Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-581

expose ability to set Wss4j option ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES via Wss4jSecurityInterceptor


    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.8
    • Fix Version/s: 1.5.9
    • Component/s: Security
    • Labels:


      Wss4j 1.5.8 includes a new WSHandlerConstant named ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES.
      By default, the value for this option is false.

      When migrating my web services application from spring-ws 1.5.7 to 1.5.8 (which includes wss4j 1.5.8), the WS-Security header sent by Microsoft clients do not validate.
      Specifically, when execution reaches line 173 of org.apache.ws.security.message.token.UsernameToken, the field allowNamespaceQualifiedPasswordTypes is false, and as a result the "WSSecurityException(WSSecurityException.INVALID_SECURITY_TOKEN,"badTokenType01",new Object[]


      " is thrown.

      wss4j 1.5.7 for reference looks pretty different within the same UsernameToken constructor; it simply sets passwordType to whatever "elementPassword.getAttribute(WSConstants.PASSWORD_TYPE_ATTR)" returns.

      It appears ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES was developed in response to the format of the Microsoft clients.

      I'm wondering if we can expose a way in Wss4jSecurityInterceptor to set toggle this option.


        nblair Nicholas Blair created issue -
        tareq Tareq Abedrabbo made changes -
        Field Original Value New Value
        Fix Version/s 1.5.9 [ 11296 ]
        Assignee Arjen Poutsma [ arjen.poutsma ] Tareq Abedrabbo [ tareq ]
        tareq Tareq Abedrabbo made changes -
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Resolved [ 5 ]
        arjen.poutsma Arjen Poutsma made changes -
        Status Resolved [ 5 ] Closed [ 6 ]


          • Assignee:
            tareq Tareq Abedrabbo
            nblair Nicholas Blair
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: