ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David R. Robison" <david.robi...@openroadsconsulting.com>
Subject Proposed patch for nonce missing encoderType
Date Tue, 07 Oct 2014 00:51:19 GMT
 From the WS-Security spec it appears that the encodingType for the 
nonce is optional and, if missing, defaults to Base64 encoding. This 
patch assumes this default if the encodingType is missing.
David

Index: src/main/java/org/apache/ws/security/message/token/UsernameToken.java
===================================================================
--- 
src/main/java/org/apache/ws/security/message/token/UsernameToken.java 
(revision 1629762)
+++ 
src/main/java/org/apache/ws/security/message/token/UsernameToken.java 
(working copy)
@@ -1163,8 +1163,8 @@
              Element nonce = nonceElements.get(0);
              String encodingType = nonce.getAttributeNS(null, 
"EncodingType");
              // Encoding Type must be equal to Base64Binary
-            if (encodingType == null || "".equals(encodingType)
-                || !BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
+            if (encodingType == null || "".equals(encodingType)) 
encodingType = BinarySecurity.BASE64_ENCODING;
+ if(!BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
                  if (LOG.isDebugEnabled()) {
                      LOG.debug("The Username Token's nonce element has 
a bad encoding type");
                  }



-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: +1 757-546-3401
e-mail: david.robison@openroadsconsulting.com
web: http://www.openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526



This email communication (including any attachments) may contain confidential and/or privileged
material intended solely for the individual or entity to which it is addressed.
If you are not the intended recipient, please delete this email immediately.


Mime
View raw message