[WSS-659] SecurityContextToken validator set by wrong QName - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.4
Fix Version/s: 2.1.13, 2.3.0, 2.2.5
Component/s: WSS4J Axis Integration
Labels:
None

Description

SecurityContextToken validator is set in apache cxf using properties:
properties.put(SCT_TOKEN_VALIDATOR, "someValidator");

But it can't be used because SecurityContextTokeinInputHandler looks it up via other QName. wss4j sets it as

{http://schemas.xmlsoap.org/ws/2005/02/sc}Identifier

and CXF sets it as

{http://schemas.xmlsoap.org/ws/2005/02/sc}SecurityContextToken

org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor#setTokenValidators

if (validator != null) { 
   properties.addValidator(WSSConstants.TAG_WSC0502_SCT, validator); 
   properties.addValidator(WSSConstants.TAG_WSC0512_SCT, validator); 
}

WSS4J Part: SecurityContextTokenInputHandler.java:72 
SecurityContextTokenValidator securityContextTokenValidator = wssSecurityProperties.getValidator(elementName); 
if (securityContextTokenValidator == null) {
  securityContextTokenValidator = new SecurityContextTokenValidatorImpl();        
}

I am still not sure where this problem should be fixed - on CXF or on wss4j side?

Attachments

Issue Links

links to

GitHub Pull Request #2

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Igor Konoplyanko

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Nov/19 15:27

Updated:: 18/Mar/20 07:17

Resolved:: 09/Jan/20 12:54

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m