ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (Jira)" <j...@apache.org>
Subject [jira] [Work logged] (WSS-659) SecurityContextToken validator set by wrong QName
Date Wed, 27 Nov 2019 09:53:00 GMT

     [ https://issues.apache.org/jira/browse/WSS-659?focusedWorklogId=350313&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-350313
]

ASF GitHub Bot logged work on WSS-659:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 27/Nov/19 09:52
            Start Date: 27/Nov/19 09:52
    Worklog Time Spent: 10m 
      Work Description: CauchyPeano commented on pull request #2: WSS-659 SecurityContextToken
validator fixing QName
URL: https://github.com/apache/ws-wss4j/pull/2
 
 
   Hi,
   
   I am creating PR for following issue 
   https://issues.apache.org/jira/projects/WSS/issues/WSS-659?filter=allopenissues
   
   I would also like to add tests, but haven't found existing ones. 
   
   Best
   Igor
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 350313)
    Remaining Estimate: 0h
            Time Spent: 10m

> SecurityContextToken validator set by wrong QName
> -------------------------------------------------
>
>                 Key: WSS-659
>                 URL: https://issues.apache.org/jira/browse/WSS-659
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Axis Integration
>    Affects Versions: 2.2.4
>            Reporter: Igor Konoplyanko
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 2.2.5
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> SecurityContextToken validator is set in apache cxf using properties:
>  properties.put(SCT_TOKEN_VALIDATOR, "someValidator");
>   
>  But it can't be used because SecurityContextTokeinInputHandler looks it up via other
QName. wss4j sets it as {noformat}{http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier{noformat}
and CXF sets it as {noformat}{http://schemas.xmlsoap.org/ws/2005/02/sc}SecurityContextToken{noformat}.
>  
> {noformat}
> org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
> if (validator != null) { 
>    properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator); 
>    properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator); 
> }
> {noformat}
> {noformat}
> WSS4J Part: SecurityContextTokenInputHandler.java:72 
> SecurityContextTokenValidator securityContextTokenValidator = wssSecurityProperties.getValidator(elementName);

> if (securityContextTokenValidator == null) {
>   securityContextTokenValidator = new SecurityContextTokenValidatorImpl();        
> }
> {noformat}
>  
> I am still not sure where this problem should be fixed - on CXF or on wss4j side?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message