You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/02/07 12:42:37 UTC
svn commit: r1443424 -
/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java
Author: coheigea
Date: Thu Feb 7 11:42:37 2013
New Revision: 1443424
URL: http://svn.apache.org/viewvc?rev=1443424&view=rev
Log:
[WSS-421] - WSSecSignature does not allow access to the internal BinarySecurityToken after it is applied to the security header
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java
Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java?rev=1443424&r1=1443423&r2=1443424&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/message/WSSecSignature.java Thu Feb 7 11:42:37 2013
@@ -108,6 +108,7 @@ public class WSSecSignature extends WSSe
private X509Certificate useThisCert = null;
private Element securityHeader = null;
private boolean useCustomSecRef;
+ private boolean bstAddedToSecurityHeader = false;
public WSSecSignature() {
super();
@@ -443,10 +444,10 @@ public class WSSecSignature extends WSSe
* @param secHeader The security header
*/
public void prependBSTElementToHeader(WSSecHeader secHeader) {
- if (bstToken != null) {
+ if (bstToken != null && !bstAddedToSecurityHeader) {
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bstToken.getElement());
+ bstAddedToSecurityHeader = true;
}
- bstToken = null;
}
/**
@@ -454,11 +455,11 @@ public class WSSecSignature extends WSSe
* @param secHeader The security header
*/
public void appendBSTElementToHeader(WSSecHeader secHeader) {
- if (bstToken != null) {
+ if (bstToken != null && !bstAddedToSecurityHeader) {
Element secHeaderElement = secHeader.getSecurityHeader();
secHeaderElement.appendChild(bstToken.getElement());
+ bstAddedToSecurityHeader = true;
}
- bstToken = null;
}
/**