You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2013/03/13 20:34:12 UTC

[jira] [Commented] (RAMPART-400) PolicyBasedResultsValidator incorrectly rejects hashed passwords

    [ https://issues.apache.org/jira/browse/RAMPART-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13601532#comment-13601532 ] 

Hudson commented on RAMPART-400:
--------------------------------

Integrated in Rampart #1438 (See [https://builds.apache.org/job/Rampart/1438/])
    Applied patch provided in RAMPART-400 by Nathan Clement (Revision 1456077)

     Result = SUCCESS
ruchithf : 
Files : 
* /axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
* /axis/axis2/java/rampart/trunk/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
* /axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-hashed-password.xml
* /axis/axis2/java/rampart/trunk/modules/rampart-tests/test-resources/policy/rampart-plaintext-password.xml

                
> PolicyBasedResultsValidator incorrectly rejects hashed passwords
> ----------------------------------------------------------------
>
>                 Key: RAMPART-400
>                 URL: https://issues.apache.org/jira/browse/RAMPART-400
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.6.2
>            Reporter: Nathan Clement
>            Assignee: Ruchith Udayanga Fernando
>             Fix For: 1.7.0
>
>         Attachments: hashed_password.patch
>
>
> As per the mailing list, when a PasswordDigest is used, wssUt.getPassword() returns the hashed password value, and an this exception is thrown, even though the request is valid according to the policy.  The if statement on line 333 of PolicyBasedResultsValidator should be:
> {code}
> } else if (!ut.isHashPassword() && (wssUt.getPassword() == null ||
>           !wssUt.getPasswordType().equals(WSConstants.PASSWORD_TEXT))) {
>     throw new RampartException("invalidUsernameTokenType");
> {code}
> See attached for patch code.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org