ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wladislaw Mitzel (JIRA)" <>
Subject [jira] [Created] (WSS-551) Property passwordEncryptorInstance is not honored
Date Sat, 22 Aug 2015 01:22:46 GMT
Wladislaw Mitzel created WSS-551:

             Summary: Property passwordEncryptorInstance is not honored
                 Key: WSS-551
             Project: WSS4J
          Issue Type: Bug
    Affects Versions: 2.0.5
            Reporter: Wladislaw Mitzel
            Assignee: Colm O hEigeartaigh

The configuration documentation says
|| Tag name || Tag value || Tag meaning ||
| *WSS4J 2.0.0* PASSWORD_ENCRYPTOR_INSTANCE | passwordEncryptorInstance |	A PasswordEncryptor
instance used to decrypt encrypted passwords in Crypto properties files. The default is the
JasyptPasswordEncryptor. |

When configuring a {{passwordEncryptorInstance}} for {{WSS4JOutInterceptor}} (line 20) the
property is not honored. 
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""
  xmlns:xsi="" xmlns:jaxws=""

  <jaxws:endpoint id="hello" address="/hello"
      <bean id="TimestampSignEncrypt_Response"
            <entry key="action" value="Timestamp Signature" />
            <entry key="user" value="servicekey" />
            <entry key="signaturePropFile" value="" />
            <entry key="encryptionPropFile" value="" />
            <entry key="encryptionUser" value="useReqSigCert" />
            <entry key="passwordCallbackClass" value="de.wlami.wss4jexample.PasswordCallback"
            <entry key="passwordEncryptorInstance" value-ref="customPasswordEncrypter"

  <bean id="customPasswordEncrypter" class="de.wlami.wss4jexample.CustomPasswordEncrypter"></bean>


The only code which seems to use the documented property is located in {{org.apache.wss4j.stax.ConfigurationConverter.parseCrypto(Map<String,
Object>, WSSSecurityProperties)}}. However this method is only called from test classes
as far as i could see. Using the given configuration the default {{JasyptPasswordEncryptor}}
is created instead of the configured class. 

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message