[XWSS-52] WS Security Header not found in Weblogic Created: 11/Aug/10  Updated: 06/Oct/10  Resolved: 06/Oct/10

Status: Resolved
Project: xwss
Component/s: www
Affects Version/s: current
Fix Version/s: milestone 1

Type: Bug Priority: Major
Reporter: nybonbon Assignee: xwss-issues
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All


Issuezilla Id: 52

 Description   

In com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient class (in xwss
3.1 FCS), there's a method called cacheHeaders(XMLStreamReader
reader,Map<String, String> namespaces), which has code below:

if(reader.getLocalName() == MessageConstants.WSSE_SECURITY_LNAME &&
reader.getNamespaceURI() == MessageConstants.WSSE_NS){
...
handleSecurityHeader();
}

It uses equality operator rather than equals method to compare string values for
local name and namespace. However, different XMLStreamReader implementations may
return different results for reader.getLocalName(). If your application doesn't
provide its own XMLStreamReader implementation and uses the implementation in
Weblogic 10.3.3.0, reader.getLocalName() will return a String which has
different id with MessageConstants.WSSE_SECURITY_LNAME. This will lead to the
failure of equality test and the following security handling failure.



 Comments   
Comment by sm228678 [ 06/Oct/10 ]

fixed !!

Generated at Sun Feb 14 00:14:04 UTC 2016 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.