Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-448

Wss4jSecurityInterceptor accept messages when <wsse:header> is empty


    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.5.5
    • Fix Version/s: 1.5.6
    • Component/s: Security
    • Labels:
    • Environment:
      UsernameToken profile
      X.509 Token Profile



      The problem is when Wss4jSecurityInterceptor is used in the server side, to validate username token (or signature).

      Everything looks fine except when a <wsse:header> empty is sent. The Interceptor lets the messsage goes and don't
      throw any exceptions.

      As an attachment, I'm sending a maven project with JUnit tests to prove the case. The project is a very simple web service
      based on the tutorial sample. I just configure the wss4j interceptor for validate username token.

      The only test thats doesn't pass is the last 'testSendMessageWithEmptyWsseHeader'

      Sorry for my english... it isn't my native language.

      1. SWS-448.patch
        3 kB
        Tareq Abedrabbo


        michelz Michel Zanini created issue -
        tareq Tareq Abedrabbo made changes -
        Field Original Value New Value
        Assignee Arjen Poutsma [ arjen.poutsma ] Tareq Abed Rabbo [ tareq ]
        tareq Tareq Abedrabbo made changes -
        Attachment SWS-448.patch [ 14872 ]
        arjen.poutsma Arjen Poutsma made changes -
        Fix Version/s 1.5.6 [ 11141 ]
        arjen.poutsma Arjen Poutsma made changes -
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Resolved [ 5 ]
        peterarockiaraj Peter Arockiaraj made changes -
        Attachment StudentWS.zip [ 15366 ]
        arjen.poutsma Arjen Poutsma made changes -
        Status Resolved [ 5 ] Closed [ 6 ]


          • Assignee:
            tareq Tareq Abedrabbo
            michelz Michel Zanini
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: