'[jira] [Updated] (WSS-636) CLONE - Password set to null in UsernameTokenValidator'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       woden-dev
Subject:    [jira] [Updated] (WSS-636) CLONE - Password set to null in UsernameTokenValidator
From:       "Bouke (JIRA)" <jira () apache ! org>
Date:       2018-11-20 17:20:02
Message-ID: JIRA.13199637.1542731215000.397219.1542734402346 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Bouke updated WSS-636:
----------------------
    Issue Type: Improvement  (was: Bug)

> CLONE - Password set to null in UsernameTokenValidator
> ------------------------------------------------------
> 
> Key: WSS-636
> URL: https://issues.apache.org/jira/browse/WSS-636
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 2.2.2
> Environment: linux, cxf, jetty 6.10
> Reporter: Bouke
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Labels: UsernameTokenValidator
> 
> When trying to do basic authentication in Soap header with UserNameToken, token is \
> well read from XML, but badly passed to password callback. Line 165 of \
> org.apache.ws.security.validate.UsernameTokenValidator : WSPasswordCallback pwCb = 
> new WSPasswordCallback(user, null, pwType, WSPasswordCallback.USERNAME_TOKEN, \
> data); The password is set to null, while it has been correcty read just before.
> Proposed patch :
> Index: src/main/java/org/apache/ws/security/validate/UsernameTokenValidator.java
> ===================================================================
> --- src/main/java/org/apache/ws/security/validate/UsernameTokenValidator.java	(révision \
>                 1098991)
> +++ src/main/java/org/apache/ws/security/validate/UsernameTokenValidator.java	(copie \
> de travail) @@ -163,7 +163,7 @@
> boolean passwordsAreEncoded = usernameToken.getPasswordsAreEncoded();
> 
> WSPasswordCallback pwCb = 
> -            new WSPasswordCallback(user, null, pwType, \
> WSPasswordCallback.USERNAME_TOKEN, data); +            new WSPasswordCallback(user, \
> password, pwType, WSPasswordCallback.USERNAME_TOKEN, data); try {
> data.getCallbackHandler().handle(new Callback[]{pwCb});
> } catch (IOException e) {



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic