Bug 1121223

Summary: [GSS] (6.4.0) [CXF-5892] Ensure EncryptedKey references BinarySecurityToken before it
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Kyle Lape <klape>
Component: Web ServicesAssignee: Alessio Soldano <asoldano>
Status: CLOSED CURRENTRELEASE QA Contact: Rostislav Svoboda <rsvoboda>
Severity: unspecified Docs Contact:
Priority: urgent    
Version: 6.3.0CC: asoldano, bmaxwell, jawilson, jbliznak, kkhan, rsvoboda
Target Milestone: DR10   
Target Release: EAP 6.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
In previous releases of JBoss EAP 6, CXF placed the `BinarySecurityToken` referenced by the EncryptedKey element after the EncryptedKey element when the WSS timestamp was not included in the SOAP message. This could cause receivers that expect the `BinarySecurityToken` referenced by the EncryptedKey to be above the EncryptedKey element to fail as they had not processed the `BinarySecurityToken` when attempting to look it up while processing the EncryptedKey element. This issue has been resolved by moving the BinarySecurityToken higher in the SOAP message. Now `EncryptedKey` elements always reference `BinarySecurityTokens` that have already been found while parsing the SOAP message.
Story Points: ---
Clone Of: 1115215
: 1121227 (view as bug list) Environment:
Last Closed: 2019-08-02 07:30:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 1115213, 1121227, 1153972    

Comment 7 Kabir Khan 2014-11-10 18:32:19 UTC
See component upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1153972#c2 for explanation of why the upgrade was reverted and this BZ is set back to ASSIGNED

Comment 8 Jan Blizňák 2014-11-18 12:42:00 UTC
Verified on 6.4.0.DR10