[XWSS-52] WS Security Header not found in Weblogic Created: 11/Aug/10  Updated: 06/Oct/10  Resolved: 06/Oct/10

Status: Resolved
Project: xwss
Component/s: www
Affects Version/s: current
Fix Version/s: milestone 1

Type: Bug Priority: Major
Reporter: nybonbon Assignee: xwss-issues
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: All
Platform: All

Issuezilla Id: 52


In com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient class (in xwss
3.1 FCS), there's a method called cacheHeaders(XMLStreamReader
reader,Map<String, String> namespaces), which has code below:

if(reader.getLocalName() == MessageConstants.WSSE_SECURITY_LNAME &&
reader.getNamespaceURI() == MessageConstants.WSSE_NS){

It uses equality operator rather than equals method to compare string values for
local name and namespace. However, different XMLStreamReader implementations may
return different results for reader.getLocalName(). If your application doesn't
provide its own XMLStreamReader implementation and uses the implementation in
Weblogic, reader.getLocalName() will return a String which has
different id with MessageConstants.WSSE_SECURITY_LNAME. This will lead to the
failure of equality test and the following security handling failure.

Comment by sm228678 [ 06/Oct/10 ]

fixed !!

Generated at Wed Sep 28 20:10:50 UTC 2016 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.