Problem with processing Username Tokens with no password type
-------------------------------------------------------------
Key: WSS-152
URL: https://issues.apache.org/jira/browse/WSS-152
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.5.4
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
The Username Token Profile 1.1 specifies that a password type is optional:
"/wsse:UsernameToken/wsse:Password/@Type
This optional URI attribute specifies the type of password being
provided."
and furthermore that the default value is "#PasswordText". However, looking at
the code in UsernameTokenProcessor it doesn't appear that we support processing
a Username Token with no password type defined...an exception will probably be
thrown here:
else if (!WSConstants.PASSWORD_TEXT.equals(pwType) &&
!handleCustomPasswordTypes) {
if (log.isDebugEnabled()) {
log.debug("Authentication failed as handleCustomUsernameTokenTypes is
false");
}
throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
}
In any case, a test is needed for this.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
