Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-989

Setting up a Wss4jSecurityInterceptor as no security still requires WS-Security header

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 2.4.1
    • Component/s: None
    • Labels:
      None

      Description

      When trying to use Wss4jSecurityInterceptor from the wss4j2 package, validation is still performed when no security is set. This does not happen from the deprecated one in the wss4j package. We use this as a simple simulator and thus we turned security off. It looks like the real issue is that when calling WSSecurityUtil.decodeAction(), when NO_SECURITY is used, it returns an empty list instead of a list with 0 in it and thus:

      if (validationActionsVector.contains(WSConstants.NO_SECURITY)) 
      

      fails in validateMessage() since the list is really empty.

        Issue Links

          Activity

            People

            • Assignee:
              gregturn Greg Turnquist
              Reporter:
              jtorson Jeff Torson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: