Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-989

Setting up a Wss4jSecurityInterceptor as no security still requires WS-Security header

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 2.4.1
    • Component/s: None
    • Labels:
      None

      Description

      When trying to use Wss4jSecurityInterceptor from the wss4j2 package, validation is still performed when no security is set. This does not happen from the deprecated one in the wss4j package. We use this as a simple simulator and thus we turned security off. It looks like the real issue is that when calling WSSecurityUtil.decodeAction(), when NO_SECURITY is used, it returns an empty list instead of a list with 0 in it and thus:

      if (validationActionsVector.contains(WSConstants.NO_SECURITY)) 
      

      fails in validateMessage() since the list is really empty.

        Issue Links

          Activity

          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Resolved Resolved
          40d 23h 51m 1 Greg Turnquist 10/Jul/17 6:40 PM
          Resolved Resolved Closed Closed
          54s 1 Greg Turnquist 10/Jul/17 6:41 PM

            People

            • Assignee:
              gregturn Greg Turnquist
              Reporter:
              jtorson Jeff Torson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: