ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (WSS-610) WSSecurityUtil.decodeAction misbehaving when sending NoSecurity
Date Mon, 10 Jul 2017 09:11:03 GMT

     [ https://issues.apache.org/jira/browse/WSS-610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh resolved WSS-610.
-------------------------------------
    Resolution: Fixed

> WSSecurityUtil.decodeAction misbehaving when sending NoSecurity
> ---------------------------------------------------------------
>
>                 Key: WSS-610
>                 URL: https://issues.apache.org/jira/browse/WSS-610
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>            Reporter: Alexandru-Constantin Bledea
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.2.0, 2.0.11, 2.1.11
>
>
> The decode method from org.apache.wss4j.dom.util.WSSecurityUtil doesn't appear to do
the right thing when sending NoSecurity.
> There seems to be an assumption that if someone will add NoSecurity it will always be
in the first position.
> But if we're sending for instance "UsernameToken NoSecurity Signature" we're getting
back [ 1 ]. 
> If we want NoSecurity to override all other actions, we should probably return []
> {code:java}
>             if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
>                 return actions;
> {code}
> should probably be replaced with
> {code:java}
>             if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
>                 return Collections.emptyList();
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message