKEN_VALIDATOR, "someValidator"); 

 But it can't be used because SecurityContextTokeinInputHandler looks it up via other QName.
wss4j sets it as \{}Identifier and CXF sets it as


Code pieces:
 if (validator != null) {

properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator); properties.addValidator(WSSConstants.TAG_WSC0512_SCT,



WSS4J Part: 
         SecurityContextTokenValidator securityContextTokenValidator = 
         if (securityContextTokenValidator == null)

{             securityContextTokenValidator = new SecurityContextTokenValidatorImpl();


I am still not sure where this problem should be fixed - on CXF or on wss4j side?

This message was sent by Atlassian Jira

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message