Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-3386

Usernametoken support requires optional elements

    XMLWordPrintable

Details

    Description

      Usernametoken support is currently broken as it requires a username and password to be present in the wss security header. According to the WSS specifications (both 1.0 and 1.1*) these are optional elements in wsse:UsernameToken. If either one of these elements are missing, then JBossWS incorrectly throws a WSSecurityException.

      See http://anonsvn.jboss.org/repos/jbossws/stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/element/UsernameToken.java lines 78 and 84 for where it should not be throwing this error.

      *
      1.1 spec http://www.oasis-open.org/committees/download.php/16782/wss-v1.1-spec-os-UsernameTokenProfile.pdf
      1.0 spec http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf

      Attachments

        Activity

          People

            rhn-support-asoldano Alessio Soldano
            mwringe Matt Wringe
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: