[prev in list] [next in list] [prev in thread] [next in thread]
List: woden-dev
Subject: [jira] [Created] (WSS-659) SecurityContextToken validator set by wrong QName
From: "Igor Konoplyanko (Jira)" <jira () apache ! org>
Date: 2019-11-25 15:28:00
Message-ID: JIRA.13270472.1574695637000.209370.1574695680138 () Atlassian ! JIRA
[Download RAW message or body]
Igor Konoplyanko created WSS-659:
------------------------------------
Summary: SecurityContextToken validator set by wrong QName
Key: WSS-659
URL: https://issues.apache.org/jira/browse/WSS-659
Project: WSS4J
Issue Type: Bug
Components: WSS4J Axis Integration
Affects Versions: 2.2.4
Reporter: Igor Konoplyanko
Assignee: Colm O hEigeartaigh
SecurityContextToken validator is set in apache cxf using properties:
properties.put(SCT_TOKEN_VALIDATOR, "someValidator");
But it can't be used because SecurityContextTokeinInputHandler looks it up via \
other QName. wss4j sets it as \{http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier \
and CXF sets it as \{http://schemas.xmlsoap.org/ws/2005/02/sc}SecurityContextToken.
Code pieces:
org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
if (validator != null) {
properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator); \
properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
}
WSS4J Part: SecurityContextTokenInputHandler.java:72
SecurityContextTokenValidator securityContextTokenValidator =
wssSecurityProperties.getValidator(elementName);
if (securityContextTokenValidator == null)
{ securityContextTokenValidator = new \
SecurityContextTokenValidatorImpl(); }
I am still not sure where this problem should be fixed - on CXF or on wss4j side?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic