Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-219

empty/blank password not supported in username token. value read by wss4j is null instead of empty string

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.5.8
    • Fix Version/s: 1.5.9, 1.6
    • Component/s: WSS4J Core
    • Labels:
      None
    • Environment:
      Windows/ Solaris

      Description

      for noraml user name token password mechanism
      if client sets:
      user name = "user1"
      password="" // empty string

      Then WSS4j processes it as null. instead it should process it as empty string of size 0 or throw exception as it does in case of username= null

      password= " "// blank string with size>0
      Then it works fine.

      note: for password disgest empty password is replaced by default digest.

      It seems that the password is default initialized to null and is not being reinitialized if string size 0.

      Appropriate correction or exc4eption mechanism suggested

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              milan Milan Tomic
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: