Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-961

WSS4J2 Wss4jSecurityInterceptor -> validation configuration errors


    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 2.3.0
    • Fix Version/s: 2.4.1, 3.0.0.RELEASE
    • Component/s: Security
    • Labels:


      In our use case, we don't use any validation, just securement. This used to work in previous Spring WS versions that depend on WSS4J 1.x, without setting the validationActions property. However when upgrading to Spring WS 2.3.0 and WSS4J 2.x our XML configuration fails because of the following two issues:

      a) NullPointerException in validateMessage() because validationActionsVector is not initialized. This field is only initialized if setValidationActions() is invoked, which should not be necessary if validation is not required. NoSecurity should be configured by default.

      b) After configuring validationActions="NoSecurity" our configuration still caused failures (Wss4jSecurityValidationException("No WS-Security header found")), as validation was being attempted anyway. This is due to validationActionsVector being initialized as an empty list by WSSecurityUtil.decodeAction("NoSecurity"). Thus the validationActionsVector.contains(WSConstants.NO_SECURITY) check in validateMessage() fails. An empty vector should be interpreted as no validation required, even if validateRequest or validateResponse are true (which are the defaults)

      We resolved this by setting the following properties, which should not be required for our use case:

        Issue Links


          mads1980 Manuel Dominguez Sarmiento created issue -
          gregturn Greg Turnquist made changes -
          Field Original Value New Value
          Link This issue is superseded by SWS-989 [ SWS-989 ]
          gregturn Greg Turnquist made changes -
          Fix Version/s 3.0.0.RELEASE [ 16498 ]
          Fix Version/s 2.4.1 [ 15717 ]
          Assignee Greg Turnquist [ gregturn ]
          gregturn Greg Turnquist made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Complete [ 8 ]
          gregturn Greg Turnquist made changes -
          Status Resolved [ 5 ] Closed [ 6 ]


            • Assignee:
              gregturn Greg Turnquist
              mads1980 Manuel Dominguez Sarmiento
            • Votes:
              3 Vote for this issue
              9 Start watching this issue


              • Created: