[xfire-dev] [jira] Commented: (XFIRE-383) Does XFire-WS-Security WSS4JInHandler properly handle UsernameToken?

Fri, 05 May 2006 15:46:47 -0700 

    [ http://jira.codehaus.org/browse/XFIRE-383?page=comments#action_64821 ] 

Brian Bonner commented on XFIRE-383:
------------------------------------

Tomasz,

I probably made a mistake by pasting the PasswordCallbackHandler with this JIRA 
issue.  I'm going to open up a separate issue for it.  I'm not sure what your 
comment was referring to:

In the first patch, I set the value properties to USERNAME_TOKEN and 
PASSWORD_TEXT,  however, the password type is set to:
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";

If I say I want the Password as TEXT, then why is it generating Digest????

+    ctx.setProperty(WSHandlerConstants.ACTION, 
WSHandlerConstants.USERNAME_TOKEN);
+    ctx.setProperty(WSHandlerConstants.SIG_PROP_FILE, 
"META-INF/xfire/outsecurity.properties");
+    ctx.setProperty(WSHandlerConstants.USER, "myAlias");
+    ctx.setProperty("password", "myAliasPassword");
+    ctx.setProperty(WSHandlerConstants.PASSWORD_TYPE, 
WSConstants.PASSWORD_TEXT);

I'll post the other patch to another Jira.

> Does XFire-WS-Security WSS4JInHandler properly handle UsernameToken?
> --------------------------------------------------------------------
>
>          Key: XFIRE-383
>          URL: http://jira.codehaus.org/browse/XFIRE-383
>      Project: XFire
>         Type: Bug

>     Versions: 1.1-RC1
>  Environment: jdk1.5.0_06, maven2.0.4, eclipse 3.1.2
>     Reporter: Brian Bonner
>     Assignee: Dan Diephouse
>  Attachments: WSS4JInOutUserNameTokenTest.java, ws-security-testcase-patch.txt
>
>
> I've attached a patch to the WSS4JInOutTest to illustrate what I think the 
> problem is.
> Specifically,
> When the Action is set to UsernameToken,
> The password line is presented like this:
> <wsse:Password 
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";
>  
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>k6fDmkGxRMWElSjBsU1XPFrn1Zc=</wsse:Password>
> It looks like a digest.
> Can someone confirm this?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to