cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] Created: (CXF-2487) SecureConversationTokenFinderInterceptor stores the wrong token identifier
Date Wed, 21 Oct 2009 15:13:02 GMT
SecureConversationTokenFinderInterceptor stores the wrong token identifier

                 Key: CXF-2487
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.2.4
            Reporter: Colm O hEigeartaigh
             Fix For: 2.2.5, 2.3
         Attachments: cxf-2487.patch

The SecureConversationTokenFinderInterceptor in CXF has this line: 

message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getID());

but it also stores the token like so:  

SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);

Then in AbstractBindingBuilder.getSecurityToken() it tries to find the token in the token
store using SecurityConstants.TOKEN_ID, and an error of "No signature token id" is thrown.
The SecureConversationTokenFinderInterceptor should store the Identifier of the SCT instead
(getIdentifier, not getIDI()).

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message