-
Bug
-
Resolution: Done
-
Major
-
jbossws-native-3.1.1
UsernameToken does not correctly handle "Created" element from wsse:Security soap header.
Oasis standard describes "Created" element in the following way:
/wsse:UsernameToken/wsu:Created
The optional <wsu:Created> element specifies a timestamp used to indicate the creation time. It is defined as part of the <wsu:Timestamp> definition.
The solution - Constants.WSU_NS should be used instead of Constants.WSSE_NS. "Created" element is described in http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
In the code org.jboss.ws.extensions.security.element.UsernameToken
"Created" element is recived via:
Iterator<Element> itCreated = DOMUtils.getChildElements(element, new QName(Constants.WSSE_NS, "Created"));
instead it should be:
Iterator<Element> itCreated = DOMUtils.getChildElements(element, new QName(Constants.WSU_NS, "Created"));
The same goes for line:
child = doc.createElementNS(Constants.WSSE_NS, Constants.WSSE_PREFIX + ":" + "Created");
should be:
child = doc.createElementNS(Constants.WSU_NS, Constants.WSU_PREFIX + ":" + "Created");
- is incorporated by
-
JBPAPP-4525 JBossWS - Created element within UsernameToken uses wsse namespace instead of wsu namespace
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
