[prev in list] [next in list] [prev in thread] [next in thread]
List: woden-dev
Subject: [jira] [Work logged] (WSS-659) SecurityContextToken validator set by wrong QName
From: "ASF GitHub Bot (Jira)" <jira () apache ! org>
Date: 2019-11-27 9:53:00
Message-ID: JIRA.13270472.1574695637000.222062.1574848380133 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-659?focusedWorklogId=350313&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-350313 \
]
ASF GitHub Bot logged work on WSS-659:
--------------------------------------
Author: ASF GitHub Bot
Created on: 27/Nov/19 09:52
Start Date: 27/Nov/19 09:52
Worklog Time Spent: 10m
Work Description: CauchyPeano commented on pull request #2: WSS-659 \
SecurityContextToken validator fixing QName
URL: https://github.com/apache/ws-wss4j/pull/2
Hi,
I am creating PR for following issue
https://issues.apache.org/jira/projects/WSS/issues/WSS-659?filter=allopenissues
I would also like to add tests, but haven't found existing ones.
Best
Igor
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 350313)
Remaining Estimate: 0h
Time Spent: 10m
> SecurityContextToken validator set by wrong QName
> -------------------------------------------------
>
> Key: WSS-659
> URL: https://issues.apache.org/jira/browse/WSS-659
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Axis Integration
> Affects Versions: 2.2.4
> Reporter: Igor Konoplyanko
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 2.2.5
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> SecurityContextToken validator is set in apache cxf using properties:
> properties.put(SCT_TOKEN_VALIDATOR, "someValidator");
>
> But it can't be used because SecurityContextTokeinInputHandler looks it up via \
> other QName. wss4j sets it as \
> {noformat}{http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier{noformat} and CXF \
> sets it as {noformat}{http://schemas.xmlsoap.org/ws/2005/02/sc}SecurityContextToken{noformat}.
>
> {noformat}
> org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
> if (validator != null) {
> properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
> properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
> }
> {noformat}
> {noformat}
> WSS4J Part: SecurityContextTokenInputHandler.java:72
> SecurityContextTokenValidator securityContextTokenValidator = \
> wssSecurityProperties.getValidator(elementName); if (securityContextTokenValidator \
> == null) { securityContextTokenValidator = new SecurityContextTokenValidatorImpl(); \
> }
> {noformat}
>
> I am still not sure where this problem should be fixed - on CXF or on wss4j side?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic