[WSS-610] WSSecurityUtil.decodeAction misbehaving when sending NoSecurity - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.2.0, 2.0.11, 2.1.11
Component/s: WSS4J Core
Labels:
None

Description

The decode method from org.apache.wss4j.dom.util.WSSecurityUtil doesn't appear to do the right thing when sending NoSecurity.
There seems to be an assumption that if someone will add NoSecurity it will always be in the first position.
But if we're sending for instance "UsernameToken NoSecurity Signature" we're getting back [ 1 ].
If we want NoSecurity to override all other actions, we should probably return []

            if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
                return actions;

should probably be replaced with

            if (single[i].equals(WSHandlerConstants.NO_SECURITY)) {
                return Collections.emptyList();

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Alexandru-Constantin Bledea

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Jul/17 15:39

Updated:: 01/Sep/17 15:04

Resolved:: 10/Jul/17 09:10