Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-2640

UsernameToken does not correctly handle "Created" element from wsse:Security soap header

XMLWordPrintable

      UsernameToken does not correctly handle "Created" element from wsse:Security soap header.

      Oasis standard describes "Created" element in the following way:
      /wsse:UsernameToken/wsu:Created
      The optional <wsu:Created> element specifies a timestamp used to indicate the creation time. It is defined as part of the <wsu:Timestamp> definition.

      The solution - Constants.WSU_NS should be used instead of Constants.WSSE_NS. "Created" element is described in http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd

      In the code org.jboss.ws.extensions.security.element.UsernameToken

      "Created" element is recived via:
      Iterator<Element> itCreated = DOMUtils.getChildElements(element, new QName(Constants.WSSE_NS, "Created"));
      instead it should be:
      Iterator<Element> itCreated = DOMUtils.getChildElements(element, new QName(Constants.WSU_NS, "Created"));

      The same goes for line:
      child = doc.createElementNS(Constants.WSSE_NS, Constants.WSSE_PREFIX + ":" + "Created");
      should be:
      child = doc.createElementNS(Constants.WSU_NS, Constants.WSU_PREFIX + ":" + "Created");

              darran.lofthouse@redhat.com Darran Lofthouse
              mrted_jira MrTed MrTed (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: