Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-2640

UsernameToken does not correctly handle "Created" element from wsse:Security soap header

    XMLWordPrintable

Details

    Description

      UsernameToken does not correctly handle "Created" element from wsse:Security soap header.

      Oasis standard describes "Created" element in the following way:
      /wsse:UsernameToken/wsu:Created
      The optional <wsu:Created> element specifies a timestamp used to indicate the creation time. It is defined as part of the <wsu:Timestamp> definition.

      The solution - Constants.WSU_NS should be used instead of Constants.WSSE_NS. "Created" element is described in http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd

      In the code org.jboss.ws.extensions.security.element.UsernameToken

      "Created" element is recived via:
      Iterator<Element> itCreated = DOMUtils.getChildElements(element, new QName(Constants.WSSE_NS, "Created"));
      instead it should be:
      Iterator<Element> itCreated = DOMUtils.getChildElements(element, new QName(Constants.WSU_NS, "Created"));

      The same goes for line:
      child = doc.createElementNS(Constants.WSSE_NS, Constants.WSSE_PREFIX + ":" + "Created");
      should be:
      child = doc.createElementNS(Constants.WSU_NS, Constants.WSU_PREFIX + ":" + "Created");

      Attachments

        Issue Links

          is incorporated by

          Task - Represents a small unit of work that is not end-user facing. JBPAPP-4525 JBossWS - Created element within UsernameToken uses wsse namespace instead of wsu namespace

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBPAPP-6186 JBossWS does not decode Nonce

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBWS-3014 JBossWS does not decode Nonce

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mrted_jira MrTed MrTed (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: