'cvs commit: ws-wss4j/src/org/apache/ws/security WSSecurityEngine.java'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    cvs commit: ws-wss4j/src/org/apache/ws/security WSSecurityEngine.java
From:       dims () apache ! org
Date:       2005-08-23 15:33:10
Message-ID: 20050823153310.69947.qmail () minotaur ! apache ! org
[Download RAW message or body]

dims        2005/08/23 08:33:10

  Modified:    src/org/apache/ws/security WSSecurityEngine.java
  Log:
  Bug reported by Thilo Frotscher <thilo.frotscher@web.de> in email with message id \
(430B3AD5.1020507@web.de>)  
  Revision  Changes    Path
  1.49      +5 -5      ws-wss4j/src/org/apache/ws/security/WSSecurityEngine.java
  
  Index: WSSecurityEngine.java
  ===================================================================
  RCS file: /home/cvs/ws-wss4j/src/org/apache/ws/security/WSSecurityEngine.java,v
  retrieving revision 1.48
  retrieving revision 1.49
  diff -u -r1.48 -r1.49
  --- WSSecurityEngine.java	18 Aug 2005 14:35:00 -0000	1.48
  +++ WSSecurityEngine.java	23 Aug 2005 15:33:10 -0000	1.49
  @@ -791,11 +791,11 @@
       }
   
       /**
  -     * Check the UsernameToken element. Depending on the password type 
  +     * Check the UsernameToken element. Depending on the password type
        * contained in the element the processing differs. If the password type
        * is password digest (a hashed password) then process the password
        * commpletely here. Use the callback class to get a stored password
  -     * perform hash algorithm and compare the result with the transmitted 
  +     * perform hash algorithm and compare the result with the transmitted
        * password.
        * <p/>
        * If the password is of type password text or any other yet unknown
  @@ -804,7 +804,7 @@
        * the callback class via the WSPasswordCallback object. To distinguish
        * from digested usernam token the usage parameter of WSPasswordCallback
        * is set to <code>USERNAME_TOKEN_UNKNOWN</code>
  -     * 
  +     *
        * @param token the DOM element that contains the UsernameToken
        * @param cb the refernce to the callback object
        * @return WSUsernameTokenPrincipal that contain data that an application
  @@ -817,7 +817,7 @@
           String password = ut.getPassword();
           String nonce = ut.getNonce();
           String createdTime = ut.getCreated();
  -        String pwType = ut.getPasswordType(); 
  +        String pwType = ut.getPasswordType();
           if (doDebug) {
               log.debug("UsernameToken user " + user);
               log.debug("UsernameToken password " + password);
  @@ -1022,7 +1022,7 @@
                   */
                   else if (secRef.containsKeyIdentifier()) {
                       X509Certificate[] certs = secRef.getKeyIdentifier(crypto);
  -                    if (certs == null || certs.length != 1 || certs[0] == null) {
  +                    if (certs == null || certs.length < 1 || certs[0] == null) {
                           throw new WSSecurityException(WSSecurityException.FAILURE,
                                   "invalidX509Data", new Object[]{"for decryption \
(KeyId)"});  }
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic