Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-385

UsernameToken handles long strings badly

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.6.4
    • 1.6.6
    • None
    • None

    Description

      While using WSS4J with CXF webservices I've found an issue with large strings in usernametoken fields. When username or password is very long (3500 chars and more) their content is trimmed - and don't even ask how I've found it

      The problem is in class org.apache.ws.security.message.token.UsernameToken. There is a method "private String nodeString(Element e)" that takes an Element of token and returns its text representation.

      When token property is very long XML parser emits more than one text node, but method gets text only from the first node - this is totally bad.

      Possible solution is to replace this method with something like

      private String nodeString(Element e) {
      if (e != null)

      { return e.getTextContent() }


      return null;
      }

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            k.salikhov Konstantin V. Salikhov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: