Hi,
I'm trying to have a class that validates incoming SCT written in request
with Stax Security.
Request looks like this:
<soapenv:Header>
<wsse:Security>
<wsc:SecurityContextToken>
<wsc:Identifier>myToken</wsc:Identifier>
</wsc:SecurityContextToken>
</wsse:Security>
</soapenv:Header>
And I'm configuring it as
properties.put(SCT_TOKEN_VALIDATOR, "MySuperValidator");
Now I see that myValidator is being instantiated but it can't be called
because WSS4J gets validator by other QName that CXF is setting it.
CXF Part:
org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators
if (validator != null) {
properties.addValidator(WSSConstants.TAG_WSC0502_SCT,
validator);
properties.addValidator(WSSConstants.TAG_WSC0512_SCT,
validator);
}
WSS4J Part: SecurityContextTokenInputHandler.java:72
//elementName ==
{http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier but should be
SecurityContextToken ?
SecurityContextTokenValidator securityContextTokenValidator =
wssSecurityProperties.getValidator(elementName);
if (securityContextTokenValidator == null) {
securityContextTokenValidator = new
SecurityContextTokenValidatorImpl();
}
Is it a bug? Or do I configure it wrongly? I would be also glad to help to
provide PR.
Cheer
Igor
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
