Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4776

UsernameTokenValidator do not validate that password is not provided.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.5.8, 2.6.5, 2.7.2
    • 2.5.9, 2.6.6, 2.7.3
    • WS-* Components
    • None
    • Unknown

    Description

      This is an issue for both WS-Policy and WSS4JInInterceptor configuration.

      If I include an incorrect Password I get the expected authentication error. If I actually remove the password I get no authentication failure. The UsernameTokenValidator only checks that the username is provided.

      Attachments

        1. UsernamePasswordPolicy.xml
          1 kB
          Jason Pell

        Activity

          People

            pellcorp Jason Pell
            pellcorp Jason Pell
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: