[CXF-6660] SamlTokenInterceptor Jasypt decryption - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.1.3
Fix Version/s: 3.1.5, 3.0.8
Component/s: JAX-WS Runtime
Labels:
None
Environment:

cxf 3.1.2, wss4j 2.1.2, spring boot 1.2.6

Estimated Complexity:
Unknown

Description

This is happening when using SamlTokenInterceptor to validate the inbound saml token via WS-SecurityPolicy.

It seems that the crypto get back from SamlTokenInterceptor is always having null PasswordEncryptor. The keystore password is not therefore decrypted properly.

SamlTokenInterceptor.java line 320:
crypto = CryptoFactory.getInstance(properties);

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Ethan Ma

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 02/Nov/15 17:45

Updated:: 14/Oct/16 14:15

Resolved:: 02/Nov/15 18:01