You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2008/12/01 13:11:44 UTC

[jira] Created: (WSS-152) Problem with processing Username Tokens with no password type

Problem with processing Username Tokens with no password type
-------------------------------------------------------------

                 Key: WSS-152
                 URL: https://issues.apache.org/jira/browse/WSS-152
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
    Affects Versions: 1.5.4
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh



The Username Token Profile 1.1 specifies that  a password type is optional:

"/wsse:UsernameToken/wsse:Password/@Type
        This optional URI attribute specifies the type of password being provided."

and furthermore that the default value is "#PasswordText". However, looking at the code in UsernameTokenProcessor it doesn't appear that we support processing a Username Token with no password type defined...an exception will probably be thrown here:

else if (!WSConstants.PASSWORD_TEXT.equals(pwType) && !handleCustomPasswordTypes) {
    if (log.isDebugEnabled()) {
        log.debug("Authentication failed as handleCustomUsernameTokenTypes is false");
    }
    throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
}

In any case, a test is needed for this.



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

[jira] Closed: (WSS-152) Problem with processing Username Tokens with no password type

Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WSS-152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh closed WSS-152.
-----------------------------------


> Problem with processing Username Tokens with no password type
> -------------------------------------------------------------
>
>                 Key: WSS-152
>                 URL: https://issues.apache.org/jira/browse/WSS-152
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.4
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.5.5
>
>
> The Username Token Profile 1.1 specifies that  a password type is optional:
> "/wsse:UsernameToken/wsse:Password/@Type
>         This optional URI attribute specifies the type of password being provided."
> and furthermore that the default value is "#PasswordText". However, looking at the code in UsernameTokenProcessor it doesn't appear that we support processing a Username Token with no password type defined...an exception will probably be thrown here:
> else if (!WSConstants.PASSWORD_TEXT.equals(pwType) && !handleCustomPasswordTypes) {
>     if (log.isDebugEnabled()) {
>         log.debug("Authentication failed as handleCustomUsernameTokenTypes is false");
>     }
>     throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
> }
> In any case, a test is needed for this.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

[jira] Updated: (WSS-152) Problem with processing Username Tokens with no password type

Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WSS-152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh updated WSS-152:
------------------------------------

    Fix Version/s: 1.5.5

> Problem with processing Username Tokens with no password type
> -------------------------------------------------------------
>
>                 Key: WSS-152
>                 URL: https://issues.apache.org/jira/browse/WSS-152
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.4
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.5.5
>
>
> The Username Token Profile 1.1 specifies that  a password type is optional:
> "/wsse:UsernameToken/wsse:Password/@Type
>         This optional URI attribute specifies the type of password being provided."
> and furthermore that the default value is "#PasswordText". However, looking at the code in UsernameTokenProcessor it doesn't appear that we support processing a Username Token with no password type defined...an exception will probably be thrown here:
> else if (!WSConstants.PASSWORD_TEXT.equals(pwType) && !handleCustomPasswordTypes) {
>     if (log.isDebugEnabled()) {
>         log.debug("Authentication failed as handleCustomUsernameTokenTypes is false");
>     }
>     throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
> }
> In any case, a test is needed for this.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

[jira] Resolved: (WSS-152) Problem with processing Username Tokens with no password type

Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WSS-152?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved WSS-152.
-------------------------------------

    Resolution: Fixed

> Problem with processing Username Tokens with no password type
> -------------------------------------------------------------
>
>                 Key: WSS-152
>                 URL: https://issues.apache.org/jira/browse/WSS-152
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.4
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.5.5
>
>
> The Username Token Profile 1.1 specifies that  a password type is optional:
> "/wsse:UsernameToken/wsse:Password/@Type
>         This optional URI attribute specifies the type of password being provided."
> and furthermore that the default value is "#PasswordText". However, looking at the code in UsernameTokenProcessor it doesn't appear that we support processing a Username Token with no password type defined...an exception will probably be thrown here:
> else if (!WSConstants.PASSWORD_TEXT.equals(pwType) && !handleCustomPasswordTypes) {
>     if (log.isDebugEnabled()) {
>         log.debug("Authentication failed as handleCustomUsernameTokenTypes is false");
>     }
>     throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
> }
> In any case, a test is needed for this.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org