[WSS-219] empty/blank password not supported in username token. value read by wss4j is null instead of empty string - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.5.8
Fix Version/s: 1.5.9, 1.6
Component/s: WSS4J Core
Labels:
None
Environment:
Windows/ Solaris

Description

for noraml user name token password mechanism
if client sets:
user name = "user1"
password="" // empty string

Then WSS4j processes it as null. instead it should process it as empty string of size 0 or throw exception as it does in case of username= null

password= " "// blank string with size>0
Then it works fine.

note: for password disgest empty password is replaced by default digest.

It seems that the password is default initialized to null and is not being reinitialized if string size 0.

Appropriate correction or exc4eption mechanism suggested

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Milan Tomic

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Dec/09 07:16

Updated:: 06/Apr/11 15:27

Resolved:: 15/Jun/10 14:30