You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2009/10/21 17:13:02 UTC
[jira] Updated: (CXF-2487) SecureConversationTokenFinderInterceptor
stores the wrong token identifier
[ https://issues.apache.org/jira/browse/CXF-2487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated CXF-2487:
-------------------------------------
Attachment: cxf-2487.patch
A patch for this issue.
Colm.
> SecureConversationTokenFinderInterceptor stores the wrong token identifier
> --------------------------------------------------------------------------
>
> Key: CXF-2487
> URL: https://issues.apache.org/jira/browse/CXF-2487
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.2.4
> Reporter: Colm O hEigeartaigh
> Fix For: 2.2.5, 2.3
>
> Attachments: cxf-2487.patch
>
>
> The SecureConversationTokenFinderInterceptor in CXF has this line:
> message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getID());
> but it also stores the token like so:
> SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
> Then in AbstractBindingBuilder.getSecurityToken() it tries to find the token in the token store using SecurityConstants.TOKEN_ID, and an error of "No signature token id" is thrown. The SecureConversationTokenFinderInterceptor should store the Identifier of the SCT instead (getIdentifier, not getIDI()).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.