You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Dittmann, Werner (JIRA)" <ji...@apache.org> on 2008/10/16 08:50:46 UTC

[jira] Commented: (WSS-148) WCF interop issue: Namespace not honored incase of attributes.

    [ https://issues.apache.org/jira/browse/WSS-148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12640082#action_12640082 ] 

Dittmann, Werner commented on WSS-148:
--------------------------------------

According to the WSS specification 

"Web Services Security, UsernameToken Profile 1.1,
 OASIS Standard Specification, 1 February 2006 "

the Type attribute is _not_ namespace-qualified attribute.
Refer to page 8 of the mentioned spec. Thus I would assume the
problem is in WCF. Please confirm.

Regards,
Werner



> WCF interop issue: Namespace not honored incase of attributes.
> --------------------------------------------------------------
>
>                 Key: WSS-148
>                 URL: https://issues.apache.org/jira/browse/WSS-148
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Handlers
>         Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
>            Reporter: Aditya Sawhney
>            Assignee: Ruchith Udayanga Fernando
>
> WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is   in the following format:
> - <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> - <s:Header>
> - <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> - <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
>   <o:Username>aditya</o:Username> 
>   <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password> 
>   </o:UsernameToken>
>   </o:Security>
>   </s:Header>
> - <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
> - <getProductDetail xmlns="http://catalog.example/">
>   <productId xmlns="">SW123</productId> 
>   </getProductDetail>
>   </s:Body>
>   </s:Envelope>
> But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:
> public UsernameToken(Element elem) throws WSSecurityException {
> ...
>        if (elementPassword != null) {
>             passwordType = elementPassword.getAttribute("Type");
>         }
> As it tries to find "Type" attribute but in SOAP header it is "o:Type".
> getAttributeNS should be used instead.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org