axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathan Clement (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (RAMPART-400) PolicyBasedResultsValidator incorrectly rejects hashed passwords
Date Tue, 05 Mar 2013 05:59:13 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nathan Clement updated RAMPART-400:
-----------------------------------

    Attachment: hashed_password.patch
    
> PolicyBasedResultsValidator incorrectly rejects hashed passwords
> ----------------------------------------------------------------
>
>                 Key: RAMPART-400
>                 URL: https://issues.apache.org/jira/browse/RAMPART-400
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.6.2
>            Reporter: Nathan Clement
>         Attachments: hashed_password.patch
>
>
> As per the mailing list, when a PasswordDigest is used, wssUt.getPassword() returns the
hashed password value, and an this exception is thrown, even though the request is valid according
to the policy.  The if statement on line 333 of PolicyBasedResultsValidator should be:
> {code}
> } else if (!ut.isHashPassword() && (wssUt.getPassword() == null ||
>           !wssUt.getPasswordType().equals(WSConstants.PASSWORD_TEXT))) {
>     throw new RampartException("invalidUsernameTokenType");
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message