You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@ws.apache.org by "David R. Robison" <da...@openroadsconsulting.com> on 2014/10/07 02:51:19 UTC
Proposed patch for nonce missing encoderType
From the WS-Security spec it appears that the encodingType for the
nonce is optional and, if missing, defaults to Base64 encoding. This
patch assumes this default if the encodingType is missing.
David
Index: src/main/java/org/apache/ws/security/message/token/UsernameToken.java
===================================================================
---
src/main/java/org/apache/ws/security/message/token/UsernameToken.java
(revision 1629762)
+++
src/main/java/org/apache/ws/security/message/token/UsernameToken.java
(working copy)
@@ -1163,8 +1163,8 @@
Element nonce = nonceElements.get(0);
String encodingType = nonce.getAttributeNS(null,
"EncodingType");
// Encoding Type must be equal to Base64Binary
- if (encodingType == null || "".equals(encodingType)
- || !BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
+ if (encodingType == null || "".equals(encodingType))
encodingType = BinarySecurity.BASE64_ENCODING;
+ if(!BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
if (LOG.isDebugEnabled()) {
LOG.debug("The Username Token's nonce element has
a bad encoding type");
}
--
David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: +1 757-546-3401
e-mail: david.robison@openroadsconsulting.com
web: http://www.openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526
This email communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.
If you are not the intended recipient, please delete this email immediately.
Re: Proposed patch for nonce missing encoderType
Posted by "David R. Robison" <da...@openroadsconsulting.com>.
Sorry, I guess I was looking at the WS-Security sepc not the BSP spec. David
David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: +1 757-546-3401
e-mail: david.robison@openroadsconsulting.com
web: http://www.openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526
On 10/7/2014 4:09 AM, Colm O hEigeartaigh wrote:
>
> That particular piece of code is in a block which enforces Basic
> Security Profile conformance. In the BSP spec, the EncodingType
> attribute *must* be present, there is no default to fall back to. If a
> third party client is not sending an EncodingType attribute, then you
> will have to disable BSP Compliance on the service to get it to work.
>
> Colm.
>
> On Tue, Oct 7, 2014 at 1:51 AM, David R. Robison
> <david.robison@openroadsconsulting.com
> <ma...@openroadsconsulting.com>> wrote:
>
> From the WS-Security spec it appears that the encodingType for the
> nonce is optional and, if missing, defaults to Base64 encoding. This
> patch assumes this default if the encodingType is missing.
> David
>
> Index:
> src/main/java/org/apache/ws/security/message/token/UsernameToken.java
> ===================================================================
> ---
> src/main/java/org/apache/ws/security/message/token/UsernameToken.java
> (revision 1629762)
> +++
> src/main/java/org/apache/ws/security/message/token/UsernameToken.java
> (working copy)
> @@ -1163,8 +1163,8 @@
> Element nonce = nonceElements.get(0);
> String encodingType = nonce.getAttributeNS(null,
> "EncodingType");
> // Encoding Type must be equal to Base64Binary
> - if (encodingType == null || "".equals(encodingType)
> - ||
> !BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
> + if (encodingType == null || "".equals(encodingType))
> encodingType = BinarySecurity.BASE64_ENCODING;
> + if(!BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
> if (LOG.isDebugEnabled()) {
> LOG.debug("The Username Token's nonce
> element has
> a bad encoding type");
> }
>
>
>
> --
>
> David R Robison
> Open Roads Consulting, Inc.
> 103 Watson Road, Chesapeake, VA 23320
> phone: +1 757-546-3401
> e-mail: david.robison@openroadsconsulting.com
> <ma...@openroadsconsulting.com>
> web: http://www.openroadsconsulting.com
> blog: http://therobe.blogspot.com
> book:
> http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526
>
>
>
> This email communication (including any attachments) may contain
> confidential and/or privileged material intended solely for the
> individual or entity to which it is addressed.
> If you are not the intended recipient, please delete this email
> immediately.
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
This email communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.
If you are not the intended recipient, please delete this email immediately.
Re: Proposed patch for nonce missing encoderType
Posted by Colm O hEigeartaigh <co...@apache.org>.
That particular piece of code is in a block which enforces Basic Security
Profile conformance. In the BSP spec, the EncodingType attribute *must* be
present, there is no default to fall back to. If a third party client is
not sending an EncodingType attribute, then you will have to disable BSP
Compliance on the service to get it to work.
Colm.
On Tue, Oct 7, 2014 at 1:51 AM, David R. Robison <
david.robison@openroadsconsulting.com> wrote:
> From the WS-Security spec it appears that the encodingType for the
> nonce is optional and, if missing, defaults to Base64 encoding. This
> patch assumes this default if the encodingType is missing.
> David
>
> Index:
> src/main/java/org/apache/ws/security/message/token/UsernameToken.java
> ===================================================================
> ---
> src/main/java/org/apache/ws/security/message/token/UsernameToken.java
> (revision 1629762)
> +++
> src/main/java/org/apache/ws/security/message/token/UsernameToken.java
> (working copy)
> @@ -1163,8 +1163,8 @@
> Element nonce = nonceElements.get(0);
> String encodingType = nonce.getAttributeNS(null,
> "EncodingType");
> // Encoding Type must be equal to Base64Binary
> - if (encodingType == null || "".equals(encodingType)
> - || !BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
> + if (encodingType == null || "".equals(encodingType))
> encodingType = BinarySecurity.BASE64_ENCODING;
> + if(!BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
> if (LOG.isDebugEnabled()) {
> LOG.debug("The Username Token's nonce element has
> a bad encoding type");
> }
>
>
>
> --
>
> David R Robison
> Open Roads Consulting, Inc.
> 103 Watson Road, Chesapeake, VA 23320
> phone: +1 757-546-3401
> e-mail: david.robison@openroadsconsulting.com
> web: http://www.openroadsconsulting.com
> blog: http://therobe.blogspot.com
> book:
> http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526
>
>
>
> This email communication (including any attachments) may contain
> confidential and/or privileged material intended solely for the individual
> or entity to which it is addressed.
> If you are not the intended recipient, please delete this email
> immediately.
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com