Return-Path: Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: (qmail 55098 invoked from network); 6 Nov 2009 15:56:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 6 Nov 2009 15:56:55 -0000 Received: (qmail 95133 invoked by uid 500); 6 Nov 2009 15:56:55 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 95110 invoked by uid 500); 6 Nov 2009 15:56:55 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 95100 invoked by uid 99); 6 Nov 2009 15:56:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Nov 2009 15:56:55 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Nov 2009 15:56:53 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 7B91A234C1E9 for ; Fri, 6 Nov 2009 07:56:32 -0800 (PST) Message-ID: <502988030.1257522992504.JavaMail.jira@brutus> Date: Fri, 6 Nov 2009 15:56:32 +0000 (UTC) From: "Colm O hEigeartaigh (JIRA)" To: issues@cxf.apache.org Subject: [jira] Updated: (CXF-2525) Bug in TokenStoreCallbackHandler In-Reply-To: <374786149.1257522392391.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/CXF-2525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CXF-2525: ------------------------------------- Attachment: cxf-2525.patch A patch against 2.2.x-fixes. > Bug in TokenStoreCallbackHandler > -------------------------------- > > Key: CXF-2525 > URL: https://issues.apache.org/jira/browse/CXF-2525 > Project: CXF > Issue Type: Bug > Components: WS-* Components > Affects Versions: 2.1.7, 2.2.4 > Reporter: Colm O hEigeartaigh > Priority: Minor > Fix For: 2.1.8, 2.2.5, 2.3 > > Attachments: cxf-2525.patch > > > There's a bug in WSS4JInInterceptor.TokenStoreCallbackHandler which manifests itself in Secure Conversation under certain circumstances. > When CXF issues a SecurityContextToken it includes a wst:RequestedAttachedReference, however other stacks only return a SecurityContextToken. When trying to retrieve the SecurityContextToken in SecurityTokenReference in WSS4J it calls the TokenStoreCallbackHandler, which sets: > pc.setCustomToken(tok.getAttachedReference()); > If there is no attached reference as in this scenario, the custom token is set to null and ends up causing an error in WSS4J. The correct fix is to call: > pc.setCustomToken(tok.getToken()); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.