[jira] Commented: (WSS-68) No way to create a UsernameToken with absent element

Thu, 05 Jun 2008 03:12:08 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-68?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12602605#action_12602605
 ] 

Sérgio Patrício commented on WSS-68:
------------------------------------

Thanks, it worked.

I detected this error when trying to sign the message using a secret key 
derived from a UsernameToken, did not work because the password is required. I 
followed the code in the action UsernameTokenSignedAction.
Here is the example:

            Document doc = ...
            WSSecHeader secHeader = new WSSecHeader();
            secHeader.insertSecurityHeader(doc);
            
            WSSecUsernameToken builder = new WSSecUsernameToken();
            builder.setUserInfo("user", null);
            builder.setPasswordType(null);
            builder.addCreated();
            builder.addNonce();
            builder.prepare(doc);
            
            WSSecSignature sign = new WSSecSignature();
            sign.setUsernameToken(builder);
            sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
            sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
            
            sign.prepare(doc, null, secHeader);
            
            sign.prependToHeader(secHeader);
            builder.prependToHeader(secHeader);
            
            SOAPConstants soapConstants = 
WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
            
            Vector parts = new Vector();
            WSEncryptionPart encP = new 
WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(), 
soapConstants.getEnvelopeURI(), "Content");
            parts.add(encP);
            
            sign.addReferencesToSign(parts, secHeader);
            sign.computeSignature();

In this case if I set the password to null it will give a error that an 
argument is missing.
I just don't know if this error is expected or if in this case the 
UsernameToken is required to have the password.


> No way to create a UsernameToken with absent <Password> element
> ---------------------------------------------------------------
>
>                 Key: WSS-68
>                 URL: https://issues.apache.org/jira/browse/WSS-68
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: George Stanchev
>             Fix For: 1.5.4
>
>         Attachments: UsernameToken.java, wss4j-1.5.3.patch, 
> WSSecUsernameToken.java
>
>
> We should be able to create UsernameTokens without <Password> in them if 
> needed. Password is an optional element

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to