ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Werner Dittmann (JIRA)" <j...@apache.org>
Subject [jira] Commented: (WSS-25) UsernameToken password is not checked
Date Thu, 17 Nov 2005 07:14:42 GMT
    [ http://issues.apache.org/jira/browse/WSS-25?page=comments#action_12357854 ] 

Werner Dittmann commented on WSS-25:
------------------------------------

Which password type do you use? If you use the digest password type
then the digest will be computed and checked. Other passwords are
not checked by the usernametoken handler but could be checked by
the password callback itself. This is because only the handling of digested
passwords is specified and thus can be processed within the handler.

Regards,
Werner


> UsernameToken password is not checked
> -------------------------------------
>
>          Key: WSS-25
>          URL: http://issues.apache.org/jira/browse/WSS-25
>      Project: WSS4J
>         Type: Bug
>  Environment: Windows 2000, JDK 1.5.0_05-b05
>     Reporter: Kevin Fung
>     Assignee: Davanum Srinivas

>
> In the handleUsernameToken method in WSSecurityEngine class, the password returned by
the password handler is not compared against the password/digest from the UsernameToken. The
result is that any password will be accepted.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message