Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-989

Setting up a Wss4jSecurityInterceptor as no security still requires WS-Security header


    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 2.4.1
    • Component/s: None
    • Labels:


      When trying to use Wss4jSecurityInterceptor from the wss4j2 package, validation is still performed when no security is set. This does not happen from the deprecated one in the wss4j package. We use this as a simple simulator and thus we turned security off. It looks like the real issue is that when calling WSSecurityUtil.decodeAction(), when NO_SECURITY is used, it returns an empty list instead of a list with 0 in it and thus:

      if (validationActionsVector.contains(WSConstants.NO_SECURITY)) 

      fails in validateMessage() since the list is really empty.

        Issue Links


          jtorson Jeff Torson created issue -
          gregturn Greg Turnquist made changes -
          Field Original Value New Value
          Status Open [ 1 ] Resolved [ 5 ]
          Fix Version/s 2.4.1 [ 15717 ]
          Assignee Greg Turnquist [ gregturn ]
          Resolution Complete [ 8 ]
          gregturn Greg Turnquist made changes -
          gregturn Greg Turnquist made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          gregturn Greg Turnquist made changes -
          Link This issue relates to SWS-1008 [ SWS-1008 ]
          gregturn Greg Turnquist made changes -
          Link This issue supersedes SWS-961 [ SWS-961 ]


            • Assignee:
              gregturn Greg Turnquist
              jtorson Jeff Torson
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: