Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-6186

JBossWS does not decode Nonce

XMLWordPrintable

    • Hide

      Create a client that sends a Base64 encoded Nonce

      Show
      Create a client that sends a Base64 encoded Nonce
    • Release Notes
    • Low
    • Hide
      The password digest of the UsernameToken profile used in JBoss Web Services did not follow the Oasis specification as the digest used the base64 encoded nonce. As a result, the process was incompatible with other web service implementations that support UsernameToken profile. The password digest has been corrected to use the binary value of the nonce and JBoss Web Services works with other implementations in the UsernameToken profile as expected.
      Show
      The password digest of the UsernameToken profile used in JBoss Web Services did not follow the Oasis specification as the digest used the base64 encoded nonce. As a result, the process was incompatible with other web service implementations that support UsernameToken profile. The password digest has been corrected to use the binary value of the nonce and JBoss Web Services works with other implementations in the UsernameToken profile as expected.
    • Documented as Resolved Issue

      I am filing this bug after discussing http://community.jboss.org/message/540669

      Nonce is not decoded when encoding type is Base64.

      UsernameToken has this piece of code:
      String encodingType = elem.getAttribute("EncodingType");
      if (encodingType != null && encodingType.length() > 0 && !Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
      throw new WSSecurityException("Unsupported nonce encoding type: " + encodingType);

      encodingType is not used anywhere else.

      In UsernameTokenCallback.java there is the need to decode nonce, so, something like:

      String nonce = (String)info.getInfo(NONCE);
      if (nonce != null) {
      try

      { digest.update(new BASE64Decoder().decodeBuffer(nonce)); }

      catch (IOException e)

      { // ignore exceptions }

      }

      need to be added to UsernameTokenCallback.java

        1. UsernameTokenCallback.java
          4 kB

              rhn-support-bmaxwell Brad Maxwell
              rhn-support-bmaxwell Brad Maxwell
              Eva Kopalova Eva Kopalova (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: