Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-448

Wss4jSecurityInterceptor accept messages when <wsse:header> is empty

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.5.5
    • Fix Version/s: 1.5.6
    • Component/s: Security
    • Labels:
      None
    • Environment:
      UsernameToken profile
      X.509 Token Profile

      Description

      http://forum.springframework.org/showthread.php?t=63553

      The problem is when Wss4jSecurityInterceptor is used in the server side, to validate username token (or signature).

      Everything looks fine except when a <wsse:header> empty is sent. The Interceptor lets the messsage goes and don't
      throw any exceptions.

      As an attachment, I'm sending a maven project with JUnit tests to prove the case. The project is a very simple web service
      based on the tutorial sample. I just configure the wss4j interceptor for validate username token.

      The only test thats doesn't pass is the last 'testSendMessageWithEmptyWsseHeader'

      Sorry for my english... it isn't my native language.

      1. SWS-448.patch
        3 kB
        Tareq Abedrabbo

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        1d 18h 2m 1 Arjen Poutsma 17/Nov/08 8:02 PM
        Resolved Resolved Closed Closed
        1263d 11h 1 Arjen Poutsma 04/May/12 7:03 AM

          People

          • Assignee:
            tareq Tareq Abedrabbo
            Reporter:
            michelz Michel Zanini
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: