[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: [jira] [Updated] (WSS-610) WSSecurityUtil.decodeAction misbehaving when sending NoSecurity
From: "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date: 2017-07-10 8:49:00
Message-ID: JIRA.13085697.1499528381000.205636.1499676540890 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Colm O hEigeartaigh updated WSS-610:
------------------------------------
Fix Version/s: 2.1.11
2.0.11
2.2.0
> WSSecurityUtil.decodeAction misbehaving when sending NoSecurity
> ---------------------------------------------------------------
>
> Key: WSS-610
> URL: https://issues.apache.org/jira/browse/WSS-610
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Alexandru-Constantin Bledea
> Assignee: Colm O hEigeartaigh
> Fix For: 2.2.0, 2.0.11, 2.1.11
>
>
> The decode method from org.apache.wss4j.dom.util.WSSecurityUtil doesn't appear to \
> do the right thing when sending NoSecurity. There seems to be an assumption that if \
> someone will add NoSecurity it will always be in the first position. But if we're \
> sending for instance "UsernameToken NoSecurity Signature" we're getting back [ 1 ]. \
> If we want NoSecurity to override all other actions, we should probably return []
> {code:java}
> if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
> return actions;
> {code}
> should probably be replaced with
> {code:java}
> if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
> return Collections.emptyList();
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic