xwss
  1. xwss
  2. XWSS-52

WS Security Header not found in Weblogic

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: current
    • Fix Version/s: milestone 1
    • Component/s: www
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      52

      Description

      In com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient class (in xwss
      3.1 FCS), there's a method called cacheHeaders(XMLStreamReader
      reader,Map<String, String> namespaces), which has code below:

      if(reader.getLocalName() == MessageConstants.WSSE_SECURITY_LNAME &&
      reader.getNamespaceURI() == MessageConstants.WSSE_NS){
      ...
      handleSecurityHeader();
      }

      It uses equality operator rather than equals method to compare string values for
      local name and namespace. However, different XMLStreamReader implementations may
      return different results for reader.getLocalName(). If your application doesn't
      provide its own XMLStreamReader implementation and uses the implementation in
      Weblogic 10.3.3.0, reader.getLocalName() will return a String which has
      different id with MessageConstants.WSSE_SECURITY_LNAME. This will lead to the
      failure of equality test and the following security handling failure.

        Activity

        nybonbon created issue -
        Hide
        sm228678 added a comment -

        fixed !!

        Show
        sm228678 added a comment - fixed !!
        kenaiadmin made changes -
        Field Original Value New Value
        issue.field.bugzillaimportkey 52 24247

          People

          • Assignee:
            xwss-issues
            Reporter:
            nybonbon
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: