You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by "Werner Dittmann (JIRA)" <ji...@apache.org> on 2006/01/17 11:09:43 UTC

[jira] Closed: (WSS-25) UsernameToken password is not checked

     [ http://issues.apache.org/jira/browse/WSS-25?page=all ]
     
Werner Dittmann closed WSS-25:
------------------------------

    Resolution: Won't Fix

Intended behaviour

> UsernameToken password is not checked
> -------------------------------------
>
>          Key: WSS-25
>          URL: http://issues.apache.org/jira/browse/WSS-25
>      Project: WSS4J
>         Type: Bug
>  Environment: Windows 2000, JDK 1.5.0_05-b05
>     Reporter: Kevin Fung
>     Assignee: Davanum Srinivas

>
> In the handleUsernameToken method in WSSecurityEngine class, the password returned by the password handler is not compared against the password/digest from the UsernameToken. The result is that any password will be accepted.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org