You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by "Werner Dittmann (JIRA)" <ji...@apache.org> on 2005/11/17 08:14:42 UTC

[jira] Commented: (WSS-25) UsernameToken password is not checked

    [ http://issues.apache.org/jira/browse/WSS-25?page=comments#action_12357854 ] 

Werner Dittmann commented on WSS-25:
------------------------------------

Which password type do you use? If you use the digest password type
then the digest will be computed and checked. Other passwords are
not checked by the usernametoken handler but could be checked by
the password callback itself. This is because only the handling of digested
passwords is specified and thus can be processed within the handler.

Regards,
Werner


> UsernameToken password is not checked
> -------------------------------------
>
>          Key: WSS-25
>          URL: http://issues.apache.org/jira/browse/WSS-25
>      Project: WSS4J
>         Type: Bug
>  Environment: Windows 2000, JDK 1.5.0_05-b05
>     Reporter: Kevin Fung
>     Assignee: Davanum Srinivas

>
> In the handleUsernameToken method in WSSecurityEngine class, the password returned by the password handler is not compared against the password/digest from the UsernameToken. The result is that any password will be accepted.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org