Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-448

Wss4jSecurityInterceptor accept messages when <wsse:header> is empty

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.5.5
    • Fix Version/s: 1.5.6
    • Component/s: Security
    • Labels:
      None
    • Environment:
      UsernameToken profile
      X.509 Token Profile

      Description

      http://forum.springframework.org/showthread.php?t=63553

      The problem is when Wss4jSecurityInterceptor is used in the server side, to validate username token (or signature).

      Everything looks fine except when a <wsse:header> empty is sent. The Interceptor lets the messsage goes and don't
      throw any exceptions.

      As an attachment, I'm sending a maven project with JUnit tests to prove the case. The project is a very simple web service
      based on the tutorial sample. I just configure the wss4j interceptor for validate username token.

      The only test thats doesn't pass is the last 'testSendMessageWithEmptyWsseHeader'

      Sorry for my english... it isn't my native language.

        Attachments

        1. SWS-448.patch
          3 kB
          Tareq Abedrabbo

          Activity

            People

            • Assignee:
              tareq Tareq Abedrabbo
              Reporter:
              michelz Michel Zanini
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: