You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by ji...@apache.org on 2004/06/16 19:15:10 UTC
[jira] Created: (WSFX-11) WsDoAllSender forces all Username tokens to use DIGEST password
Message:
A new issue has been created in JIRA.
---------------------------------------------------------------------
View the issue:
http://issues.apache.org/jira/browse/WSFX-11
Here is an overview of the issue:
---------------------------------------------------------------------
Key: WSFX-11
Summary: WsDoAllSender forces all Username tokens to use DIGEST password
Type: Bug
Status: Unassigned
Priority: Major
Project: WSFX
Components:
WSS4J
Assignee:
Reporter: Cameron F. Logan
Created: Wed, 16 Jun 2004 10:14 AM
Updated: Wed, 16 Jun 2004 10:14 AM
Environment: JDK 1.4.2_04, Windows 2000sp4, Dell Laptop, Axis v1.2beta
Description:
I found (and believe fixed) a bug in the support for clear text password. Currently lines 621 - 626 of WSDoAllSender.java cause all Passwords to be of type "DIGEST". The current logic checks to see if the password type equals WSContants.PW_TEXT (which it should never equal anyway). If not, it sets the password type to DIGEST.
I changed these lines to:
if (pwType != null) {
pwType =
pwType.equals(WSConstants.PW_TEXT)
? WSConstants.PASSWORD_TEXT
: pwType;
}
so that pwType is not automatically overwritten with PASSWORD_DIGEST. This may not be the best fix, but it at least allows a type of PASSWORD_TEXT to exist!
---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
[jira] Commented: (WSFX-11) WsDoAllSender forces all Username tokens to use DIGEST password
Posted by ji...@apache.org.
The following comment has been added to this issue:
Author: Cameron F. Logan
Created: Thu, 17 Jun 2004 9:30 AM
Body:
I did not use a deployment descriptor in the code in which I reported this issue. I was setting the password type via the setProperty method of the Call object within my SoapStub:
<snip>
// ***Added for WSSE support - Apache Project***
_call.setProperty(UsernameToken.PASSWORD_TYPE, WSConstants.PASSWORD_TEXT);
_call.setProperty(WSDoAllConstants.ACTION, WSDoAllConstants.USERNAME_TOKEN);
_call.setClientHandlers(new WSDoAllSender(), null);
<snip>
I am sure if this changes the assertion that it is working correctly, or not, but from the step-through debuggin I performed it seemed as though the WSDoAllSender code was definitely forcing all password types to be "DIGEST".
---------------------------------------------------------------------
View this comment:
http://issues.apache.org/jira/browse/WSFX-11?page=comments#action_36217
---------------------------------------------------------------------
View the issue:
http://issues.apache.org/jira/browse/WSFX-11
Here is an overview of the issue:
---------------------------------------------------------------------
Key: WSFX-11
Summary: WsDoAllSender forces all Username tokens to use DIGEST password
Type: Bug
Status: Open
Priority: Major
Project: WSFX
Components:
WSS4J
Assignee: Werner Dittmann
Reporter: Cameron F. Logan
Created: Wed, 16 Jun 2004 10:14 AM
Updated: Thu, 17 Jun 2004 9:30 AM
Environment: JDK 1.4.2_04, Windows 2000sp4, Dell Laptop, Axis v1.2beta
Description:
I found (and believe fixed) a bug in the support for clear text password. Currently lines 621 - 626 of WSDoAllSender.java cause all Passwords to be of type "DIGEST". The current logic checks to see if the password type equals WSContants.PW_TEXT (which it should never equal anyway). If not, it sets the password type to DIGEST.
I changed these lines to:
if (pwType != null) {
pwType =
pwType.equals(WSConstants.PW_TEXT)
? WSConstants.PASSWORD_TEXT
: pwType;
}
so that pwType is not automatically overwritten with PASSWORD_DIGEST. This may not be the best fix, but it at least allows a type of PASSWORD_TEXT to exist!
---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
[jira] Assigned: (WSFX-11) WsDoAllSender forces all Username tokens to use DIGEST password
Posted by ji...@apache.org.
Message:
The following issue has been re-assigned.
Assignee: Werner Dittmann (mailto:werner.dittmann@t-online.de)
---------------------------------------------------------------------
View the issue:
http://issues.apache.org/jira/browse/WSFX-11
Here is an overview of the issue:
---------------------------------------------------------------------
Key: WSFX-11
Summary: WsDoAllSender forces all Username tokens to use DIGEST password
Type: Bug
Status: Open
Priority: Major
Project: WSFX
Components:
WSS4J
Assignee: Werner Dittmann
Reporter: Cameron F. Logan
Created: Wed, 16 Jun 2004 10:14 AM
Updated: Thu, 17 Jun 2004 1:41 AM
Environment: JDK 1.4.2_04, Windows 2000sp4, Dell Laptop, Axis v1.2beta
Description:
I found (and believe fixed) a bug in the support for clear text password. Currently lines 621 - 626 of WSDoAllSender.java cause all Passwords to be of type "DIGEST". The current logic checks to see if the password type equals WSContants.PW_TEXT (which it should never equal anyway). If not, it sets the password type to DIGEST.
I changed these lines to:
if (pwType != null) {
pwType =
pwType.equals(WSConstants.PW_TEXT)
? WSConstants.PASSWORD_TEXT
: pwType;
}
so that pwType is not automatically overwritten with PASSWORD_DIGEST. This may not be the best fix, but it at least allows a type of PASSWORD_TEXT to exist!
---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
[jira] Commented: (WSFX-11) WsDoAllSender forces all Username tokens to use DIGEST password
Posted by ji...@apache.org.
The following comment has been added to this issue:
Author: Werner Dittmann
Created: Thu, 17 Jun 2004 1:41 AM
Body:
According to our testcases and interop tests the following
service deployment works fine with the current coding:
<pre>
<service name="Ping1">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="user" value="Chris"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="action" value="UsernameToken"/>
<parameter name="passwordType" value="PasswordText" />
</handler>
</requestFlow>
</service>
</pre>
However, while checking this I discovered another problem with
UsernameToken password type: the type declaration in WSConstants
uses a wrong namespace ... I'll fix it and check it in some time
later today.
Regads,
Werner
---------------------------------------------------------------------
View this comment:
http://issues.apache.org/jira/browse/WSFX-11?page=comments#action_36203
---------------------------------------------------------------------
View the issue:
http://issues.apache.org/jira/browse/WSFX-11
Here is an overview of the issue:
---------------------------------------------------------------------
Key: WSFX-11
Summary: WsDoAllSender forces all Username tokens to use DIGEST password
Type: Bug
Status: Unassigned
Priority: Major
Project: WSFX
Components:
WSS4J
Assignee:
Reporter: Cameron F. Logan
Created: Wed, 16 Jun 2004 10:14 AM
Updated: Thu, 17 Jun 2004 1:41 AM
Environment: JDK 1.4.2_04, Windows 2000sp4, Dell Laptop, Axis v1.2beta
Description:
I found (and believe fixed) a bug in the support for clear text password. Currently lines 621 - 626 of WSDoAllSender.java cause all Passwords to be of type "DIGEST". The current logic checks to see if the password type equals WSContants.PW_TEXT (which it should never equal anyway). If not, it sets the password type to DIGEST.
I changed these lines to:
if (pwType != null) {
pwType =
pwType.equals(WSConstants.PW_TEXT)
? WSConstants.PASSWORD_TEXT
: pwType;
}
so that pwType is not automatically overwritten with PASSWORD_DIGEST. This may not be the best fix, but it at least allows a type of PASSWORD_TEXT to exist!
---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira