Uploaded image for project: 'JBoss Web Services'
  1. JBoss Web Services
  2. JBWS-3014

JBossWS does not decode Nonce

    XMLWordPrintable

Details

    Description

      I am filing this bug after discussing http://community.jboss.org/message/540669

      Nonce is not decoded when encoding type is Base64.

      UsernameToken has this piece of code:
      String encodingType = elem.getAttribute("EncodingType");
      if (encodingType != null && encodingType.length() > 0 && !Constants.BASE64_ENCODING_TYPE.equalsIgnoreCase(encodingType))
      throw new WSSecurityException("Unsupported nonce encoding type: " + encodingType);

      encodingType is not used anywhere else.

      In UsernameTokenCallback.java there is the need to decode nonce, so, something like:

      String nonce = (String)info.getInfo(NONCE);
      if (nonce != null) {
      try

      { digest.update(new BASE64Decoder().decodeBuffer(nonce)); }

      catch (IOException e)

      { // ignore exceptions }

      }

      need to be added to UsernameTokenCallback.java

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBPAPP-6186 JBossWS does not decode Nonce

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. JBPAPP-6186 JBossWS does not decode Nonce

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. JBPAPP-4447 JBossWS - Add support for digest + nonces

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBWS-2640 UsernameToken does not correctly handle "Created" element from wsse:Security soap header

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              romanojb Romano Silva (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: