[SWS-448] Wss4jSecurityInterceptor accept messages when <wsse:header> is empty Created: 16/Nov/08 Updated: 04/May/12 Resolved: 17/Nov/08
|Project:||Spring Web Services|
|Reporter:||Michel Zanini||Assignee:||Tareq Abedrabbo|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Attachments:||SWS-448.patch StudentWS.zip wss4j-test.zip|
The problem is when Wss4jSecurityInterceptor is used in the server side, to validate username token (or signature).
Everything looks fine except when a <wsse:header> empty is sent. The Interceptor lets the messsage goes and don't
As an attachment, I'm sending a maven project with JUnit tests to prove the case. The project is a very simple web service
The only test thats doesn't pass is the last 'testSendMessageWithEmptyWsseHeader'
Sorry for my english... it isn't my native language.
|Comment by Tareq Abedrabbo [ 16/Nov/08 ]|
Strangely enough, WSHandler.checkReceiverResults doesn't check for this.
|Comment by Peter Arockiaraj [ 06/May/09 ]|
Even I'm facing same problem. I am using sping-ws-secuirty-1.5.6.jar only for this. Can you please check and update me?
|Comment by Michel Zanini [ 06/May/09 ]|
Check if you're using wss4j 1.5.4+ ... this bug was originally from wss4j:
|Comment by Tareq Abedrabbo [ 06/May/09 ]|
The sample you attached uses 2 endpoint mappings and I'm not sure your security interceptor is attached to the right one. Could you clean up your sample and try again?
|Comment by Arjen Poutsma [ 04/May/12 ]|
Closing old issues