You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Dittmann, Werner (JIRA)" <ji...@apache.org> on 2008/10/16 08:50:46 UTC
[jira] Commented: (WSS-148) WCF interop issue: Namespace not
honored incase of attributes.
[ https://issues.apache.org/jira/browse/WSS-148?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12640082#action_12640082 ]
Dittmann, Werner commented on WSS-148:
--------------------------------------
According to the WSS specification
"Web Services Security, UsernameToken Profile 1.1,
OASIS Standard Specification, 1 February 2006 "
the Type attribute is _not_ namespace-qualified attribute.
Refer to page 8 of the mentioned spec. Thus I would assume the
problem is in WCF. Please confirm.
Regards,
Werner
> WCF interop issue: Namespace not honored incase of attributes.
> --------------------------------------------------------------
>
> Key: WSS-148
> URL: https://issues.apache.org/jira/browse/WSS-148
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Environment: Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
> Reporter: Aditya Sawhney
> Assignee: Ruchith Udayanga Fernando
>
> WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is in the following format:
> - <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> - <s:Header>
> - <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> - <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
> <o:Username>aditya</o:Username>
> <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password>
> </o:UsernameToken>
> </o:Security>
> </s:Header>
> - <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
> - <getProductDetail xmlns="http://catalog.example/">
> <productId xmlns="">SW123</productId>
> </getProductDetail>
> </s:Body>
> </s:Envelope>
> But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:
> public UsernameToken(Element elem) throws WSSecurityException {
> ...
> if (elementPassword != null) {
> passwordType = elementPassword.getAttribute("Type");
> }
> As it tries to find "Type" attribute but in SOAP header it is "o:Type".
> getAttributeNS should be used instead.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org