According to the WSS specification "Web Services Security, UsernameToken Profile 1.1, OASIS Standard Specification, 1 February 2006 "
the Type attribute is _not_ namespace-qualified attribute. Refer to page 8 of the mentioned spec. Thus I would assume the problem is in WCF. Please confirm. Regards, Werner > -----Original Message----- > From: ext Aditya Sawhney (JIRA) [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 16, 2008 2:07 AM > To: [email protected] > Subject: [jira] Created: (WSS-148) WCF interop issue: > Namespace not honored incase of attributes. > > WCF interop issue: Namespace not honored incase of attributes. > -------------------------------------------------------------- > > Key: WSS-148 > URL: https://issues.apache.org/jira/browse/WSS-148 > Project: WSS4J > Issue Type: Bug > Components: WSS4J Handlers > Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5 > Reporter: Aditya Sawhney > Assignee: Ruchith Udayanga Fernando > > > WSS4J cannot authenticate the WS-Security profile consisting > of UsernameToken. The SOAP header created by WCF is in the > following format: > > - <s:Envelope > xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > ss-wssecurity-utility-1.0.xsd"> > - <s:Header> > - <o:Security s:mustUnderstand="1" > xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > ss-wssecurity-secext-1.0.xsd"> > - <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1"> > <o:Username>aditya</o:Username> > <o:Password > o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > s-username-token-profile-1.0#PasswordText">aditya</o:Password> > </o:UsernameToken> > </o:Security> > </s:Header> > - <s:Body > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema";> > - <getProductDetail xmlns="http://catalog.example/";> > <productId xmlns="">SW123</productId> > </getProductDetail> > </s:Body> > </s:Envelope> > > But, WSS4J is unable to validate it because it fails to > determine the "passwordType" in UsernameToken constructor: > > public UsernameToken(Element elem) throws WSSecurityException { > ... > if (elementPassword != null) { > passwordType = elementPassword.getAttribute("Type"); > } > > As it tries to find "Type" attribute but in SOAP header it is > "o:Type". > getAttributeNS should be used instead. > > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
