Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-148

WCF interop issue: Namespace not honored incase of attributes.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: WSS4J Handlers
    • Labels:
      None
    • Environment:
      Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5

      Description

      WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is in the following format:

      • <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      • <s:Header>
      • <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      • <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
        <o:Username>aditya</o:Username>
        <o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password>
        </o:UsernameToken>
        </o:Security>
        </s:Header>
      • <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      • <getProductDetail xmlns="http://catalog.example/">
        <productId xmlns="">SW123</productId>
        </getProductDetail>
        </s:Body>
        </s:Envelope>

      But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:

      public UsernameToken(Element elem) throws WSSecurityException {
      ...
      if (elementPassword != null)

      { passwordType = elementPassword.getAttribute("Type"); }

      As it tries to find "Type" attribute but in SOAP header it is "o:Type".
      getAttributeNS should be used instead.

        Activity

        Hide
        asawhney Aditya Sawhney added a comment -

        Sure.

        -Adi

        Show
        asawhney Aditya Sawhney added a comment - Sure. -Adi
        Hide
        coheig Colm O hEigeartaigh added a comment -

        Can this issue be closed?

        Colm.

        Show
        coheig Colm O hEigeartaigh added a comment - Can this issue be closed? Colm.
        Hide
        werner.dittmann@nsn.com Dittmann, Werner added a comment -

        According to the WSS specification

        "Web Services Security, UsernameToken Profile 1.1,
        OASIS Standard Specification, 1 February 2006 "

        the Type attribute is not namespace-qualified attribute.
        Refer to page 8 of the mentioned spec. Thus I would assume the
        problem is in WCF. Please confirm.

        Regards,
        Werner

        Show
        werner.dittmann@nsn.com Dittmann, Werner added a comment - According to the WSS specification "Web Services Security, UsernameToken Profile 1.1, OASIS Standard Specification, 1 February 2006 " the Type attribute is not namespace-qualified attribute. Refer to page 8 of the mentioned spec. Thus I would assume the problem is in WCF. Please confirm. Regards, Werner

          People

          • Assignee:
            ruchith Ruchith Udayanga Fernando
            Reporter:
            asawhney Aditya Sawhney
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development