[WSS-147] WCF interop issue: Security header ordering constraint - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.6
Fix Version/s: 1.5.8, 1.6
Component/s: WSS4J Handlers
Labels:
None
Environment:
Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5

Description

I have WCF Client which uses WS-Security UsernameToken profile. WCF also automatically adds a TimeStamp header which comes before the UsernameToken header in the Security header.
If I try to call a CXF web service using CXF exposed from a Java container then "Security header cannot be authorized" exception is thrown.

The reason is that WSHandler::checkReceiverResults returns false. WSS4J excepts the security header contents to be in a particular oder in which Timestamp should come after UsernameToken but in this case it is the opposite and the validation fails. The WS-Security spec doesnt specify this ordering constraint and seems to have been self-imposed by WSS4J which is incorrect and needs to be fixed for the interop to work as desired.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Aditya Sawhney

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Oct/08 23:56

Updated:: 22/Apr/09 14:27

Resolved:: 21/Apr/09 13:51