[CXF-2525] Bug in TokenStoreCallbackHandler - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.1.7, 2.2.4
Fix Version/s: 2.1.8, 2.2.5, 2.3
Component/s: WS-* Components
Labels:
None

Description

There's a bug in WSS4JInInterceptor.TokenStoreCallbackHandler which manifests itself in Secure Conversation under certain circumstances.

When CXF issues a SecurityContextToken it includes a wst:RequestedAttachedReference, however other stacks only return a SecurityContextToken. When trying to retrieve the SecurityContextToken in SecurityTokenReference in WSS4J it calls the TokenStoreCallbackHandler, which sets:

pc.setCustomToken(tok.getAttachedReference());

If there is no attached reference as in this scenario, the custom token is set to null and ends up causing an error in WSS4J. The correct fix is to call:

pc.setCustomToken(tok.getToken());

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

cxf-2525.patch
06/Nov/09 15:54
0.7 kB
Colm O hEigeartaigh

Activity

People

Assignee:: Daniel Kulp

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 06/Nov/09 15:46

Updated:: 04/Dec/09 22:34

Resolved:: 10/Nov/09 16:22