Bug 779089 (SOA-1488)

Summary: WSSecurityInfoExtractor gets confused over SOAP header element named 'UserName'
Product: [JBoss] JBoss Enterprise SOA Platform 4 Reporter: Kevin Conner <kevin.conner>
Component: JBossESBAssignee: Kevin Conner <kevin.conner>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 4.3 CP01   
Target Milestone: ---   
Target Release: 4.3 CP02   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/SOA-1488
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-21 14:08:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Kevin Conner 2009-09-11 14:30:00 UTC 
Date of First Response: 2009-09-21 10:08:02
project_key: SOA
Comment 1 Kevin Conner 2009-09-11 14:30:21 UTC 
Link: Added: This issue depends JBESB-2816
Comment 2 Kevin Conner 2009-09-16 10:15:48 UTC 
This issue refers to the existence of UserName elements within the SOAP message, as they were being processed regardless of whether they were the correct element (location or namespace).

The example used in the issue is the following

<?xml version="1.0"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
  <S:Header>
    <RequestHeader xmlns="...">
      <UserName>johndoe</UserName>
      <HostName>xx123</HostName>
      <Timestamp>2009-09-09T07:22:04.706Z</Timestamp>
    </RequestHeader>
  </S:Header>
  <S:Body>
  ...
  <S:Body>
<S:Envelope> 

Where johndoe was being populated in error.
Comment 3 Jiri Pechanec 2009-09-21 14:08:02 UTC 
Verified in CR4
Comment 4 Dana Mison 2009-09-25 01:27:53 UTC 
added to 4.3.CP02 release notes as resolved:

JBESB-2816
SOAP messages that contained a <UserName> element in addition to the <UserName> child element of <UserNameToken> could fail to be delivered.  This was due to WSSecurityInfoExtractor not verifying the location and namespace of the <UserName> element.  WSSecurityInfoExtractor now only uses the <UserName> element contained in <UserNameToken> for obtaining this WS-Security field.