In WSS4J 1.1.0 in WSDoAllReceiver there is a check of security actions
which also checks the size of actions. However this part is moved in
WSS4J 1.5 to WSHandler.java using checkReceiverResults function and
action size check is commented out. However the checking for loop is
controled against the size of actions received in the SOAP message. This
cause a security problem when an empty security header is sent. It omits
the for loop and throws no exception!
On Pzt, 2007-01-15 at 11:43 +0200, Gürkan Vural wrote:
> Are there any reason to comment out the below code im WSHandler
> checkReceiverResults function?
>
> // if (size != resultActions) {
> // throw new AxisFault(
> // "WSDoAllReceiver: security processing failed (actions number
> // mismatch)");
> // }
>
--
gürkan
==========================================================-
Bu e-posta sadece yukarida isimleri belirtilen kisiler arasinda �zel haberlesme
amacini tasimaktadir. Size yanlislikla ulasmissa l�tfen g�nderen kisiyi
bilgilendiriniz ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez
Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir hukuksal sorumlulugu
kabul etmez.
This e-mail communication is intended for the private use of the people named
above. If you received this message in error, please immediately notify the
sender and delete it from your system. The Central Bank of The Republic of
Turkey does not accept legal responsibility for the contents of this message.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
