Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-515

Validate WSS headers using new checkReceiverResultsAnyOrder method in WSHandler.

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.6
    • Fix Version/s: 1.5.8
    • Component/s: Security
    • Labels:
      None

      Description

      Change the method used to validate WSS headers such that the order of the headers is unimportant. The current method used to validate WSS headers requires the headers be sent in a specific order; also the current method is counter-intuitive as it reverses the headers before checking them.

      See https://issues.apache.org/jira/browse/WSS-147 for more info.
      This issue created on basis of https://issues.apache.org/jira/browse/CXF-2186

      Known usages in Spring-WS: org.springframework.ws.soap.security.wss4j.Wss4jHandler

        Issue Links

          Activity

          hurragutt Paul Nyheim created issue -
          arjen.poutsma Arjen Poutsma made changes -
          Field Original Value New Value
          Fix Version/s 1.5.7 [ 11173 ]
          Hide
          tareq Tareq Abedrabbo added a comment -

          We need to upgrade to wss4j 1.5.8 to implement this.

          Show
          tareq Tareq Abedrabbo added a comment - We need to upgrade to wss4j 1.5.8 to implement this.
          Hide
          arjen.poutsma Arjen Poutsma added a comment -

          Unfortunately, 1.5.8 does not seem to be available on any maven repository (yet). I will postpone this issue to the next minor release.

          Show
          arjen.poutsma Arjen Poutsma added a comment - Unfortunately, 1.5.8 does not seem to be available on any maven repository (yet). I will postpone this issue to the next minor release.
          arjen.poutsma Arjen Poutsma made changes -
          Fix Version/s 1.5.7 [ 11173 ]
          Fix Version/s 1.5.8 [ 11236 ]
          tareq Tareq Abedrabbo made changes -
          Assignee Arjen Poutsma [ arjen.poutsma ] Tareq Abed Rabbo [ tareq ]
          tareq Tareq Abedrabbo made changes -
          Link This issue depends on SWS-516 [ SWS-516 ]
          tareq Tareq Abedrabbo made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          tareq Tareq Abedrabbo made changes -
          Status In Progress [ 3 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          arjen.poutsma Arjen Poutsma added a comment -

          Closing old issues

          Show
          arjen.poutsma Arjen Poutsma added a comment - Closing old issues
          arjen.poutsma Arjen Poutsma made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open In Progress In Progress
          80d 12h 41m 1 Tareq Abedrabbo 06/Aug/09 9:40 PM
          In Progress In Progress Resolved Resolved
          11d 5h 27m 1 Tareq Abedrabbo 18/Aug/09 3:08 AM
          Resolved Resolved Closed Closed
          990d 3h 54m 1 Arjen Poutsma 04/May/12 7:03 AM

            People

            • Assignee:
              tareq Tareq Abedrabbo
              Reporter:
              hurragutt Paul Nyheim
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: