SecurityContextToken validation

Fri, 22 Nov 2019 08:05:43 -0800 

Hi,
I want to validate incoming SCT, so now I'm trying to configure Validatior for 
it. 
But it looks like that Stax implementation and Wss4j not compatible right now:

WSS4JStaxInInterceptor.java#360:
        validator = loadValidator(SecurityConstants.SCT_TOKEN_VALIDATOR, 
message);
        if (validator != null) {
            properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator);
            properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator);
        }

SecurityContextTokenInputHandler.java#72:
        // elementName = {http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier
        SecurityContextTokenValidator securityContextTokenValidator = 
wssSecurityProperties.getValidator(elementName);
        if (securityContextTokenValidator == null) {
            securityContextTokenValidator = new 
SecurityContextTokenValidatorImpl();
        }

Is it a bug? Or am I doing it wrong by trying to configure Validator through 
"ws-security.sct.validator"?

Reply via email to