xwss
  1. xwss
  2. XWSS-52

WS Security Header not found in Weblogic

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: current
    • Fix Version/s: milestone 1
    • Component/s: www
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      52

      Description

      In com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient class (in xwss
      3.1 FCS), there's a method called cacheHeaders(XMLStreamReader
      reader,Map<String, String> namespaces), which has code below:

      if(reader.getLocalName() == MessageConstants.WSSE_SECURITY_LNAME &&
      reader.getNamespaceURI() == MessageConstants.WSSE_NS){
      ...
      handleSecurityHeader();
      }

      It uses equality operator rather than equals method to compare string values for
      local name and namespace. However, different XMLStreamReader implementations may
      return different results for reader.getLocalName(). If your application doesn't
      provide its own XMLStreamReader implementation and uses the implementation in
      Weblogic 10.3.3.0, reader.getLocalName() will return a String which has
      different id with MessageConstants.WSSE_SECURITY_LNAME. This will lead to the
      failure of equality test and the following security handling failure.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            xwss-issues
            Reporter:
            nybonbon
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: