You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by "Sébastien Régnier (JIRA)" <ji...@apache.org> on 2010/06/10 11:55:13 UTC

[jira] Commented: (WSS-219) empty/blank password not supported in username token. value read by wss4j is null instead of empty string

    [ https://issues.apache.org/jira/browse/WSS-219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877389#action_12877389 ] 

Sébastien Régnier commented on WSS-219:
---------------------------------------

i think there is really a bug. I have exactly the same problem. When i send with my client a empty password, i receive on the server a null password and not an empty password.

i think the problem is in org.apache.ws.security.message.token.UserNameToken :


public String getPassword() {
        return nodeString(elementPassword);
    }

private String nodeString(Element e) {
        if (e != null) {
            Text node = getFirstNode(e);
            if (node != null) {
                return node.getData();
            }
        }
        return null;

    }

the "getFirstNode" return null so getpassword return null when an empty password is sended.


> empty/blank password not supported in username token. value read by wss4j is null instead of empty string
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-219
>                 URL: https://issues.apache.org/jira/browse/WSS-219
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>         Environment: Windows/ Solaris
>            Reporter: kumar ashutosh
>            Assignee: Ruchith Udayanga Fernando
>            Priority: Minor
>
> for noraml user name token password mechanism
> if client sets:
> user name = "user1"
> password="" // empty string
> Then WSS4j processes it as null. instead it should process it as empty string of size 0 or throw exception as it does in case of username= null
> password= "   "// blank string with size>0
> Then it works fine.
> note: for password disgest empty password is replaced by default digest.
> It seems that the password is default initialized to null and is not being reinitialized if string size 0.
> Appropriate correction or exc4eption mechanism suggested

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org