'[jira] [Commented] (WSS-152) Problem with processing Username Tokens with no password type'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    [jira] [Commented] (WSS-152) Problem with processing Username Tokens with no password type
From:       "Chris Lee (JIRA)" <jira () apache ! org>
Date:       2012-06-22 15:40:43
Message-ID: 1774828018.44283.1340379643504.JavaMail.jiratomcat () issues-vm
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/WSS-152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13399386#comment-13399386 \
] 

Chris Lee commented on WSS-152:
-------------------------------

Ah! I had not made the connection between the BSP and the type attribute, so the \
error was in my understanding. Please excuse my ignorance, and thank you very much \
for your help.  
> Problem with processing Username Tokens with no password type
> -------------------------------------------------------------
> 
> Key: WSS-152
> URL: https://issues.apache.org/jira/browse/WSS-152
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.4
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.5
> 
> 
> The Username Token Profile 1.1 specifies that  a password type is optional:
> "/wsse:UsernameToken/wsse:Password/@Type
> This optional URI attribute specifies the type of password being provided."
> and furthermore that the default value is "#PasswordText". However, looking at the \
> code in UsernameTokenProcessor it doesn't appear that we support processing a \
> Username Token with no password type defined...an exception will probably be thrown \
> here: else if (!WSConstants.PASSWORD_TEXT.equals(pwType) && \
> !handleCustomPasswordTypes) { if (log.isDebugEnabled()) {
> log.debug("Authentication failed as handleCustomUsernameTokenTypes is false");
> }
> throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
> }
> In any case, a test is needed for this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: \
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more \
information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic