[
https://issues.apache.org/jira/browse/WSS-152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved WSS-152.
-------------------------------------
Resolution: Fixed
> Problem with processing Username Tokens with no password type
> -------------------------------------------------------------
>
> Key: WSS-152
> URL: https://issues.apache.org/jira/browse/WSS-152
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.4
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.5
>
>
> The Username Token Profile 1.1 specifies that a password type is optional:
> "/wsse:UsernameToken/wsse:Password/@Type
> This optional URI attribute specifies the type of password being
> provided."
> and furthermore that the default value is "#PasswordText". However, looking
> at the code in UsernameTokenProcessor it doesn't appear that we support
> processing a Username Token with no password type defined...an exception will
> probably be thrown here:
> else if (!WSConstants.PASSWORD_TEXT.equals(pwType) &&
> !handleCustomPasswordTypes) {
> if (log.isDebugEnabled()) {
> log.debug("Authentication failed as handleCustomUsernameTokenTypes is
> false");
> }
> throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
> }
> In any case, a test is needed for this.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
