You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2009/10/21 17:30:59 UTC
[jira] Resolved: (CXF-2487)
SecureConversationTokenFinderInterceptor stores the wrong token identifier
[ https://issues.apache.org/jira/browse/CXF-2487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp resolved CXF-2487.
------------------------------
Resolution: Fixed
Assignee: Daniel Kulp
Patch applied.
> SecureConversationTokenFinderInterceptor stores the wrong token identifier
> --------------------------------------------------------------------------
>
> Key: CXF-2487
> URL: https://issues.apache.org/jira/browse/CXF-2487
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.2.4
> Reporter: Colm O hEigeartaigh
> Assignee: Daniel Kulp
> Fix For: 2.2.5, 2.3
>
> Attachments: cxf-2487.patch
>
>
> The SecureConversationTokenFinderInterceptor in CXF has this line:
> message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getID());
> but it also stores the token like so:
> SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
> Then in AbstractBindingBuilder.getSecurityToken() it tries to find the token in the token store using SecurityConstants.TOKEN_ID, and an error of "No signature token id" is thrown. The SecureConversationTokenFinderInterceptor should store the Identifier of the SCT instead (getIdentifier, not getIDI()).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.