[jira] Created: (WSFX-12) Pre-OASIS_1_0 Compliance uses inappropriate header attributes

[ji...@apache.org]

Message:

  A new issue has been created in JIRA.

---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/WSFX-12

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: WSFX-12
    Summary: Pre-OASIS_1_0 Compliance uses inappropriate header attributes
       Type: Bug

     Status: Unassigned
   Priority: Major

    Project: WSFX
 Components: 
             WSS4J

   Assignee: 
   Reporter: Cameron F. Logan

    Created: Wed, 16 Jun 2004 10:21 AM
    Updated: Wed, 16 Jun 2004 10:21 AM
Environment: JDK1.4.2_04; windows 2000sp4; axis1.2beta

Description:
For web services that are only compliant to lower specifications (e.g., OASIS_2002_07), the presence of the "Type" attribute on the wsse:Password element causes the invocations using the Username token to fail. I compiled the WSS4J package with the OASIS_2002_07 compliance level, however, it still inserted the lengthy Type attribute in to the Password element; I believe that this attribute is only relevant for the OASIS_1_0 specification. Especially if/when the header is set to "mustUnderstand", this causes the authentication to fail. If one explicitly removes the writting of this type attribute in the UsernameToken object, then the invocation succeeds for the OASIS_2002_07 compliant service.

In general, it seems that backward compatibility for the Username token needs some serious attention.


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira