Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-448

Wss4jSecurityInterceptor accept messages when <wsse:header> is empty

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.5.5
    • Fix Version/s: 1.5.6
    • Component/s: Security
    • Labels:
      None
    • Environment:
      UsernameToken profile
      X.509 Token Profile

      Description

      http://forum.springframework.org/showthread.php?t=63553

      The problem is when Wss4jSecurityInterceptor is used in the server side, to validate username token (or signature).

      Everything looks fine except when a <wsse:header> empty is sent. The Interceptor lets the messsage goes and don't
      throw any exceptions.

      As an attachment, I'm sending a maven project with JUnit tests to prove the case. The project is a very simple web service
      based on the tutorial sample. I just configure the wss4j interceptor for validate username token.

      The only test thats doesn't pass is the last 'testSendMessageWithEmptyWsseHeader'

      Sorry for my english... it isn't my native language.

      1. SWS-448.patch
        3 kB
        Tareq Abedrabbo

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            tareq Tareq Abedrabbo
            Reporter:
            michelz Michel Zanini
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: