[prev in list] [next in list] [prev in thread] [next in thread]
List: wss4j-dev
Subject: UsernameTokenProcessor and plain text UsernameTokens
From: "Frode Ruud Laukus" <laukus () gmail ! com>
Date: 2008-11-14 12:05:12
Message-ID: 40f1495a0811140405g5163c8d2vb07c334ff42f22ab () mail ! gmail ! com
[Download RAW message or body]
Hello,
I have a question regarding UsernameTokenProcessor and plain text
UsernameTokens in WSS4J.
This is lines 139-146 from latest version of
org.apache.ws.security.processor.UsernameTokenProcessor.java:
if (cb == null) {
throw new
WSSecurityException(WSSecurityException.FAILURE, "noCallback");
} else if (!WSConstants.PASSWORD_TEXT.equals(pwType) &&
!handleCustomPasswordTypes) {
if (log.isDebugEnabled()) {
log.debug("Authentication failed as
handleCustomUsernameTokenTypes is false");
}
throw new
WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
}
These are two of the constant fields in the WSConstants class and their values:
WSConstants.PASSWORD_TEXT =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
WSConstants.PW_TEXT = "PasswordText"
Right now the UsernameTokenProcessor only evaluates a plain text
UsernameToken when the type declaration in the UsernameToken is the
same as the long version WSConstants.PASSWORD_TEXT.
Is this a conscious choice? If so, why?
Or should the else if statement rather be something like this?
else if ((!WSConstants.PASSWORD_TEXT.equals(pwType) ||
!WSConstants.PW_TEXT.equals(pwType)) && !handleCustomPasswordTypes) {
Thanks!
Best regards
Frode Laukus
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic