Bug 1121223 - [GSS] (6.4.0) [CXF-5892] Ensure EncryptedKey references BinarySecurityToken before it
Summary: [GSS] (6.4.0) [CXF-5892] Ensure EncryptedKey references BinarySecurityToken b...
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Services
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: DR10
: EAP 6.4.0
Assignee: Alessio Soldano
QA Contact: Rostislav Svoboda
Depends On:
Blocks: 1115213 1121227 1153972
TreeView+ depends on / blocked
Reported: 2014-07-18 16:51 UTC by Kyle Lape
Modified: 2019-08-02 07:30 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous releases of JBoss EAP 6, CXF placed the `BinarySecurityToken` referenced by the EncryptedKey element after the EncryptedKey element when the WSS timestamp was not included in the SOAP message. This could cause receivers that expect the `BinarySecurityToken` referenced by the EncryptedKey to be above the EncryptedKey element to fail as they had not processed the `BinarySecurityToken` when attempting to look it up while processing the EncryptedKey element. This issue has been resolved by moving the BinarySecurityToken higher in the SOAP message. Now `EncryptedKey` elements always reference `BinarySecurityTokens` that have already been found while parsing the SOAP message.
Clone Of: 1115215
: 1121227 (view as bug list)
Last Closed: 2019-08-02 07:30:41 UTC
Type: Bug

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Apache JIRA CXF-5892 0 None None None Never

Comment 7 Kabir Khan 2014-11-10 18:32:19 UTC
See component upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1153972#c2 for explanation of why the upgrade was reverted and this BZ is set back to ASSIGNED

Comment 8 Jan Blizňák 2014-11-18 12:42:00 UTC
Verified on 6.4.0.DR10

Note You need to log in before you can comment on or make changes to this bug.