cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Willem Salembier (JIRA)" <>
Subject [jira] [Created] (CXF-6432) Remove default empty password in SamlTokenInterceptor
Date Tue, 02 Jun 2015 12:37:17 GMT
Willem Salembier created CXF-6432:

             Summary: Remove default empty password in SamlTokenInterceptor 
                 Key: CXF-6432
             Project: CXF
          Issue Type: Improvement
          Components: WS-* Components
    Affects Versions: 2.7.16
            Reporter: Willem Salembier
             Fix For: 2.7.17

Our WS client needs to generate self-signed SAML assertions. Similar to the generation of
X.509 message signatures, we like to centralize all key data in the file
and don't provide private key passwords using the message context or callback handlers. (In
absence of a password the Merlin Crypto implementation takes the default property
as key password)

This is not possible in the 2.7.x branch because the SamlTokenInterceptor puts a default empty
string password,if no password was set on the message context or inside the callbackhandler.

if (password == null) {
   password = "";

I don't really understand the intention. Could this be removed cfr the cleanup in CXF 3.0?

This message was sent by Atlassian JIRA

View raw message