Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-6186

JBossWS does not decode Nonce

    XMLWordPrintable

Details

    • Hide

      Create a client that sends a Base64 encoded Nonce

      Show
      Create a client that sends a Base64 encoded Nonce
    • Release Notes
    • Low
    • Hide
      The password digest of the UsernameToken profile used in JBoss Web Services did not follow the Oasis specification as the digest used the base64 encoded nonce. As a result, the process was incompatible with other web service implementations that support UsernameToken profile. The password digest has been corrected to use the binary value of the nonce and JBoss Web Services works with other implementations in the UsernameToken profile as expected.
      Show
      The password digest of the UsernameToken profile used in JBoss Web Services did not follow the Oasis specification as the digest used the base64 encoded nonce. As a result, the process was incompatible with other web service implementations that support UsernameToken profile. The password digest has been corrected to use the binary value of the nonce and JBoss Web Services works with other implementations in the UsernameToken profile as expected.
    • Documented as Resolved Issue

    Description

      I am filing this bug after discussing http://community.jboss.org/message/540669

      Nonce is not decoded when encoding type is Base64.

      UsernameToken has this piece of code:
      String encodingType = elem.getAttribute("EncodingType");
      if (encodingType != null && encodingType.length() > 0 && !Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
      throw new WSSecurityException("Unsupported nonce encoding type: " + encodingType);

      encodingType is not used anywhere else.

      In UsernameTokenCallback.java there is the need to decode nonce, so, something like:

      String nonce = (String)info.getInfo(NONCE);
      if (nonce != null) {
      try

      { digest.update(new BASE64Decoder().decodeBuffer(nonce)); }

      catch (IOException e)

      { // ignore exceptions }

      }

      need to be added to UsernameTokenCallback.java

      Attachments

        Issue Links

          blocks

          Task - Represents a small unit of work that is not end-user facing. JBPAPP-6268 Release and upgrade JBossWS Native for EAP 5.1.2

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          incorporates

          Bug - A problem that impairs or prevents the functions of the product. JBWS-3014 JBossWS does not decode Nonce

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBWS-3014 JBossWS does not decode Nonce

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBWS-2640 UsernameToken does not correctly handle "Created" element from wsse:Security soap header

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-bmaxwell Brad Maxwell
              rhn-support-bmaxwell Brad Maxwell
              Eva Kopalova Eva Kopalova (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: