[SWS-515] Validate WSS headers using new checkReceiverResultsAnyOrder method in WSHandler. Created: 18/May/09  Updated: 04/May/12  Resolved: 18/Aug/09

Status: Closed
Project: Spring Web Services
Component/s: Security
Affects Version/s: 1.5.6
Fix Version/s: 1.5.8

Type: Improvement Priority: Major
Reporter: Paul Nyheim Assignee: Tareq Abedrabbo
Resolution: Fixed Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
depends on SWS-516 Upgrade wss4j to 1.5.8 Closed


Change the method used to validate WSS headers such that the order of the headers is unimportant. The current method used to validate WSS headers requires the headers be sent in a specific order; also the current method is counter-intuitive as it reverses the headers before checking them.

See https://issues.apache.org/jira/browse/WSS-147 for more info.
This issue created on basis of https://issues.apache.org/jira/browse/CXF-2186

Known usages in Spring-WS: org.springframework.ws.soap.security.wss4j.Wss4jHandler

Comment by Tareq Abedrabbo [ 18/May/09 ]

We need to upgrade to wss4j 1.5.8 to implement this.

Comment by Arjen Poutsma [ 18/May/09 ]

Unfortunately, 1.5.8 does not seem to be available on any maven repository (yet). I will postpone this issue to the next minor release.

Comment by Arjen Poutsma [ 04/May/12 ]

Closing old issues

Generated at Wed Oct 17 20:41:23 UTC 2018 using JIRA 7.9.2#79002-sha1:3bb15b68ecd99a30eb364c4c1a393359bcad6278.