Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-610

WSSecurityUtil.decodeAction misbehaving when sending NoSecurity

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.2.0, 2.0.11, 2.1.11
    • Component/s: WSS4J Core
    • Labels:
      None

      Description

      The decode method from org.apache.wss4j.dom.util.WSSecurityUtil doesn't appear to do the right thing when sending NoSecurity.
      There seems to be an assumption that if someone will add NoSecurity it will always be in the first position.
      But if we're sending for instance "UsernameToken NoSecurity Signature" we're getting back [ 1 ].
      If we want NoSecurity to override all other actions, we should probably return []

                  if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
                      return actions;
      

      should probably be replaced with

                  if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
                      return Collections.emptyList();
      

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              apixandru Alexandru-Constantin Bledea
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: