Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
-
Windows XP, Java 1.5, CXF 2.1.2, .Net 3.5
Description
WSS4J cannot authenticate the WS-Security profile consisting of UsernameToken. The SOAP header created by WCF is in the following format:
- <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
- <s:Header>
- <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
- <o:UsernameToken u:Id="uuid-6fed7aff-51a9-4403-97fc-ad7631d94b47-1">
<o:Username>aditya</o:Username>
<o:Password o:Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">aditya</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header> - <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- <getProductDetail xmlns="http://catalog.example/">
<productId xmlns="">SW123</productId>
</getProductDetail>
</s:Body>
</s:Envelope>
But, WSS4J is unable to validate it because it fails to determine the "passwordType" in UsernameToken constructor:
public UsernameToken(Element elem) throws WSSecurityException {
...
if (elementPassword != null)
As it tries to find "Type" attribute but in SOAP header it is "o:Type".
getAttributeNS should be used instead.