|

»

»

[jira] Created: (CXF-2525) Bug in TokenStoreCallbackHandler

View: New views

3 Messages — Rating Filter: Alert me

	[jira] Created: (CXF-2525) Bug in TokenStoreCallbackHandler by JIRA jira@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Bug in TokenStoreCallbackHandler -------------------------------- Key: CXF-2525 URL: https://issues.apache.org/jira/browse/CXF-2525 Project: CXF Issue Type: Bug Components: WS-* Components Affects Versions: 2.2.4, 2.1.7 Reporter: Colm O hEigeartaigh Priority: Minor Fix For: 2.1.8, 2.2.5, 2.3 There's a bug in WSS4JInInterceptor.TokenStoreCallbackHandler which manifests itself in Secure Conversation under certain circumstances. When CXF issues a SecurityContextToken it includes a wst:RequestedAttachedReference, however other stacks only return a SecurityContextToken. When trying to retrieve the SecurityContextToken in SecurityTokenReference in WSS4J it calls the TokenStoreCallbackHandler, which sets: pc.setCustomToken(tok.getAttachedReference()); If there is no attached reference as in this scenario, the custom token is set to null and ends up causing an error in WSS4J. The correct fix is to call: pc.setCustomToken(tok.getToken()); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
	[jira] Updated: (CXF-2525) Bug in TokenStoreCallbackHandler by JIRA jira@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message [ https://issues.apache.org/jira/browse/CXF-2525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CXF-2525: ------------------------------------- Attachment: cxf-2525.patch A patch against 2.2.x-fixes. > Bug in TokenStoreCallbackHandler > -------------------------------- > > Key: CXF-2525 > URL: https://issues.apache.org/jira/browse/CXF-2525 > Project: CXF > Issue Type: Bug > Components: WS-* Components > Affects Versions: 2.1.7, 2.2.4 > Reporter: Colm O hEigeartaigh > Priority: Minor > Fix For: 2.1.8, 2.2.5, 2.3 > > Attachments: cxf-2525.patch > > > There's a bug in WSS4JInInterceptor.TokenStoreCallbackHandler which manifests itself in Secure Conversation under certain circumstances. > When CXF issues a SecurityContextToken it includes a wst:RequestedAttachedReference, however other stacks only return a SecurityContextToken. When trying to retrieve the SecurityContextToken in SecurityTokenReference in WSS4J it calls the TokenStoreCallbackHandler, which sets: > pc.setCustomToken(tok.getAttachedReference()); > If there is no attached reference as in this scenario, the custom token is set to null and ends up causing an error in WSS4J. The correct fix is to call: > pc.setCustomToken(tok.getToken()); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
	[jira] Resolved: (CXF-2525) Bug in TokenStoreCallbackHandler by JIRA jira@apache.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message [ https://issues.apache.org/jira/browse/CXF-2525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel Kulp resolved CXF-2525. ------------------------------ Resolution: Fixed Assignee: Daniel Kulp > Bug in TokenStoreCallbackHandler > -------------------------------- > > Key: CXF-2525 > URL: https://issues.apache.org/jira/browse/CXF-2525 > Project: CXF > Issue Type: Bug > Components: WS-* Components > Affects Versions: 2.1.7, 2.2.4 > Reporter: Colm O hEigeartaigh > Assignee: Daniel Kulp > Priority: Minor > Fix For: 2.1.8, 2.2.5, 2.3 > > Attachments: cxf-2525.patch > > > There's a bug in WSS4JInInterceptor.TokenStoreCallbackHandler which manifests itself in Secure Conversation under certain circumstances. > When CXF issues a SecurityContextToken it includes a wst:RequestedAttachedReference, however other stacks only return a SecurityContextToken. When trying to retrieve the SecurityContextToken in SecurityTokenReference in WSS4J it calls the TokenStoreCallbackHandler, which sets: > pc.setCustomToken(tok.getAttachedReference()); > If there is no attached reference as in this scenario, the custom token is set to null and ends up causing an error in WSS4J. The correct fix is to call: > pc.setCustomToken(tok.getToken()); -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.