Steve,
thanks for the info. Because we some other issues with UsernameToken we will fix it the next days.
Regards, Werner
Steve Brunton schrieb:
Hi there, we currently started running through some use cases here for a project and have run upon what we think is a slight bug in the .ws.security.message.token.UsernameToken. It looks like the Oasis spec says that /wsse:Username Token/wsse:Password is an optional element in the Security header. In one of our use cases this is in fact the case and the client code is not sending the Password element.
In the UsernameToken code there is a check to see what type the Password is, but if there is no password the type.equals() check will toss an exception since there is no type to check against. Just want to check to see if this should be wrapped in an if statement first to make sure either the elementPassword is not null or the type attribute is not null before the .equals() is evaluated for the case where a Password is not supplied.
