[prev in list] [next in list] [prev in thread] [next in thread]
List: woden-dev
Subject: [jira] [Updated] (WSS-551) Property passwordEncryptorInstance is not honored
From: "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date: 2015-08-24 13:53:47
Message-ID: JIRA.12858017.1440206564000.146051.1440424427648 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Colm O hEigeartaigh updated WSS-551:
------------------------------------
Fix Version/s: 2.1.3
2.0.6
> Property passwordEncryptorInstance is not honored
> -------------------------------------------------
>
> Key: WSS-551
> URL: https://issues.apache.org/jira/browse/WSS-551
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 2.0.5
> Reporter: Wladislaw Mitzel
> Assignee: Colm O hEigeartaigh
> Fix For: 2.0.6, 2.1.3
>
> Attachments: WSS-551_WSHandler.patch, wss4j-example.zip
>
>
> The configuration documentation says
> > > Tag name || Tag value || Tag meaning ||
> > *WSS4J 2.0.0* PASSWORD_ENCRYPTOR_INSTANCE | passwordEncryptorInstance | A \
> > PasswordEncryptor instance used to decrypt encrypted passwords in Crypto \
> > properties files. The default is the JasyptPasswordEncryptor. |
> When configuring a {{passwordEncryptorInstance}} for {{WSS4JOutInterceptor}} (line \
> 20) the property is not honored. {code:xml|linenumbers=true}
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" \
> xmlns:jaxws="http://cxf.apache.org/jaxws" \
> xsi:schemaLocation="http://www.springframework.org/schema/beans \
> http://www.springframework.org/schema/beans/spring-beans-3.2.xsd \
> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> \
> <jaxws:endpoint id="hello" address="/hello" \
> implementor="de.wlami.wss4jexample.Service"> <jaxws:outInterceptors>
> <bean id="TimestampSignEncrypt_Response"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Timestamp Signature" />
> <entry key="user" value="servicekey" />
> <entry key="signaturePropFile" value="serviceKeystore.properties" />
> <entry key="encryptionPropFile" value="serviceKeystore.properties" />
> <entry key="encryptionUser" value="useReqSigCert" />
> <entry key="passwordCallbackClass" value="de.wlami.wss4jexample.PasswordCallback" \
> /> <entry key="passwordEncryptorInstance" value-ref="customPasswordEncrypter" />
> </map>
> </constructor-arg>
> </bean>
> </jaxws:outInterceptors>
> </jaxws:endpoint>
> <bean id="customPasswordEncrypter" \
> class="de.wlami.wss4jexample.CustomPasswordEncrypter"></bean> </beans>
> {code}
> The only code which seems to use the documented property is located in \
> {{org.apache.wss4j.stax.ConfigurationConverter.parseCrypto(Map<String, Object>, \
> WSSSecurityProperties)}}. However this method is only called from test classes as \
> far as i could see. Using the given configuration the default \
> {{JasyptPasswordEncryptor}} is created instead of the configured class.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic