cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: WS-Security Username Token w/ Digest issue on CXF 2.4
Date Wed, 27 Apr 2011 09:08:39 GMT
Hi Alessio, Colm

Unfortunately I did not have a system test involving this interceptor
checking digest passwords (I have the one for a policy first case
though), so the regression was not spotted, thanks Colm for applying a
fix.

Alessio - as a workaround, while working with CXF 2.4.0, please override

AbstractUsernameTokenAuthenticatingInterceptor.getSecurityEngine(boolean),

and copy the code from the superclass but register another Validator
implementation, which
extends

AbstractUsernameTokenAuthenticatingInterceptor.CustomValidator

but overrides only its verifyDigestPassword method

that should it till CXF 2.4.1 is released.

One thing about using AbstractUsernameTokenAuthenticatingInterceptor
is that it won't work in policy-first cases.
Thus you might want to consider using another approach, extend
org.apache.cxf.interceptor.security.AbstractUsernameTokenInterceptor

which does not in turn extend WSS4JInInterceptor, please see

http://cxf.apache.org/docs/security.html#Security-WSSecurityUsernameTokenandCustomAuthentication

Thanks, Sergey


On Wed, Apr 27, 2011 at 9:46 AM, Colm O hEigeartaigh
<coheigea@apache.org> wrote:
> Already taken care of..
>
> https://issues.apache.org/jira/browse/CXF-3476
>
> Colm.
>
> On Wed, Apr 27, 2011 at 9:32 AM, Alessio Soldano <asoldano@redhat.com> wrote:
>> On 04/27/2011 10:30 AM, Colm O hEigeartaigh wrote:
>>>
>>> Hi Alessio,
>>>
>>>> Did I miss something here?
>>>
>>> No, it's a bug. It should be "isHashed" not "isDerivedKey".
>>>
>>> Colm.
>>
>> OK, I can open a jira and fix that, or you're already doing it?
>> Thanks
>> Alessio
>>
>> --
>> Alessio Soldano
>> Web Service Lead, JBoss
>>
>>
>

Mime
View raw message