[ http://jira.codehaus.org/browse/XFIRE-752?page=comments#action_80065 ]
Nick West commented on XFIRE-752:
---------------------------------
In my haste to get this bug submitted before I went home I made an error in the
proposed fix, the prior proposed fix does not correctly return false if not all
of the required security parameters are met.
Here is a proper fix:
protected boolean checkReceiverResults(Vector wsResult, Vector actions)
{
int resultActions = wsResult.size();
Set processedActions = new HashSet(actions);
for (int i = 0; i < resultActions; i++) {
int act = ((WSSecurityEngineResult)
wsResult.get(i)).getAction();
if (act == WSConstants.SC) {
continue;
}
Integer actionAsInteger = new Integer(act);
if(processedActions.contains(actionAsInteger)){
processedActions.remove(actionAsInteger);
} else {
return false;
}
}
return processedActions.size() <= 0;
}
> WSS4JInHandler.checkReceiverResults(Vector, Vector), requires that Vector
> params are in the same order
> ------------------------------------------------------------------------------------------------------
>
> Key: XFIRE-752
> URL: http://jira.codehaus.org/browse/XFIRE-752
> Project: XFire
> Issue Type: Bug
> Affects Versions: 1.2.2
> Environment: (Shouldn't be important but here it is anyway) Tomcat
> 5.0.28, Windows XP SP 2, Java 1.5.0_09
> Reporter: Nick West
> Assigned To: Dan Diephouse
> Attachments: ws-security_checkReceiverResults.zip
>
>
> WSS4JInHandler.checkReceiverResults(Vector, Vector) expects that the first
> Vector, wsResult, of WSSecurityEngineResult are in the same order as the
> passed in Vector, actions, Integers are in the same order. This causes
> problems when calling a WS from .NET which uses WSE2.0 as the timestamp isn't
> always in the order that you would expect it to be causing a "WSS4JInHandler:
> security processing failed (actions mismatch)" exception to be thrown.
> A related note, it appears someone else was/is having the same issue (see the
> middle post)
> http://mail-archives.apache.org/mod_mbox/ws-wss4j-dev/200512.mbox/[EMAIL
> PROTECTED]
> My proposed solution would be make the method checkReceiverResults not care
> about the order of the vectors passed in, here is some code that fixes the
> problem:
> protected boolean checkReceiverResults(Vector wsResult, Vector actions)
> {
> int resultActions = wsResult.size();
>
> for (int i = 0; i < resultActions; i++) {
> int act = ((WSSecurityEngineResult)
> wsResult.get(i)).getAction();
> if (act == WSConstants.SC) {
> continue;
> }
>
> if(!actions.contains(new Integer(act))){
> return false;
> }
> }
> return true;
> }
> Also attached is a modified book security example found in the xfire examples
> section. If you run the main method it will demonstrate this bug, then
> exercise the proposed bug fix
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
