[CXF-4776] UsernameTokenValidator do not validate that password is not provided. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.8, 2.6.5, 2.7.2
Fix Version/s: 2.5.9, 2.6.6, 2.7.3
Component/s: WS-* Components
Labels:
None

Estimated Complexity:
Unknown

Description

This is an issue for both WS-Policy and WSS4JInInterceptor configuration.

If I include an incorrect Password I get the expected authentication error. If I actually remove the password I get no authentication failure. The UsernameTokenValidator only checks that the username is provided.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

UsernamePasswordPolicy.xml
24/Jan/13 01:44
1 kB
Jason Pell

Activity

People

Assignee:: Jason Pell

Reporter:: Jason Pell

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Jan/13 01:43

Updated:: 28/Feb/13 17:27

Resolved:: 25/Jan/13 10:53