ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <>
Subject [jira] [Created] (WSS-442) "Never" Token Inclustion is not handled correctly (for X.509 tokens)
Date Fri, 10 May 2013 13:57:15 GMT
Colm O hEigeartaigh created WSS-442:

             Summary: "Never" Token Inclustion is not handled correctly (for X.509 tokens)
                 Key: WSS-442
             Project: WSS4J
          Issue Type: Bug
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 2.0

If we are using a SymmetricBinding, we might have a ProtectionToken policy that is an X.509
Token with an Inclusion of "Never". WSS4J 2.0 does not appear to validate this use-case correctly:

if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
            setErrorMessage("Token must not be included");
            asserted = false;

The problem is that the Signature references an EncryptedKey, which in turn references an
X.509 Token. Even though the X.509 Token is not included as a BinarySecurityToken in the message,
it still creates an X509TokenSecurityEvent, which is then treated by the policy validation
code in the same way as if the token was included.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message