Bug 1121223 - [GSS] (6.4.0) [CXF-5892] Ensure EncryptedKey references BinarySecurityToken before it
Summary: [GSS] (6.4.0) [CXF-5892] Ensure EncryptedKey references BinarySecurityToken b...
Status: VERIFIED
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Services
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
urgent
unspecified
Target Milestone: DR10
: EAP 6.4.0
Assignee: Alessio Soldano
QA Contact: Rostislav Svoboda
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1115213 1121227 1153972
TreeView+ depends on / blocked
 
Reported: 2014-07-18 16:51 UTC by Kyle Lape
Modified: 2019-03-19 21:36 UTC (History)
6 users (show)

(edit)
In previous releases of JBoss EAP 6, CXF placed the `BinarySecurityToken` referenced by the EncryptedKey element after the EncryptedKey element when the WSS timestamp was not included in the SOAP message.

This could cause receivers that expect the `BinarySecurityToken` referenced by the EncryptedKey to be above the EncryptedKey element to fail as they had not processed the `BinarySecurityToken` when attempting to look it up while processing the EncryptedKey element.

This issue has been resolved by moving the BinarySecurityToken higher in the SOAP message. Now `EncryptedKey` elements always reference `BinarySecurityTokens` that have already been found while parsing the SOAP message.
Clone Of: 1115215
: 1121227 (view as bug list)
(edit)
Last Closed:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache JIRA CXF-5892 None None None Never

Comment 7 Kabir Khan 2014-11-10 18:32:19 UTC
See component upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1153972#c2 for explanation of why the upgrade was reverted and this BZ is set back to ASSIGNED

Comment 8 Jan Blizňák 2014-11-18 12:42:00 UTC
Verified on 6.4.0.DR10


Note You need to log in before you can comment on or make changes to this bug.